SlideShare une entreprise Scribd logo

Interoperability, Standards and Cybersecurity: A Business Perspective

EnergySec
EnergySec
TechnologieBusiness
1  sur  10
Interoperability, Standards and Cyber-Security: A Business Perspective Patrick C Miller, President and CEO April 21 2011 Innotech Smart Grid Oregon Pacific NW Smart Grid Trade Show and Conference
Interoperability • Goal: “electron flocking” (e-flocking) • Current approach may be too prescriptive • $10K per seat may be a barrier • No real consensus at this time • Potentially unbalanced voting process • EEI feels the industry is being “marginalized” • Not ready for adoption at this time; but when? The National Electric Sector Cybersecurity Organization (NESCO) is a DOE-funded EnergySec Program 1
Standards • FERC/PUC lines are not clear • NARUC wants backward compatibility • Many state commissions do not have expertise or sufficient staff to deal with the smart grid wave • California PUC is not waiting for Federal standards • Utilities are moving forward, but inconsistently • Suffering from standard fatigue The National Electric Sector Cybersecurity Organization (NESCO) is a DOE-funded EnergySec Program 2
Cybersecurity Landscape • Security approaches favor new installations, legacy environments are still vulnerable • Very difficult to replace/patch in-service devices • Isolation has diminishing security value • Security products vs. buying secure products • Engineering (N-1) and Security are different – Nature may be sophisticated, but it isn’t malicious • Hackers don’t use a compliance checklist – Following a compliance checklist won’t make you secure The National Electric Sector Cybersecurity Organization (NESCO) is a DOE-funded EnergySec Program 3
Cybersecurity Landscape • Mixing legacy and bleeding edge tech is difficult • Logical distance between kinetic endpoint and HMI is exponentially increasing; “hyperembeddedness” • Many vendors are forced to put features ahead of security due to market conditions • Privacy and security will be dominant forces in the smart grid market • Sufficient motive, means and opportunity exist to take the threat seriously The National Electric Sector Cybersecurity Organization (NESCO) is a DOE-funded EnergySec Program 4
TwitBookBlogosphere The National Electric Sector Cybersecurity Organization (NESCO) is a DOE-funded EnergySec Program 5
Research and Disclosure 46 zero-day SCADA vulnerabilities issued a two-week span The National Electric Sector Cybersecurity Organization (NESCO) is a DOE-funded EnergySec Program 6
Smart Grid Development • Security Considerations – Get off of the innovation treadmill (see: Apple) – Code review: meters, aggregators, upstream – Crypto: transit, rest, key management – Message authentication: learn from EAI models – Patching – Supply chain: hardware, software, people – Physical access – Vulnerability management The National Electric Sector Cybersecurity Organization (NESCO) is a DOE-funded EnergySec Program 7
Smart Grid Development • Privacy Considerations – Legal implications – Tin foil hat club – Must have vs. nice to have – Opt in vs. opt out vs. no option – Information is a commodity; ethics matter The National Electric Sector Cybersecurity Organization (NESCO) is a DOE-funded EnergySec Program 8
Questions? Non-profit. Independent. Trusted. Patrick C Miller, President and CEO patrick@energysec.org 503-446-1212 The National Electric Sector Cybersecurity Organization (NESCO) is a DOE-funded EnergySec Program 9

Recommandé

Emerson Ovation User Group BOD Meeting
Emerson Ovation User Group BOD MeetingEmerson Ovation User Group BOD Meeting
Emerson Ovation User Group BOD Meeting
EnergySec
 
Managing Complexity in a World of Surprise David L. Alderson, PhD
Managing Complexity in a World of Surprise David L. Alderson, PhDManaging Complexity in a World of Surprise David L. Alderson, PhD
Managing Complexity in a World of Surprise David L. Alderson, PhD
PacificResearchPlatform
 
TIPPSS for Enabling & Securing our Increasingly Connected World – Trust, Iden...
TIPPSS for Enabling & Securing our Increasingly Connected World – Trust, Iden...TIPPSS for Enabling & Securing our Increasingly Connected World – Trust, Iden...
TIPPSS for Enabling & Securing our Increasingly Connected World – Trust, Iden...
PacificResearchPlatform
 
Securing Research Data: A Workshop on Emerging Practices in Computation and S...
Securing Research Data: A Workshop on Emerging Practices in Computation and S...Securing Research Data: A Workshop on Emerging Practices in Computation and S...
Securing Research Data: A Workshop on Emerging Practices in Computation and S...
PacificResearchPlatform
 
The Internet of Things (IoT)
The Internet of Things (IoT)The Internet of Things (IoT)
The Internet of Things (IoT)
Dadhaniya Renish
 
Security and Privacy in IoT and Cyber-physical Systems
Security and Privacy in IoT and Cyber-physical SystemsSecurity and Privacy in IoT and Cyber-physical Systems
Security and Privacy in IoT and Cyber-physical Systems
Bob Marcus
 
Panel 3: Security and Privacy in Practice
Panel 3: Security and Privacy in PracticePanel 3: Security and Privacy in Practice
Panel 3: Security and Privacy in Practice
PacificResearchPlatform
 
Different applications and security concerns in Iot by Jatin Akad
Different applications and security concerns in Iot by Jatin AkadDifferent applications and security concerns in Iot by Jatin Akad
Different applications and security concerns in Iot by Jatin Akad
Jatin Akar
 

Recommandé

Emerson Ovation User Group BOD Meeting
Emerson Ovation User Group BOD MeetingEmerson Ovation User Group BOD Meeting
Emerson Ovation User Group BOD Meeting
EnergySec
 
Managing Complexity in a World of Surprise David L. Alderson, PhD
Managing Complexity in a World of Surprise David L. Alderson, PhDManaging Complexity in a World of Surprise David L. Alderson, PhD
Managing Complexity in a World of Surprise David L. Alderson, PhD
PacificResearchPlatform
 
TIPPSS for Enabling & Securing our Increasingly Connected World – Trust, Iden...
TIPPSS for Enabling & Securing our Increasingly Connected World – Trust, Iden...TIPPSS for Enabling & Securing our Increasingly Connected World – Trust, Iden...
TIPPSS for Enabling & Securing our Increasingly Connected World – Trust, Iden...
PacificResearchPlatform
 
Securing Research Data: A Workshop on Emerging Practices in Computation and S...
Securing Research Data: A Workshop on Emerging Practices in Computation and S...Securing Research Data: A Workshop on Emerging Practices in Computation and S...
Securing Research Data: A Workshop on Emerging Practices in Computation and S...
PacificResearchPlatform
 
The Internet of Things (IoT)
The Internet of Things (IoT)The Internet of Things (IoT)
The Internet of Things (IoT)
Dadhaniya Renish
 
Security and Privacy in IoT and Cyber-physical Systems
Security and Privacy in IoT and Cyber-physical SystemsSecurity and Privacy in IoT and Cyber-physical Systems
Security and Privacy in IoT and Cyber-physical Systems
Bob Marcus
 
Panel 3: Security and Privacy in Practice
Panel 3: Security and Privacy in PracticePanel 3: Security and Privacy in Practice
Panel 3: Security and Privacy in Practice
PacificResearchPlatform
 
Different applications and security concerns in Iot by Jatin Akad
Different applications and security concerns in Iot by Jatin AkadDifferent applications and security concerns in Iot by Jatin Akad
Different applications and security concerns in Iot by Jatin Akad
Jatin Akar
 
Presentasi ftii intlcyberlaw
Presentasi ftii intlcyberlawPresentasi ftii intlcyberlaw
Presentasi ftii intlcyberlaw
Rizkiawan Achadi
 
Scrubbing Your Active Directory Squeaky Clean
Scrubbing Your Active Directory Squeaky CleanScrubbing Your Active Directory Squeaky Clean
Scrubbing Your Active Directory Squeaky Clean
NetIQ
 
TAC Subscription Webinar
TAC Subscription WebinarTAC Subscription Webinar
TAC Subscription Webinar
EnergySec
 
Ann ackaert - handle with ecare: 5 years of ict research in the homecare envi...
Ann ackaert - handle with ecare: 5 years of ict research in the homecare envi...Ann ackaert - handle with ecare: 5 years of ict research in the homecare envi...
Ann ackaert - handle with ecare: 5 years of ict research in the homecare envi...
imec.archive
 
Building A Cloud-Ready Security Program
Building A Cloud-Ready Security ProgramBuilding A Cloud-Ready Security Program
Building A Cloud-Ready Security Program
NetIQ
 
Closing the Loop - From Citizen Sensing to Citizen Actuation
Closing the Loop - From Citizen Sensing to Citizen ActuationClosing the Loop - From Citizen Sensing to Citizen Actuation
Closing the Loop - From Citizen Sensing to Citizen Actuation
David Crowley
 
ARC's Bob Mick Cyber Security Presentation @ ARC Industry Forum 2010
ARC's Bob Mick Cyber Security Presentation @ ARC Industry Forum 2010ARC's Bob Mick Cyber Security Presentation @ ARC Industry Forum 2010
ARC's Bob Mick Cyber Security Presentation @ ARC Industry Forum 2010
ARC Advisory Group
 
ARI2132 lecture1
ARI2132 lecture1ARI2132 lecture1
ARI2132 lecture1
Vanessa Camilleri
 
Internet of Everything
Internet of EverythingInternet of Everything
Internet of Everything
Shubham Vyas
 
The Internet Of Things
The Internet Of ThingsThe Internet Of Things
The Internet Of Things
Shivangi Dubey
 
IoTA : Where IoT Meets Social Network
IoTA : Where IoT Meets Social NetworkIoTA : Where IoT Meets Social Network
IoTA : Where IoT Meets Social Network
Setareh Sarachi, MSc.
 
Security and Privacy Challenges for IoT
Security and Privacy Challenges for IoTSecurity and Privacy Challenges for IoT
Security and Privacy Challenges for IoT
Jason Hong
 
How We Will Fail in Privacy and Ethics for the Emerging Internet of Things
How We Will Fail in Privacy and Ethics for the Emerging Internet of ThingsHow We Will Fail in Privacy and Ethics for the Emerging Internet of Things
How We Will Fail in Privacy and Ethics for the Emerging Internet of Things
Jason Hong
 
Advanced threat protection and big data
Advanced threat protection and big dataAdvanced threat protection and big data
Advanced threat protection and big data
Peter Wood
 
Dr Dev Kambhampati | Strategic Principles for Securing the Internet of Things...
Dr Dev Kambhampati | Strategic Principles for Securing the Internet of Things...Dr Dev Kambhampati | Strategic Principles for Securing the Internet of Things...
Dr Dev Kambhampati | Strategic Principles for Securing the Internet of Things...
Dr Dev Kambhampati
 
An IOT Based Low Power Health Monitoring with Active Personal Assistance
An IOT Based Low Power Health Monitoring with Active Personal AssistanceAn IOT Based Low Power Health Monitoring with Active Personal Assistance
An IOT Based Low Power Health Monitoring with Active Personal Assistance
ijtsrd
 
Presentasi ftii intlcyberlaw
Presentasi ftii intlcyberlawPresentasi ftii intlcyberlaw
Presentasi ftii intlcyberlaw
ftii
 
Starting From Scratch - the ELN Reality
Starting From Scratch - the ELN RealityStarting From Scratch - the ELN Reality
Starting From Scratch - the ELN Reality
John Trigg
 
PEoPLe@DEIB + Sport && Wellness Hackathon @ ACSO
PEoPLe@DEIB + Sport && Wellness Hackathon @ ACSOPEoPLe@DEIB + Sport && Wellness Hackathon @ ACSO
PEoPLe@DEIB + Sport && Wellness Hackathon @ ACSO
NECST Lab @ Politecnico di Milano
 
Project center in trichy @ieee 2016 17 titles for java and dotnet
Project center in trichy @ieee 2016 17 titles for java and dotnetProject center in trichy @ieee 2016 17 titles for java and dotnet
Project center in trichy @ieee 2016 17 titles for java and dotnet
TripleN Infotech
 
Fösica andalucöa 1
Fösica andalucöa 1Fösica andalucöa 1
Fösica andalucöa 1
ivaanmd98
 
Unit 4
Unit 4Unit 4
Unit 4
Mayra Alejandra Banda Lozano
 

Contenu connexe

Tendances

Presentasi ftii intlcyberlaw
Presentasi ftii intlcyberlawPresentasi ftii intlcyberlaw
Presentasi ftii intlcyberlaw
Rizkiawan Achadi
 
TAC Subscription Webinar
TAC Subscription WebinarTAC Subscription Webinar
TAC Subscription Webinar
EnergySec
 
Ann ackaert - handle with ecare: 5 years of ict research in the homecare envi...
Ann ackaert - handle with ecare: 5 years of ict research in the homecare envi...Ann ackaert - handle with ecare: 5 years of ict research in the homecare envi...
Ann ackaert - handle with ecare: 5 years of ict research in the homecare envi...
imec.archive
 
How We Will Fail in Privacy and Ethics for the Emerging Internet of Things
How We Will Fail in Privacy and Ethics for the Emerging Internet of ThingsHow We Will Fail in Privacy and Ethics for the Emerging Internet of Things
How We Will Fail in Privacy and Ethics for the Emerging Internet of Things
Jason Hong
 
An IOT Based Low Power Health Monitoring with Active Personal Assistance
An IOT Based Low Power Health Monitoring with Active Personal AssistanceAn IOT Based Low Power Health Monitoring with Active Personal Assistance
An IOT Based Low Power Health Monitoring with Active Personal Assistance
ijtsrd
 
Presentasi ftii intlcyberlaw
Presentasi ftii intlcyberlawPresentasi ftii intlcyberlaw
Presentasi ftii intlcyberlaw
ftii
 

Tendances (19)

Presentasi ftii intlcyberlaw
Presentasi ftii intlcyberlawPresentasi ftii intlcyberlaw
Presentasi ftii intlcyberlaw
 
Scrubbing Your Active Directory Squeaky Clean
Scrubbing Your Active Directory Squeaky CleanScrubbing Your Active Directory Squeaky Clean
Scrubbing Your Active Directory Squeaky Clean
 
TAC Subscription Webinar
TAC Subscription WebinarTAC Subscription Webinar
TAC Subscription Webinar
 
Ann ackaert - handle with ecare: 5 years of ict research in the homecare envi...
Ann ackaert - handle with ecare: 5 years of ict research in the homecare envi...Ann ackaert - handle with ecare: 5 years of ict research in the homecare envi...
Ann ackaert - handle with ecare: 5 years of ict research in the homecare envi...
 
Building A Cloud-Ready Security Program
Building A Cloud-Ready Security ProgramBuilding A Cloud-Ready Security Program
Building A Cloud-Ready Security Program
 
Closing the Loop - From Citizen Sensing to Citizen Actuation
Closing the Loop - From Citizen Sensing to Citizen ActuationClosing the Loop - From Citizen Sensing to Citizen Actuation
Closing the Loop - From Citizen Sensing to Citizen Actuation
 
ARC's Bob Mick Cyber Security Presentation @ ARC Industry Forum 2010
ARC's Bob Mick Cyber Security Presentation @ ARC Industry Forum 2010ARC's Bob Mick Cyber Security Presentation @ ARC Industry Forum 2010
ARC's Bob Mick Cyber Security Presentation @ ARC Industry Forum 2010
 
ARI2132 lecture1
ARI2132 lecture1ARI2132 lecture1
ARI2132 lecture1
 
Internet of Everything
Internet of EverythingInternet of Everything
Internet of Everything
 
The Internet Of Things
The Internet Of ThingsThe Internet Of Things
The Internet Of Things
 
IoTA : Where IoT Meets Social Network
IoTA : Where IoT Meets Social NetworkIoTA : Where IoT Meets Social Network
IoTA : Where IoT Meets Social Network
 
Security and Privacy Challenges for IoT
Security and Privacy Challenges for IoTSecurity and Privacy Challenges for IoT
Security and Privacy Challenges for IoT
 
How We Will Fail in Privacy and Ethics for the Emerging Internet of Things
How We Will Fail in Privacy and Ethics for the Emerging Internet of ThingsHow We Will Fail in Privacy and Ethics for the Emerging Internet of Things
How We Will Fail in Privacy and Ethics for the Emerging Internet of Things
 
Advanced threat protection and big data
Advanced threat protection and big dataAdvanced threat protection and big data
Advanced threat protection and big data
 
Dr Dev Kambhampati | Strategic Principles for Securing the Internet of Things...
Dr Dev Kambhampati | Strategic Principles for Securing the Internet of Things...Dr Dev Kambhampati | Strategic Principles for Securing the Internet of Things...
Dr Dev Kambhampati | Strategic Principles for Securing the Internet of Things...
 
An IOT Based Low Power Health Monitoring with Active Personal Assistance
An IOT Based Low Power Health Monitoring with Active Personal AssistanceAn IOT Based Low Power Health Monitoring with Active Personal Assistance
An IOT Based Low Power Health Monitoring with Active Personal Assistance
 
Presentasi ftii intlcyberlaw
Presentasi ftii intlcyberlawPresentasi ftii intlcyberlaw
Presentasi ftii intlcyberlaw
 
Starting From Scratch - the ELN Reality
Starting From Scratch - the ELN RealityStarting From Scratch - the ELN Reality
Starting From Scratch - the ELN Reality
 
PEoPLe@DEIB + Sport && Wellness Hackathon @ ACSO
PEoPLe@DEIB + Sport && Wellness Hackathon @ ACSOPEoPLe@DEIB + Sport && Wellness Hackathon @ ACSO
PEoPLe@DEIB + Sport && Wellness Hackathon @ ACSO
 

En vedette

ISPG-Corporate-Profile-all-products
ISPG-Corporate-Profile-all-productsISPG-Corporate-Profile-all-products
ISPG-Corporate-Profile-all-products
Ajith B. G.
 

En vedette (10)

Project center in trichy @ieee 2016 17 titles for java and dotnet
Project center in trichy @ieee 2016 17 titles for java and dotnetProject center in trichy @ieee 2016 17 titles for java and dotnet
Project center in trichy @ieee 2016 17 titles for java and dotnet
 
Fösica andalucöa 1
Fösica andalucöa 1Fösica andalucöa 1
Fösica andalucöa 1
 
Unit 4
Unit 4Unit 4
Unit 4
 
Resume
ResumeResume
Resume
 
Potential Issues and Backup Plan
Potential Issues and Backup PlanPotential Issues and Backup Plan
Potential Issues and Backup Plan
 
ISPG-Corporate-Profile-all-products
ISPG-Corporate-Profile-all-productsISPG-Corporate-Profile-all-products
ISPG-Corporate-Profile-all-products
 
Press Release
Press ReleasePress Release
Press Release
 
Laia.Ricino
Laia.RicinoLaia.Ricino
Laia.Ricino
 
Aprendiendo De La Naturaleza
Aprendiendo De La NaturalezaAprendiendo De La Naturaleza
Aprendiendo De La Naturaleza
 
Third Quarter 2016 Investor Presentation
Third Quarter 2016 Investor PresentationThird Quarter 2016 Investor Presentation
Third Quarter 2016 Investor Presentation
 

Similaire à Interoperability, Standards and Cybersecurity: A Business Perspective

EISS Cybersecurity Briefing
EISS Cybersecurity BriefingEISS Cybersecurity Briefing
EISS Cybersecurity Briefing
EnergySec
 
NESCO: A Closer Look
NESCO: A Closer LookNESCO: A Closer Look
NESCO: A Closer Look
EnergySec
 
Next Generation Information Sharing For The Electric Sector
Next Generation Information Sharing For The Electric SectorNext Generation Information Sharing For The Electric Sector
Next Generation Information Sharing For The Electric Sector
EnergySec
 
Security From the Ground Up
Security From the Ground UpSecurity From the Ground Up
Security From the Ground Up
EnergySec
 

Similaire à Interoperability, Standards and Cybersecurity: A Business Perspective (20)

The Expanding Web of Cybersecurity Requirements
The Expanding Web of Cybersecurity RequirementsThe Expanding Web of Cybersecurity Requirements
The Expanding Web of Cybersecurity Requirements
 
EISS Cybersecurity Briefing
EISS Cybersecurity BriefingEISS Cybersecurity Briefing
EISS Cybersecurity Briefing
 
NESCO: A Closer Look
NESCO: A Closer LookNESCO: A Closer Look
NESCO: A Closer Look
 
NESCO Overview: Emerson Ovation User Group BOD Meeting
NESCO Overview: Emerson Ovation User Group BOD MeetingNESCO Overview: Emerson Ovation User Group BOD Meeting
NESCO Overview: Emerson Ovation User Group BOD Meeting
 
Next Generation Information Sharing for the Electric Sector
Next Generation Information Sharing for the Electric SectorNext Generation Information Sharing for the Electric Sector
Next Generation Information Sharing for the Electric Sector
 
Next Generation Information Sharing For The Electric Sector
Next Generation Information Sharing For The Electric SectorNext Generation Information Sharing For The Electric Sector
Next Generation Information Sharing For The Electric Sector
 
Don't Get Hacked! Cybersecurity Boot Camp
Don't Get Hacked! Cybersecurity Boot CampDon't Get Hacked! Cybersecurity Boot Camp
Don't Get Hacked! Cybersecurity Boot Camp
 
EnergySec and the NESCO overview
EnergySec and the NESCO overviewEnergySec and the NESCO overview
EnergySec and the NESCO overview
 
Bridging the Gap: Between Operations and IT
Bridging the Gap: Between Operations and ITBridging the Gap: Between Operations and IT
Bridging the Gap: Between Operations and IT
 
EnergySec & NESCO Overview
EnergySec & NESCO OverviewEnergySec & NESCO Overview
EnergySec & NESCO Overview
 
What's "Smart" Got to Do With It?: A technical overview of Advanced Metering ...
What's "Smart" Got to Do With It?: A technical overview of Advanced Metering ...What's "Smart" Got to Do With It?: A technical overview of Advanced Metering ...
What's "Smart" Got to Do With It?: A technical overview of Advanced Metering ...
 
Capstone Paper
Capstone PaperCapstone Paper
Capstone Paper
 
Security of the Electric Grid: It's more than just NERC CIP
Security of the Electric Grid: It's more than just NERC CIPSecurity of the Electric Grid: It's more than just NERC CIP
Security of the Electric Grid: It's more than just NERC CIP
 
Security From the Ground Up
Security From the Ground UpSecurity From the Ground Up
Security From the Ground Up
 
Security From the Ground Up
Security From the Ground UpSecurity From the Ground Up
Security From the Ground Up
 
EnergySec & National Electric Cyber Security Organization (NESCO) Overview by...
EnergySec & National Electric Cyber Security Organization (NESCO) Overview by...EnergySec & National Electric Cyber Security Organization (NESCO) Overview by...
EnergySec & National Electric Cyber Security Organization (NESCO) Overview by...
 
Hype, Hope and Happenstance: Cyber Threats and Opportunities in an Age of Aut...
Hype, Hope and Happenstance: Cyber Threats and Opportunities in an Age of Aut...Hype, Hope and Happenstance: Cyber Threats and Opportunities in an Age of Aut...
Hype, Hope and Happenstance: Cyber Threats and Opportunities in an Age of Aut...
 
2-25-2014 Part 1 - NRECA Kickoff Meeting v2
2-25-2014 Part 1 - NRECA Kickoff Meeting v22-25-2014 Part 1 - NRECA Kickoff Meeting v2
2-25-2014 Part 1 - NRECA Kickoff Meeting v2
 
Nreca kickoff meeting
Nreca kickoff meetingNreca kickoff meeting
Nreca kickoff meeting
 
NESCO Year 2 Overview
NESCO Year 2 OverviewNESCO Year 2 Overview
NESCO Year 2 Overview
 

Plus de EnergySec

Gary Leatherman - A Holistic Approach for Reimagining Cyber Defense
Gary Leatherman - A Holistic Approach for Reimagining Cyber DefenseGary Leatherman - A Holistic Approach for Reimagining Cyber Defense
Gary Leatherman - A Holistic Approach for Reimagining Cyber Defense
EnergySec
 
Slide Griffin - Practical Attacks and Mitigations
Slide Griffin - Practical Attacks and MitigationsSlide Griffin - Practical Attacks and Mitigations
Slide Griffin - Practical Attacks and Mitigations
EnergySec
 
Patrick Miller - Tackling Tomorrow's Biggest Cybersecurity Problems with Real...
Patrick Miller - Tackling Tomorrow's Biggest Cybersecurity Problems with Real...Patrick Miller - Tackling Tomorrow's Biggest Cybersecurity Problems with Real...
Patrick Miller - Tackling Tomorrow's Biggest Cybersecurity Problems with Real...
EnergySec
 
Jack Whitsitt - Yours, Anecdotally
Jack Whitsitt - Yours, AnecdotallyJack Whitsitt - Yours, Anecdotally
Jack Whitsitt - Yours, Anecdotally
EnergySec
 
Steve Parker - The Internet of Everything: Cyber-defense in an Age of Ubiquit...
Steve Parker - The Internet of Everything: Cyber-defense in an Age of Ubiquit...Steve Parker - The Internet of Everything: Cyber-defense in an Age of Ubiquit...
Steve Parker - The Internet of Everything: Cyber-defense in an Age of Ubiquit...
EnergySec
 
Wireless Sensor Networks: Nothing is Out of Reach
Wireless Sensor Networks: Nothing is Out of ReachWireless Sensor Networks: Nothing is Out of Reach
Wireless Sensor Networks: Nothing is Out of Reach
EnergySec
 
Please, Come and Hack my SCADA System!
Please, Come and Hack my SCADA System!Please, Come and Hack my SCADA System!
Please, Come and Hack my SCADA System!
EnergySec
 
Unidirectional Network Architectures
Unidirectional Network ArchitecturesUnidirectional Network Architectures
Unidirectional Network Architectures
EnergySec
 
NERC CIP Version 5 and Beyond – Compliance and the Vendor’s Role
NERC CIP Version 5 and Beyond – Compliance and the Vendor’s RoleNERC CIP Version 5 and Beyond – Compliance and the Vendor’s Role
NERC CIP Version 5 and Beyond – Compliance and the Vendor’s Role
EnergySec
 
Industrial Technology Trajectory: Running With Scissors
Industrial Technology Trajectory: Running With ScissorsIndustrial Technology Trajectory: Running With Scissors
Industrial Technology Trajectory: Running With Scissors
EnergySec
 
The Path to Confident Compliance and the Transition to NERC CIP Version 5 – A...
The Path to Confident Compliance and the Transition to NERC CIP Version 5 – A...The Path to Confident Compliance and the Transition to NERC CIP Version 5 – A...
The Path to Confident Compliance and the Transition to NERC CIP Version 5 – A...
EnergySec
 
ICS Cybersecurity: How to Protect the Proprietary Cyber Assets That Hackers C...
ICS Cybersecurity: How to Protect the Proprietary Cyber Assets That Hackers C...ICS Cybersecurity: How to Protect the Proprietary Cyber Assets That Hackers C...
ICS Cybersecurity: How to Protect the Proprietary Cyber Assets That Hackers C...
EnergySec
 
Where Cyber Security Meets Operational Value
Where Cyber Security Meets Operational ValueWhere Cyber Security Meets Operational Value
Where Cyber Security Meets Operational Value
EnergySec
 
Where Are All The ICS Attacks?
Where Are All The ICS Attacks?Where Are All The ICS Attacks?
Where Are All The ICS Attacks?
EnergySec
 
SAP’s Utilities Roadmap Overview, The Evolution of Regulatory Compliance and ...
SAP’s Utilities Roadmap Overview, The Evolution of Regulatory Compliance and ...SAP’s Utilities Roadmap Overview, The Evolution of Regulatory Compliance and ...
SAP’s Utilities Roadmap Overview, The Evolution of Regulatory Compliance and ...
EnergySec
 

Plus de EnergySec (20)

Gary Leatherman - A Holistic Approach for Reimagining Cyber Defense
Gary Leatherman - A Holistic Approach for Reimagining Cyber DefenseGary Leatherman - A Holistic Approach for Reimagining Cyber Defense
Gary Leatherman - A Holistic Approach for Reimagining Cyber Defense
 
Slide Griffin - Practical Attacks and Mitigations
Slide Griffin - Practical Attacks and MitigationsSlide Griffin - Practical Attacks and Mitigations
Slide Griffin - Practical Attacks and Mitigations
 
Patrick Miller - Tackling Tomorrow's Biggest Cybersecurity Problems with Real...
Patrick Miller - Tackling Tomorrow's Biggest Cybersecurity Problems with Real...Patrick Miller - Tackling Tomorrow's Biggest Cybersecurity Problems with Real...
Patrick Miller - Tackling Tomorrow's Biggest Cybersecurity Problems with Real...
 
Jack Whitsitt - Yours, Anecdotally
Jack Whitsitt - Yours, AnecdotallyJack Whitsitt - Yours, Anecdotally
Jack Whitsitt - Yours, Anecdotally
 
Steve Parker - The Internet of Everything: Cyber-defense in an Age of Ubiquit...
Steve Parker - The Internet of Everything: Cyber-defense in an Age of Ubiquit...Steve Parker - The Internet of Everything: Cyber-defense in an Age of Ubiquit...
Steve Parker - The Internet of Everything: Cyber-defense in an Age of Ubiquit...
 
Daniel Lance - What "You've Got Mail" Taught Me About Cyber Security
Daniel Lance - What "You've Got Mail" Taught Me About Cyber SecurityDaniel Lance - What "You've Got Mail" Taught Me About Cyber Security
Daniel Lance - What "You've Got Mail" Taught Me About Cyber Security
 
Lessons Learned For NERC CIPv5 Compliance & Configuration Change Management
Lessons Learned For NERC CIPv5 Compliance & Configuration Change ManagementLessons Learned For NERC CIPv5 Compliance & Configuration Change Management
Lessons Learned For NERC CIPv5 Compliance & Configuration Change Management
 
Explore the Implicit Requirements of the NERC CIP RSAWs
Explore the Implicit Requirements of the NERC CIP RSAWsExplore the Implicit Requirements of the NERC CIP RSAWs
Explore the Implicit Requirements of the NERC CIP RSAWs
 
Wireless Sensor Networks: Nothing is Out of Reach
Wireless Sensor Networks: Nothing is Out of ReachWireless Sensor Networks: Nothing is Out of Reach
Wireless Sensor Networks: Nothing is Out of Reach
 
Please, Come and Hack my SCADA System!
Please, Come and Hack my SCADA System!Please, Come and Hack my SCADA System!
Please, Come and Hack my SCADA System!
 
Unidirectional Network Architectures
Unidirectional Network ArchitecturesUnidirectional Network Architectures
Unidirectional Network Architectures
 
NERC CIP Version 5 and Beyond – Compliance and the Vendor’s Role
NERC CIP Version 5 and Beyond – Compliance and the Vendor’s RoleNERC CIP Version 5 and Beyond – Compliance and the Vendor’s Role
NERC CIP Version 5 and Beyond – Compliance and the Vendor’s Role
 
Industrial Technology Trajectory: Running With Scissors
Industrial Technology Trajectory: Running With ScissorsIndustrial Technology Trajectory: Running With Scissors
Industrial Technology Trajectory: Running With Scissors
 
The Path to Confident Compliance and the Transition to NERC CIP Version 5 – A...
The Path to Confident Compliance and the Transition to NERC CIP Version 5 – A...The Path to Confident Compliance and the Transition to NERC CIP Version 5 – A...
The Path to Confident Compliance and the Transition to NERC CIP Version 5 – A...
 
ICS Cybersecurity: How to Protect the Proprietary Cyber Assets That Hackers C...
ICS Cybersecurity: How to Protect the Proprietary Cyber Assets That Hackers C...ICS Cybersecurity: How to Protect the Proprietary Cyber Assets That Hackers C...
ICS Cybersecurity: How to Protect the Proprietary Cyber Assets That Hackers C...
 
Where Cyber Security Meets Operational Value
Where Cyber Security Meets Operational ValueWhere Cyber Security Meets Operational Value
Where Cyber Security Meets Operational Value
 
Where Are All The ICS Attacks?
Where Are All The ICS Attacks?Where Are All The ICS Attacks?
Where Are All The ICS Attacks?
 
SAP’s Utilities Roadmap Overview, The Evolution of Regulatory Compliance and ...
SAP’s Utilities Roadmap Overview, The Evolution of Regulatory Compliance and ...SAP’s Utilities Roadmap Overview, The Evolution of Regulatory Compliance and ...
SAP’s Utilities Roadmap Overview, The Evolution of Regulatory Compliance and ...
 
Industry Reliability and Security Standards Working Together
Industry Reliability and Security Standards Working TogetherIndustry Reliability and Security Standards Working Together
Industry Reliability and Security Standards Working Together
 
What the Department of Defense and Energy Sector Can Learn from Each Other
What the Department of Defense and Energy Sector Can Learn from Each OtherWhat the Department of Defense and Energy Sector Can Learn from Each Other
What the Department of Defense and Energy Sector Can Learn from Each Other
 

Dernier

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
Overkill Security
 

Dernier (20)

Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu SubbuApidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 

Interoperability, Standards and Cybersecurity: A Business Perspective

  • 1. Interoperability, Standards and Cyber-Security: A Business Perspective Patrick C Miller, President and CEO April 21 2011 Innotech Smart Grid Oregon Pacific NW Smart Grid Trade Show and Conference
  • 2. Interoperability • Goal: “electron flocking” (e-flocking) • Current approach may be too prescriptive • $10K per seat may be a barrier • No real consensus at this time • Potentially unbalanced voting process • EEI feels the industry is being “marginalized” • Not ready for adoption at this time; but when? The National Electric Sector Cybersecurity Organization (NESCO) is a DOE-funded EnergySec Program 1
  • 3. Standards • FERC/PUC lines are not clear • NARUC wants backward compatibility • Many state commissions do not have expertise or sufficient staff to deal with the smart grid wave • California PUC is not waiting for Federal standards • Utilities are moving forward, but inconsistently • Suffering from standard fatigue The National Electric Sector Cybersecurity Organization (NESCO) is a DOE-funded EnergySec Program 2
  • 4. Cybersecurity Landscape • Security approaches favor new installations, legacy environments are still vulnerable • Very difficult to replace/patch in-service devices • Isolation has diminishing security value • Security products vs. buying secure products • Engineering (N-1) and Security are different – Nature may be sophisticated, but it isn’t malicious • Hackers don’t use a compliance checklist – Following a compliance checklist won’t make you secure The National Electric Sector Cybersecurity Organization (NESCO) is a DOE-funded EnergySec Program 3
  • 5. Cybersecurity Landscape • Mixing legacy and bleeding edge tech is difficult • Logical distance between kinetic endpoint and HMI is exponentially increasing; “hyperembeddedness” • Many vendors are forced to put features ahead of security due to market conditions • Privacy and security will be dominant forces in the smart grid market • Sufficient motive, means and opportunity exist to take the threat seriously The National Electric Sector Cybersecurity Organization (NESCO) is a DOE-funded EnergySec Program 4
  • 6. TwitBookBlogosphere The National Electric Sector Cybersecurity Organization (NESCO) is a DOE-funded EnergySec Program 5
  • 7. Research and Disclosure 46 zero-day SCADA vulnerabilities issued a two-week span The National Electric Sector Cybersecurity Organization (NESCO) is a DOE-funded EnergySec Program 6
  • 8. Smart Grid Development • Security Considerations – Get off of the innovation treadmill (see: Apple) – Code review: meters, aggregators, upstream – Crypto: transit, rest, key management – Message authentication: learn from EAI models – Patching – Supply chain: hardware, software, people – Physical access – Vulnerability management The National Electric Sector Cybersecurity Organization (NESCO) is a DOE-funded EnergySec Program 7
  • 9. Smart Grid Development • Privacy Considerations – Legal implications – Tin foil hat club – Must have vs. nice to have – Opt in vs. opt out vs. no option – Information is a commodity; ethics matter The National Electric Sector Cybersecurity Organization (NESCO) is a DOE-funded EnergySec Program 8
  • 10. Questions? Non-profit. Independent. Trusted. Patrick C Miller, President and CEO patrick@energysec.org 503-446-1212 The National Electric Sector Cybersecurity Organization (NESCO) is a DOE-funded EnergySec Program 9