SlideShare une entreprise Scribd logo

Security of the Electric Grid: It's more than just NERC CIP

EnergySec
EnergySec

The availability of spectrum for utility communications networks, heightened consumer protection and privacy concerns, cloud computing and its application to the smart grid, supply chain security – these are just some of the policy and regulatory issues that could have a significant impact on utilities as they integrate millions of data points for more efficient control of the modernized grid.  Attention has been focused on compliance with NERC-CIP mandates and passing audits, but what is their place in the broader security picture?  Will other policy developments change the landscape of grid security?

Technologie
1  sur  12
Télécharger pour lire hors ligne
Security  of  the  Electric  Grid:     It’s  more  than  just  NERC-­‐CIP   Prudence  Parks   Director  of  Government  Affairs  and     Legisla've  Counsel   U?li?es  Telecom  Council       EnergySec  Summit   Portland,  Oregon   September  26,  2012   ©  2012  U'li'es  Telecom  Council  
What’s  on  the  Security  List  Besides  NERC-­‐CIP   •  Spectrum  for  Communica'ons   •  Standards  Development   •  Security  of  Cloud  Compu'ng   •  Privacy  &  Civil  Liber'es   •  Supply    Chain   •  Jurisdic'onal  Authority  Changes   ©  2012  U'li'es  Telecom  Council  
Spectrum:  It’s  in  Short  Supply   •  U'li'es  and  other  CI  rely  on  private  internal   communica'ons  networks  to  support  core  services,   including  electric,  gas  &  water   •  U'li'es  have  NO  spectrum  dedicated  to  their  exclusive   use   •  Data  generated    by  SG  needs  bigger  pipes   •  Diversity  of  terrain/remote  coverage  makes  lower  bands   preferable-­‐  but  also  eyed  by  commercial  service  providers   •  U'li'es  auc'on  exempt  BUT  auc'on  revenue  aSrac've  to   Congress     ©  2012  U'li'es  Telecom  Council  
Spectrum:  The  Challenges   •  Federal  spectrum:  PCAST  Report   –  Commercial  wireless  compe'ng  for  access  to  spectrum   –  Federal  incumbents  reluctant  to  share  or  relocate   •  Public  safety  spectrum   –  Sharing  700  MHz  requires  nego'a'on  and  may  take  considerable  'me   before  the  PSBN  is  available   –  4.9  GHz  spectrum  is  subject  to  loose  coordina'on  rules;  pushback  from   public  safety     •  Outsourcing  to  Commercial  Service  Providers   –  Meet  CI  requirements?   –  Non-­‐mission  cri'cal  func'ons   –  Mission  cri'cal:  Loss  of  control;  compliance  with  NERC/CIP     ©  2012  U'li'es  Telecom  Council  
Standards:  Na?onal  v.  Interna?onal   •  Four  different  efforts  in  3  bodies  most  prominent  in  the  space   •  IEC  62443-­‐2-­‐1  –  Industrial  communica'on  networks  -­‐  Network  and  system  security  -­‐   Part  2-­‐1:  (hSp://webstore.iec.ch/webstore/webstore.nsf/Artnum_PK/44613)   •  IEEE  2030-­‐2011  -­‐  IEEE  Guide  for  Smart  Grid  Interoperability  of  Energy  Technology   and  Informa'on  Technology  Opera'on  with  the  Electric  Power  System  (EPS),  End-­‐ Use  Applica'ons,  and  Loads,  2011  (hSp://standards.ieee.org/findstds/standard/2030-­‐2011.html)   •  IEEE  P2030.4  Drai  Guide  for  Control  and  Automa'on  Installa'ons  Applied  to  the   Electric  Power  Infrastructure  (under  development)  ( hSp://standards.ieee.org/develop/project/2030.4.html)     •  ISO/IEC  JTC1  SC27  Study  Period  on  Smart  Grid  Environments  (in  progress)     •  NIST  authorized  to  develop  SG  standards  in  the  US,  so  trumps  interna'onal  standards     •  But  ISO  &  IEC  standards  recognized  by  WTO,  can  be  integrated  into  trade  agreements     ©  2012  U'li'es  Telecom  Council  
Cloud  Compu?ng  &  SG  –  Is  it  Secure?   •  NIST  Publica'on  800-­‐146  by  the  Computer  Security  Division  of  the   Informa'on  Technology  Laboratory  ( hSp://www.thecre.com/fisma/wp-­‐content/uploads/2012/05/ sp800-­‐146.pdf)     •  Security  issues  of  communica'ons  links  between  user  and  cloud     •  SGIP  considering  whether  security  standard  for  cloud  compu'ng  as  it   pertains  to  SG  should  be  developed     •  Issues  to  be  addressed:   –  What  are  the  proper'es  of  the  SG  that  could  be  unique  to  cloud    compu'ng?   –  Are  there  issues  that  prevent  cloud  compu'ng  for  SG  applica'ons,  such  as  latency?   –  Are  other  cybersecurity  groups  looking  at  SG  cloud  compu'ng?   –  Can  a  shared  cloud  be  created  for  u'lity  industry  with  hardened  security?   ©  2012  U'li'es  Telecom  Council  
Privacy  and  Civil  Liber?es   •  NIST  SGIP  forming  privacy  subgroup  for  next  version  of  NISTR  7628   •  Over  200  bills  in  Congress  dealing  with  privacy     •  Inability  to  arrive  at  compromise  on  cybersecurity  bill  not  just  whether   should  include  CI  protec'ons,  but  how  protect  privacy  and  civil  liber'es  of   consumers     •  Issues:       –  What  can  u'li'es  do  with  Smart  meter  data   –  Protec'on  of  informa'on  shared  with  exchanges  and  the  Government   –  Length  of  'me  that  the  data  can  be  kept   –  What  type  of  informa'on  can  be  collected   –  No'fica'on  requirements  if  security  breaches         ©  2012  U'li'es  Telecom  Council  
Security  of  the  Supply  Chain   •  Defini'on:    Informa'on  and  Communica'on  Technology  (ICT)  products  are   assembled,  built,  and  transported  by  mul'ple  vendors  around  the  world   before  they  are  acquired  without  the  knowledge  of  the  acquirer   •  Abundant  opportuni'es  exist  for  malicious  actors  to  tamper  with  and   sabotage  products,  ul'mately  compromising  system  integrity  and   opera'ons     •  Much  publicized  incidents  (counterfeit  hardware  sold  to  government   agencies)   •  Organiza'ons  acquiring  hardware,  soiware,  and  services  are  not  able  to   fully  understand  and  appropriately  manage  the  security  risks  associated   with  the  use  of  these  products  and  services   •  Challenges  range  from  poor  acquirer  prac'ces  to  lack  of  transparency  into   the  supply  chain       ©  2012  U'li'es  Telecom  Council  
This  is  how  Department  of  Defense   Depicts  This  Challenge   Scope  of  Supplier  Expansion  and  Foreign  Involvement”   graphic  in  DACS  www.soiwaretechnews.com  Secure   Soiware  Engineering,  July  2005  ar'cle  “Soiware   Development  Security:  A  Risk  Management  Perspec've”   synopsis  of  May  2004  GAO-­‐04-­‐678  report  “Defense   Acquisi'on:  Knowledge  of  Soiware  Suppliers  Needed  to   Manage  Risks”     ©  2012  U'li'es  Telecom  Council  
Who  will  be  in  Charge?   •  Legisla'on  puts  DHS  in  charge  of  Na'onal  Cybersecurity   Council:  voluntary  or  mandatory  standards  for  CI  protec'on?   •  DOE:  Guides  for  ARRA  recepients;  NARUC:  Regulators  guide   •  Execu've  Order:     –  DHS  in  charge  but  cannot  expand  on  exis'ng  authority   –  Senator  Lieberman  to  WH:  :    “I  urge  you  to  explore  any  means  at  your   disposal  that  would  encourage  regulators  to  make  mandatory  the   standards  developed  by  the  Department  of  Homeland  Security  pursuant   to  your  execu've  order  so  we  can  guarantee  that  our  most  cri'cal   infrastructure  will  be  defended  against  aSacks  from  our  adversaries.”     •  FERC  establishes  Office  of  Energy  Infrastructure  Security   –  To    focus  on  poten'al  cyber  and  physical  security  risks  to  energy   facili'es  under  its  jurisdic'on,  including  EMP   ©  2012  U'li'es  Telecom  Council  
Conclusions   •  Spectrum  is  key  to  Smart  Grid:  lack  of  spectrum  capacity  causes  patchwork   systems,  push  to  use  commercial  systems  outside  u'lity  control   •  Standards  for  the  SG  are  s'll  being  developed  to  include    security  issues   •  SG  means  terabytes  of  data  and  may  increase  use  of  cloud  compu'ng,  with   addi'onal  security  issues   •  SG  means  Energy  Management  using  consumer  data  and  added  privacy   protec'on  and  data  security   •  SG  means  applica'ons  manufactured  without  transparency  of  supplier   security   •  Jurisdic'on  over  mandatory    cybersecurity  standards  may  reside  in  mul'ple   agencies  and  departments  with  mul'ple  audits     ©  2012  U'li'es  Telecom  Council  
Thank  you!   For  more  informa'on,  contact:     Prudence  Parks,  prudence.parks@utc.org    202-­‐833-­‐6806       ©  2012  U'li'es  Telecom  Council  

Recommandé

Agile fractal grid 7-11-14
Agile fractal grid 7-11-14Agile fractal grid 7-11-14
Agile fractal grid 7-11-14Charles "Chuck" Speicher Jr.
 
Critical Infrastructure and Cyber Security: trends and challenges
Critical Infrastructure and Cyber Security: trends and challengesCritical Infrastructure and Cyber Security: trends and challenges
Critical Infrastructure and Cyber Security: trends and challengesCommunity Protection Forum
 
Critical Infrastructure Protection against targeted attacks on cyber-physical...
Critical Infrastructure Protection against targeted attacks on cyber-physical...Critical Infrastructure Protection against targeted attacks on cyber-physical...
Critical Infrastructure Protection against targeted attacks on cyber-physical...Enrique Martin
 
Industrial Cybersecurity and Critical Infrastructure Protection in Europe
Industrial Cybersecurity and Critical Infrastructure Protection in EuropeIndustrial Cybersecurity and Critical Infrastructure Protection in Europe
Industrial Cybersecurity and Critical Infrastructure Protection in EuropePositive Hack Days
 
GR - Security Economics in IoT 150817- Rel.1
GR - Security Economics in IoT 150817- Rel.1GR - Security Economics in IoT 150817- Rel.1
GR - Security Economics in IoT 150817- Rel.1Clay Melugin
 
Cybersecurity and continuous intelligence
Cybersecurity and continuous intelligenceCybersecurity and continuous intelligence
Cybersecurity and continuous intelligenceNISIInstituut
 
Potential Impact of Cyber Attacks on Critical Infrastructure
Potential Impact of Cyber Attacks on Critical InfrastructurePotential Impact of Cyber Attacks on Critical Infrastructure
Potential Impact of Cyber Attacks on Critical InfrastructureUnisys Corporation
 
Sb fortinet-nozomi
Sb fortinet-nozomiSb fortinet-nozomi
Sb fortinet-nozomiIvan Carmona
 

Recommandé

Agile fractal grid 7-11-14
Agile fractal grid 7-11-14Agile fractal grid 7-11-14
Agile fractal grid 7-11-14Charles "Chuck" Speicher Jr.
 
Critical Infrastructure and Cyber Security: trends and challenges
Critical Infrastructure and Cyber Security: trends and challengesCritical Infrastructure and Cyber Security: trends and challenges
Critical Infrastructure and Cyber Security: trends and challengesCommunity Protection Forum
 
Critical Infrastructure Protection against targeted attacks on cyber-physical...
Critical Infrastructure Protection against targeted attacks on cyber-physical...Critical Infrastructure Protection against targeted attacks on cyber-physical...
Critical Infrastructure Protection against targeted attacks on cyber-physical...Enrique Martin
 
Industrial Cybersecurity and Critical Infrastructure Protection in Europe
Industrial Cybersecurity and Critical Infrastructure Protection in EuropeIndustrial Cybersecurity and Critical Infrastructure Protection in Europe
Industrial Cybersecurity and Critical Infrastructure Protection in EuropePositive Hack Days
 
GR - Security Economics in IoT 150817- Rel.1
GR - Security Economics in IoT 150817- Rel.1GR - Security Economics in IoT 150817- Rel.1
GR - Security Economics in IoT 150817- Rel.1Clay Melugin
 
Cybersecurity and continuous intelligence
Cybersecurity and continuous intelligenceCybersecurity and continuous intelligence
Cybersecurity and continuous intelligenceNISIInstituut
 
Potential Impact of Cyber Attacks on Critical Infrastructure
Potential Impact of Cyber Attacks on Critical InfrastructurePotential Impact of Cyber Attacks on Critical Infrastructure
Potential Impact of Cyber Attacks on Critical InfrastructureUnisys Corporation
 
Sb fortinet-nozomi
Sb fortinet-nozomiSb fortinet-nozomi
Sb fortinet-nozomiIvan Carmona
 
European smart grid cyber and scada security
European smart grid cyber and scada securityEuropean smart grid cyber and scada security
European smart grid cyber and scada securityYulia Rotar
 
SMi Group's 4th annual European Smart Grid Cyber and SCADA Security conferenc...
SMi Group's 4th annual European Smart Grid Cyber and SCADA Security conferenc...SMi Group's 4th annual European Smart Grid Cyber and SCADA Security conferenc...
SMi Group's 4th annual European Smart Grid Cyber and SCADA Security conferenc...Dale Butler
 
White paper scada (2)
White paper scada (2)White paper scada (2)
White paper scada (2)Ivan Carmona
 
IBM End-to-End Security for Smart Grids
IBM End-to-End Security for Smart GridsIBM End-to-End Security for Smart Grids
IBM End-to-End Security for Smart GridsIBM Energy & Utilties
 
News letter jan.14
News letter jan.14News letter jan.14
News letter jan.14Capt SB Tyagi, COAC'CC*,FISM,CSC,
 
Guide Report - Wireless Fundementals v1.0 150114
Guide Report - Wireless Fundementals v1.0 150114Guide Report - Wireless Fundementals v1.0 150114
Guide Report - Wireless Fundementals v1.0 150114Clay Melugin
 
Critical Infrastructure and Cyber Threat
Critical Infrastructure and Cyber ThreatCritical Infrastructure and Cyber Threat
Critical Infrastructure and Cyber ThreatMotorola Solutions
 
Industrial IoT summit_andresg_guilarte Siemens
Industrial IoT summit_andresg_guilarte Siemens Industrial IoT summit_andresg_guilarte Siemens
Industrial IoT summit_andresg_guilarte Siemens Andres G. Guilarte
 
What is next for Telecom (Broadband and Cell) - September 2021
What is next for Telecom (Broadband and Cell) - September 2021What is next for Telecom (Broadband and Cell) - September 2021
What is next for Telecom (Broadband and Cell) - September 2021paul young cpa, cga
 
Cybersecurity of powergrid
Cybersecurity of powergrid Cybersecurity of powergrid
Cybersecurity of powergrid Rajesh Sawale
 
Cps sec sg sg2017 conf_iran
Cps sec sg sg2017 conf_iranCps sec sg sg2017 conf_iran
Cps sec sg sg2017 conf_iranAhmadreza Ghaznavi
 
Security Updates Matter: Exploitation for Beginners
Security Updates Matter: Exploitation for BeginnersSecurity Updates Matter: Exploitation for Beginners
Security Updates Matter: Exploitation for BeginnersEnergySec
 
Cyber Security for Critical Infrastrucutre-ppt
Cyber Security for Critical Infrastrucutre-pptCyber Security for Critical Infrastrucutre-ppt
Cyber Security for Critical Infrastrucutre-pptMohit Rampal
 
Saguna edge computing solution for private enterprise networks
Saguna edge computing solution for private enterprise networksSaguna edge computing solution for private enterprise networks
Saguna edge computing solution for private enterprise networksSaguna
 
Maloney slides
Maloney slidesMaloney slides
Maloney slidesOnkar Sule
 
Security and smart grid what you need to know john chowdhury 2012 final
Security and smart grid what you need to know john chowdhury 2012 finalSecurity and smart grid what you need to know john chowdhury 2012 final
Security and smart grid what you need to know john chowdhury 2012 finalJohn Chowdhury
 
2-25-2014 Part 1 - NRECA Kickoff Meeting v2
2-25-2014 Part 1 - NRECA Kickoff Meeting v22-25-2014 Part 1 - NRECA Kickoff Meeting v2
2-25-2014 Part 1 - NRECA Kickoff Meeting v2Charles "Chuck" Speicher Jr.
 
WCIT12 myth busting presentation
WCIT12 myth busting presentationWCIT12 myth busting presentation
WCIT12 myth busting presentationITU
 
A rede como um sensor de segurança
A rede como um sensor de segurança A rede como um sensor de segurança
A rede como um sensor de segurança Cisco do Brasil
 
I Pv6 Presentation 310510 V4
I Pv6 Presentation 310510 V4I Pv6 Presentation 310510 V4
I Pv6 Presentation 310510 V4Chaesub Lee
 
NERC Critical Infrastructure Protection (CIP) and Security for Field Devices
NERC Critical Infrastructure Protection (CIP) and Security for Field DevicesNERC Critical Infrastructure Protection (CIP) and Security for Field Devices
NERC Critical Infrastructure Protection (CIP) and Security for Field DevicesSchneider Electric
 
The Path to Confident Compliance and the Transition to NERC CIP Version 5 – A...
The Path to Confident Compliance and the Transition to NERC CIP Version 5 – A...The Path to Confident Compliance and the Transition to NERC CIP Version 5 – A...
The Path to Confident Compliance and the Transition to NERC CIP Version 5 – A...EnergySec
 

Contenu connexe

Tendances

European smart grid cyber and scada security
European smart grid cyber and scada securityEuropean smart grid cyber and scada security
European smart grid cyber and scada securityYulia Rotar
 
SMi Group's 4th annual European Smart Grid Cyber and SCADA Security conferenc...
SMi Group's 4th annual European Smart Grid Cyber and SCADA Security conferenc...SMi Group's 4th annual European Smart Grid Cyber and SCADA Security conferenc...
SMi Group's 4th annual European Smart Grid Cyber and SCADA Security conferenc...Dale Butler
 
White paper scada (2)
White paper scada (2)White paper scada (2)
White paper scada (2)Ivan Carmona
 
IBM End-to-End Security for Smart Grids
IBM End-to-End Security for Smart GridsIBM End-to-End Security for Smart Grids
IBM End-to-End Security for Smart GridsIBM Energy & Utilties
 
Guide Report - Wireless Fundementals v1.0 150114
Guide Report - Wireless Fundementals v1.0 150114Guide Report - Wireless Fundementals v1.0 150114
Guide Report - Wireless Fundementals v1.0 150114Clay Melugin
 
Critical Infrastructure and Cyber Threat
Critical Infrastructure and Cyber ThreatCritical Infrastructure and Cyber Threat
Critical Infrastructure and Cyber ThreatMotorola Solutions
 
Industrial IoT summit_andresg_guilarte Siemens
Industrial IoT summit_andresg_guilarte Siemens Industrial IoT summit_andresg_guilarte Siemens
Industrial IoT summit_andresg_guilarte Siemens Andres G. Guilarte
 
What is next for Telecom (Broadband and Cell) - September 2021
What is next for Telecom (Broadband and Cell) - September 2021What is next for Telecom (Broadband and Cell) - September 2021
What is next for Telecom (Broadband and Cell) - September 2021paul young cpa, cga
 
Cybersecurity of powergrid
Cybersecurity of powergrid Cybersecurity of powergrid
Cybersecurity of powergrid Rajesh Sawale
 
Security Updates Matter: Exploitation for Beginners
Security Updates Matter: Exploitation for BeginnersSecurity Updates Matter: Exploitation for Beginners
Security Updates Matter: Exploitation for BeginnersEnergySec
 
Cyber Security for Critical Infrastrucutre-ppt
Cyber Security for Critical Infrastrucutre-pptCyber Security for Critical Infrastrucutre-ppt
Cyber Security for Critical Infrastrucutre-pptMohit Rampal
 
Saguna edge computing solution for private enterprise networks
Saguna edge computing solution for private enterprise networksSaguna edge computing solution for private enterprise networks
Saguna edge computing solution for private enterprise networksSaguna
 
Maloney slides
Maloney slidesMaloney slides
Maloney slidesOnkar Sule
 
Security and smart grid what you need to know john chowdhury 2012 final
Security and smart grid what you need to know john chowdhury 2012 finalSecurity and smart grid what you need to know john chowdhury 2012 final
Security and smart grid what you need to know john chowdhury 2012 finalJohn Chowdhury
 
WCIT12 myth busting presentation
WCIT12 myth busting presentationWCIT12 myth busting presentation
WCIT12 myth busting presentationITU
 
A rede como um sensor de segurança
A rede como um sensor de segurança A rede como um sensor de segurança
A rede como um sensor de segurança Cisco do Brasil
 
I Pv6 Presentation 310510 V4
I Pv6 Presentation 310510 V4I Pv6 Presentation 310510 V4
I Pv6 Presentation 310510 V4Chaesub Lee
 

Tendances (20)

European smart grid cyber and scada security
European smart grid cyber and scada securityEuropean smart grid cyber and scada security
European smart grid cyber and scada security
 
SMi Group's 4th annual European Smart Grid Cyber and SCADA Security conferenc...
SMi Group's 4th annual European Smart Grid Cyber and SCADA Security conferenc...SMi Group's 4th annual European Smart Grid Cyber and SCADA Security conferenc...
SMi Group's 4th annual European Smart Grid Cyber and SCADA Security conferenc...
 
White paper scada (2)
White paper scada (2)White paper scada (2)
White paper scada (2)
 
IBM End-to-End Security for Smart Grids
IBM End-to-End Security for Smart GridsIBM End-to-End Security for Smart Grids
IBM End-to-End Security for Smart Grids
 
News letter jan.14
News letter jan.14News letter jan.14
News letter jan.14
 
Guide Report - Wireless Fundementals v1.0 150114
Guide Report - Wireless Fundementals v1.0 150114Guide Report - Wireless Fundementals v1.0 150114
Guide Report - Wireless Fundementals v1.0 150114
 
Critical Infrastructure and Cyber Threat
Critical Infrastructure and Cyber ThreatCritical Infrastructure and Cyber Threat
Critical Infrastructure and Cyber Threat
 
Industrial IoT summit_andresg_guilarte Siemens
Industrial IoT summit_andresg_guilarte Siemens Industrial IoT summit_andresg_guilarte Siemens
Industrial IoT summit_andresg_guilarte Siemens
 
What is next for Telecom (Broadband and Cell) - September 2021
What is next for Telecom (Broadband and Cell) - September 2021What is next for Telecom (Broadband and Cell) - September 2021
What is next for Telecom (Broadband and Cell) - September 2021
 
Cybersecurity of powergrid
Cybersecurity of powergrid Cybersecurity of powergrid
Cybersecurity of powergrid
 
Cps sec sg sg2017 conf_iran
Cps sec sg sg2017 conf_iranCps sec sg sg2017 conf_iran
Cps sec sg sg2017 conf_iran
 
Security Updates Matter: Exploitation for Beginners
Security Updates Matter: Exploitation for BeginnersSecurity Updates Matter: Exploitation for Beginners
Security Updates Matter: Exploitation for Beginners
 
Cyber Security for Critical Infrastrucutre-ppt
Cyber Security for Critical Infrastrucutre-pptCyber Security for Critical Infrastrucutre-ppt
Cyber Security for Critical Infrastrucutre-ppt
 
Saguna edge computing solution for private enterprise networks
Saguna edge computing solution for private enterprise networksSaguna edge computing solution for private enterprise networks
Saguna edge computing solution for private enterprise networks
 
Maloney slides
Maloney slidesMaloney slides
Maloney slides
 
Security and smart grid what you need to know john chowdhury 2012 final
Security and smart grid what you need to know john chowdhury 2012 finalSecurity and smart grid what you need to know john chowdhury 2012 final
Security and smart grid what you need to know john chowdhury 2012 final
 
2-25-2014 Part 1 - NRECA Kickoff Meeting v2
2-25-2014 Part 1 - NRECA Kickoff Meeting v22-25-2014 Part 1 - NRECA Kickoff Meeting v2
2-25-2014 Part 1 - NRECA Kickoff Meeting v2
 
WCIT12 myth busting presentation
WCIT12 myth busting presentationWCIT12 myth busting presentation
WCIT12 myth busting presentation
 
A rede como um sensor de segurança
A rede como um sensor de segurança A rede como um sensor de segurança
A rede como um sensor de segurança
 
I Pv6 Presentation 310510 V4
I Pv6 Presentation 310510 V4I Pv6 Presentation 310510 V4
I Pv6 Presentation 310510 V4
 

En vedette

NERC Critical Infrastructure Protection (CIP) and Security for Field Devices
NERC Critical Infrastructure Protection (CIP) and Security for Field DevicesNERC Critical Infrastructure Protection (CIP) and Security for Field Devices
NERC Critical Infrastructure Protection (CIP) and Security for Field DevicesSchneider Electric
 
The Path to Confident Compliance and the Transition to NERC CIP Version 5 – A...
The Path to Confident Compliance and the Transition to NERC CIP Version 5 – A...The Path to Confident Compliance and the Transition to NERC CIP Version 5 – A...
The Path to Confident Compliance and the Transition to NERC CIP Version 5 – A...EnergySec
 
NERC CIP Version 5 and Beyond – Compliance and the Vendor’s Role
NERC CIP Version 5 and Beyond – Compliance and the Vendor’s RoleNERC CIP Version 5 and Beyond – Compliance and the Vendor’s Role
NERC CIP Version 5 and Beyond – Compliance and the Vendor’s RoleEnergySec
 
Structured NERC CIP Process Improvement Using Six Sigma
Structured NERC CIP Process Improvement Using Six SigmaStructured NERC CIP Process Improvement Using Six Sigma
Structured NERC CIP Process Improvement Using Six SigmaEnergySec
 
North American Generator Forum Update
North American Generator Forum UpdateNorth American Generator Forum Update
North American Generator Forum UpdateEnergySec
 
Explore the Implicit Requirements of the NERC CIP RSAWs
Explore the Implicit Requirements of the NERC CIP RSAWsExplore the Implicit Requirements of the NERC CIP RSAWs
Explore the Implicit Requirements of the NERC CIP RSAWsEnergySec
 

En vedette (7)

NERC Critical Infrastructure Protection (CIP) and Security for Field Devices
NERC Critical Infrastructure Protection (CIP) and Security for Field DevicesNERC Critical Infrastructure Protection (CIP) and Security for Field Devices
NERC Critical Infrastructure Protection (CIP) and Security for Field Devices
 
The Path to Confident Compliance and the Transition to NERC CIP Version 5 – A...
The Path to Confident Compliance and the Transition to NERC CIP Version 5 – A...The Path to Confident Compliance and the Transition to NERC CIP Version 5 – A...
The Path to Confident Compliance and the Transition to NERC CIP Version 5 – A...
 
NERC CIP Version 5 and Beyond – Compliance and the Vendor’s Role
NERC CIP Version 5 and Beyond – Compliance and the Vendor’s RoleNERC CIP Version 5 and Beyond – Compliance and the Vendor’s Role
NERC CIP Version 5 and Beyond – Compliance and the Vendor’s Role
 
Structured NERC CIP Process Improvement Using Six Sigma
Structured NERC CIP Process Improvement Using Six SigmaStructured NERC CIP Process Improvement Using Six Sigma
Structured NERC CIP Process Improvement Using Six Sigma
 
North American Generator Forum Update
North American Generator Forum UpdateNorth American Generator Forum Update
North American Generator Forum Update
 
Explore the Implicit Requirements of the NERC CIP RSAWs
Explore the Implicit Requirements of the NERC CIP RSAWsExplore the Implicit Requirements of the NERC CIP RSAWs
Explore the Implicit Requirements of the NERC CIP RSAWs
 
Electrical safety new
Electrical safety newElectrical safety new
Electrical safety new
 

Similaire à Security of the Electric Grid: It's more than just NERC CIP

ICS Supply Chain Security: Learning from Recent Incidents and Other Sectors
ICS Supply Chain Security: Learning from Recent Incidents and Other SectorsICS Supply Chain Security: Learning from Recent Incidents and Other Sectors
ICS Supply Chain Security: Learning from Recent Incidents and Other SectorsEnergySec
 
Cyber security of power grid
Cyber security of power gridCyber security of power grid
Cyber security of power gridP K Agarwal
 
Ignite 2019
Ignite 2019Ignite 2019
Ignite 2019TI Safe
 
IoT Security Assessment - IEEE PAR Proposal
IoT Security Assessment - IEEE PAR ProposalIoT Security Assessment - IEEE PAR Proposal
IoT Security Assessment - IEEE PAR ProposalSyam Madanapalli
 
The Expanding Web of Cybersecurity Requirements
The Expanding Web of Cybersecurity RequirementsThe Expanding Web of Cybersecurity Requirements
The Expanding Web of Cybersecurity RequirementsEnergySec
 
Private sector cyber resilience and the role of data diodes
Private sector cyber resilience and the role of data diodesPrivate sector cyber resilience and the role of data diodes
Private sector cyber resilience and the role of data diodesOllie Whitehouse
 
IEEE PES GM 2017 Cybersecurity Panel Talk
IEEE PES GM 2017 Cybersecurity Panel TalkIEEE PES GM 2017 Cybersecurity Panel Talk
IEEE PES GM 2017 Cybersecurity Panel TalkNathan Wallace, PhD, PE
 
Tigerspike - Cybersecurity and Mobility in the Energy Industry
Tigerspike - Cybersecurity and Mobility in the Energy IndustryTigerspike - Cybersecurity and Mobility in the Energy Industry
Tigerspike - Cybersecurity and Mobility in the Energy IndustryChristian Glover Wilson
 
Supply Chain Threats to the US Energy Sector
Supply Chain Threats to the US Energy SectorSupply Chain Threats to the US Energy Sector
Supply Chain Threats to the US Energy SectorKaspersky
 
5G Security Briefing
5G Security Briefing5G Security Briefing
5G Security Briefing3G4G
 
Rombit LSEC IoTSecurity IoTSBOM CyberSec Europe 2022
Rombit LSEC IoTSecurity IoTSBOM CyberSec Europe 2022Rombit LSEC IoTSecurity IoTSBOM CyberSec Europe 2022
Rombit LSEC IoTSecurity IoTSBOM CyberSec Europe 2022Ulrich Seldeslachts
 
IoT security and privacy: main challenges and how ISOC-OTA address them
IoT security and privacy: main challenges and how ISOC-OTA address themIoT security and privacy: main challenges and how ISOC-OTA address them
IoT security and privacy: main challenges and how ISOC-OTA address themRadouane Mrabet
 
SMi Group's Smart Grid Cyber Security 2019 conference
SMi Group's Smart Grid Cyber Security 2019 conferenceSMi Group's Smart Grid Cyber Security 2019 conference
SMi Group's Smart Grid Cyber Security 2019 conferenceDale Butler
 
AEE Cybersecurity for the IOT in Facility Energy Distribution Slides
AEE Cybersecurity for the IOT in Facility Energy Distribution SlidesAEE Cybersecurity for the IOT in Facility Energy Distribution Slides
AEE Cybersecurity for the IOT in Facility Energy Distribution SlidesAndy Taylor
 
SMi Group's Oil & Gas Cyber Security conference & exhibition
SMi Group's Oil & Gas Cyber Security conference & exhibitionSMi Group's Oil & Gas Cyber Security conference & exhibition
SMi Group's Oil & Gas Cyber Security conference & exhibitionDale Butler
 

Similaire à Security of the Electric Grid: It's more than just NERC CIP (20)

ICS Supply Chain Security: Learning from Recent Incidents and Other Sectors
ICS Supply Chain Security: Learning from Recent Incidents and Other SectorsICS Supply Chain Security: Learning from Recent Incidents and Other Sectors
ICS Supply Chain Security: Learning from Recent Incidents and Other Sectors
 
Agile Fractal Grid - 7-11-14
Agile Fractal Grid - 7-11-14Agile Fractal Grid - 7-11-14
Agile Fractal Grid - 7-11-14
 
T063500000200201 ppte
T063500000200201 ppteT063500000200201 ppte
T063500000200201 ppte
 
Nreca kickoff meeting
Nreca kickoff meetingNreca kickoff meeting
Nreca kickoff meeting
 
Cyber security of power grid
Cyber security of power gridCyber security of power grid
Cyber security of power grid
 
Ignite 2019
Ignite 2019Ignite 2019
Ignite 2019
 
IoT Security Assessment - IEEE PAR Proposal
IoT Security Assessment - IEEE PAR ProposalIoT Security Assessment - IEEE PAR Proposal
IoT Security Assessment - IEEE PAR Proposal
 
The Expanding Web of Cybersecurity Requirements
The Expanding Web of Cybersecurity RequirementsThe Expanding Web of Cybersecurity Requirements
The Expanding Web of Cybersecurity Requirements
 
Private sector cyber resilience and the role of data diodes
Private sector cyber resilience and the role of data diodesPrivate sector cyber resilience and the role of data diodes
Private sector cyber resilience and the role of data diodes
 
IEEE PES GM 2017 Cybersecurity Panel Talk
IEEE PES GM 2017 Cybersecurity Panel TalkIEEE PES GM 2017 Cybersecurity Panel Talk
IEEE PES GM 2017 Cybersecurity Panel Talk
 
Tigerspike - Cybersecurity and Mobility in the Energy Industry
Tigerspike - Cybersecurity and Mobility in the Energy IndustryTigerspike - Cybersecurity and Mobility in the Energy Industry
Tigerspike - Cybersecurity and Mobility in the Energy Industry
 
Supply Chain Threats to the US Energy Sector
Supply Chain Threats to the US Energy SectorSupply Chain Threats to the US Energy Sector
Supply Chain Threats to the US Energy Sector
 
5G Security Briefing
5G Security Briefing5G Security Briefing
5G Security Briefing
 
Unit_3.pptx
Unit_3.pptxUnit_3.pptx
Unit_3.pptx
 
Rombit LSEC IoTSecurity IoTSBOM CyberSec Europe 2022
Rombit LSEC IoTSecurity IoTSBOM CyberSec Europe 2022Rombit LSEC IoTSecurity IoTSBOM CyberSec Europe 2022
Rombit LSEC IoTSecurity IoTSBOM CyberSec Europe 2022
 
IoT security and privacy: main challenges and how ISOC-OTA address them
IoT security and privacy: main challenges and how ISOC-OTA address themIoT security and privacy: main challenges and how ISOC-OTA address them
IoT security and privacy: main challenges and how ISOC-OTA address them
 
SMi Group's Smart Grid Cyber Security 2019 conference
SMi Group's Smart Grid Cyber Security 2019 conferenceSMi Group's Smart Grid Cyber Security 2019 conference
SMi Group's Smart Grid Cyber Security 2019 conference
 
AEE Cybersecurity for the IOT in Facility Energy Distribution Slides
AEE Cybersecurity for the IOT in Facility Energy Distribution SlidesAEE Cybersecurity for the IOT in Facility Energy Distribution Slides
AEE Cybersecurity for the IOT in Facility Energy Distribution Slides
 
SMi Group's Oil & Gas Cyber Security conference & exhibition
SMi Group's Oil & Gas Cyber Security conference & exhibitionSMi Group's Oil & Gas Cyber Security conference & exhibition
SMi Group's Oil & Gas Cyber Security conference & exhibition
 
An analysis of the security needs
An analysis of the security needsAn analysis of the security needs
An analysis of the security needs
 

Plus de EnergySec

Gary Leatherman - A Holistic Approach for Reimagining Cyber Defense
Gary Leatherman - A Holistic Approach for Reimagining Cyber DefenseGary Leatherman - A Holistic Approach for Reimagining Cyber Defense
Gary Leatherman - A Holistic Approach for Reimagining Cyber DefenseEnergySec
 
Slide Griffin - Practical Attacks and Mitigations
Slide Griffin - Practical Attacks and MitigationsSlide Griffin - Practical Attacks and Mitigations
Slide Griffin - Practical Attacks and MitigationsEnergySec
 
Patrick Miller - Tackling Tomorrow's Biggest Cybersecurity Problems with Real...
Patrick Miller - Tackling Tomorrow's Biggest Cybersecurity Problems with Real...Patrick Miller - Tackling Tomorrow's Biggest Cybersecurity Problems with Real...
Patrick Miller - Tackling Tomorrow's Biggest Cybersecurity Problems with Real...EnergySec
 
Jack Whitsitt - Yours, Anecdotally
Jack Whitsitt - Yours, AnecdotallyJack Whitsitt - Yours, Anecdotally
Jack Whitsitt - Yours, AnecdotallyEnergySec
 
Steve Parker - The Internet of Everything: Cyber-defense in an Age of Ubiquit...
Steve Parker - The Internet of Everything: Cyber-defense in an Age of Ubiquit...Steve Parker - The Internet of Everything: Cyber-defense in an Age of Ubiquit...
Steve Parker - The Internet of Everything: Cyber-defense in an Age of Ubiquit...EnergySec
 
Daniel Lance - What "You've Got Mail" Taught Me About Cyber Security
Daniel Lance - What "You've Got Mail" Taught Me About Cyber SecurityDaniel Lance - What "You've Got Mail" Taught Me About Cyber Security
Daniel Lance - What "You've Got Mail" Taught Me About Cyber SecurityEnergySec
 
Lessons Learned For NERC CIPv5 Compliance & Configuration Change Management
Lessons Learned For NERC CIPv5 Compliance & Configuration Change ManagementLessons Learned For NERC CIPv5 Compliance & Configuration Change Management
Lessons Learned For NERC CIPv5 Compliance & Configuration Change ManagementEnergySec
 
Wireless Sensor Networks: Nothing is Out of Reach
Wireless Sensor Networks: Nothing is Out of ReachWireless Sensor Networks: Nothing is Out of Reach
Wireless Sensor Networks: Nothing is Out of ReachEnergySec
 
Please, Come and Hack my SCADA System!
Please, Come and Hack my SCADA System!Please, Come and Hack my SCADA System!
Please, Come and Hack my SCADA System!EnergySec
 
Unidirectional Network Architectures
Unidirectional Network ArchitecturesUnidirectional Network Architectures
Unidirectional Network ArchitecturesEnergySec
 
Industrial Technology Trajectory: Running With Scissors
Industrial Technology Trajectory: Running With ScissorsIndustrial Technology Trajectory: Running With Scissors
Industrial Technology Trajectory: Running With ScissorsEnergySec
 
ICS Cybersecurity: How to Protect the Proprietary Cyber Assets That Hackers C...
ICS Cybersecurity: How to Protect the Proprietary Cyber Assets That Hackers C...ICS Cybersecurity: How to Protect the Proprietary Cyber Assets That Hackers C...
ICS Cybersecurity: How to Protect the Proprietary Cyber Assets That Hackers C...EnergySec
 
Where Cyber Security Meets Operational Value
Where Cyber Security Meets Operational ValueWhere Cyber Security Meets Operational Value
Where Cyber Security Meets Operational ValueEnergySec
 
Where Are All The ICS Attacks?
Where Are All The ICS Attacks?Where Are All The ICS Attacks?
Where Are All The ICS Attacks?EnergySec
 
SAP’s Utilities Roadmap Overview, The Evolution of Regulatory Compliance and ...
SAP’s Utilities Roadmap Overview, The Evolution of Regulatory Compliance and ...SAP’s Utilities Roadmap Overview, The Evolution of Regulatory Compliance and ...
SAP’s Utilities Roadmap Overview, The Evolution of Regulatory Compliance and ...EnergySec
 
Industry Reliability and Security Standards Working Together
Industry Reliability and Security Standards Working TogetherIndustry Reliability and Security Standards Working Together
Industry Reliability and Security Standards Working TogetherEnergySec
 
What the Department of Defense and Energy Sector Can Learn from Each Other
What the Department of Defense and Energy Sector Can Learn from Each OtherWhat the Department of Defense and Energy Sector Can Learn from Each Other
What the Department of Defense and Energy Sector Can Learn from Each OtherEnergySec
 
Third Party Security Testing for Advanced Metering Infrastructure Program
Third Party Security Testing for Advanced Metering Infrastructure ProgramThird Party Security Testing for Advanced Metering Infrastructure Program
Third Party Security Testing for Advanced Metering Infrastructure ProgramEnergySec
 
Beyond Public Private Partnerships: Collaboration, Coordination and Commitmen...
Beyond Public Private Partnerships: Collaboration, Coordination and Commitmen...Beyond Public Private Partnerships: Collaboration, Coordination and Commitmen...
Beyond Public Private Partnerships: Collaboration, Coordination and Commitmen...EnergySec
 
Sea Changes, Strategic Implications, Board Cyber Perspectives
Sea Changes, Strategic Implications, Board Cyber PerspectivesSea Changes, Strategic Implications, Board Cyber Perspectives
Sea Changes, Strategic Implications, Board Cyber PerspectivesEnergySec
 

Plus de EnergySec (20)

Gary Leatherman - A Holistic Approach for Reimagining Cyber Defense
Gary Leatherman - A Holistic Approach for Reimagining Cyber DefenseGary Leatherman - A Holistic Approach for Reimagining Cyber Defense
Gary Leatherman - A Holistic Approach for Reimagining Cyber Defense
 
Slide Griffin - Practical Attacks and Mitigations
Slide Griffin - Practical Attacks and MitigationsSlide Griffin - Practical Attacks and Mitigations
Slide Griffin - Practical Attacks and Mitigations
 
Patrick Miller - Tackling Tomorrow's Biggest Cybersecurity Problems with Real...
Patrick Miller - Tackling Tomorrow's Biggest Cybersecurity Problems with Real...Patrick Miller - Tackling Tomorrow's Biggest Cybersecurity Problems with Real...
Patrick Miller - Tackling Tomorrow's Biggest Cybersecurity Problems with Real...
 
Jack Whitsitt - Yours, Anecdotally
Jack Whitsitt - Yours, AnecdotallyJack Whitsitt - Yours, Anecdotally
Jack Whitsitt - Yours, Anecdotally
 
Steve Parker - The Internet of Everything: Cyber-defense in an Age of Ubiquit...
Steve Parker - The Internet of Everything: Cyber-defense in an Age of Ubiquit...Steve Parker - The Internet of Everything: Cyber-defense in an Age of Ubiquit...
Steve Parker - The Internet of Everything: Cyber-defense in an Age of Ubiquit...
 
Daniel Lance - What "You've Got Mail" Taught Me About Cyber Security
Daniel Lance - What "You've Got Mail" Taught Me About Cyber SecurityDaniel Lance - What "You've Got Mail" Taught Me About Cyber Security
Daniel Lance - What "You've Got Mail" Taught Me About Cyber Security
 
Lessons Learned For NERC CIPv5 Compliance & Configuration Change Management
Lessons Learned For NERC CIPv5 Compliance & Configuration Change ManagementLessons Learned For NERC CIPv5 Compliance & Configuration Change Management
Lessons Learned For NERC CIPv5 Compliance & Configuration Change Management
 
Wireless Sensor Networks: Nothing is Out of Reach
Wireless Sensor Networks: Nothing is Out of ReachWireless Sensor Networks: Nothing is Out of Reach
Wireless Sensor Networks: Nothing is Out of Reach
 
Please, Come and Hack my SCADA System!
Please, Come and Hack my SCADA System!Please, Come and Hack my SCADA System!
Please, Come and Hack my SCADA System!
 
Unidirectional Network Architectures
Unidirectional Network ArchitecturesUnidirectional Network Architectures
Unidirectional Network Architectures
 
Industrial Technology Trajectory: Running With Scissors
Industrial Technology Trajectory: Running With ScissorsIndustrial Technology Trajectory: Running With Scissors
Industrial Technology Trajectory: Running With Scissors
 
ICS Cybersecurity: How to Protect the Proprietary Cyber Assets That Hackers C...
ICS Cybersecurity: How to Protect the Proprietary Cyber Assets That Hackers C...ICS Cybersecurity: How to Protect the Proprietary Cyber Assets That Hackers C...
ICS Cybersecurity: How to Protect the Proprietary Cyber Assets That Hackers C...
 
Where Cyber Security Meets Operational Value
Where Cyber Security Meets Operational ValueWhere Cyber Security Meets Operational Value
Where Cyber Security Meets Operational Value
 
Where Are All The ICS Attacks?
Where Are All The ICS Attacks?Where Are All The ICS Attacks?
Where Are All The ICS Attacks?
 
SAP’s Utilities Roadmap Overview, The Evolution of Regulatory Compliance and ...
SAP’s Utilities Roadmap Overview, The Evolution of Regulatory Compliance and ...SAP’s Utilities Roadmap Overview, The Evolution of Regulatory Compliance and ...
SAP’s Utilities Roadmap Overview, The Evolution of Regulatory Compliance and ...
 
Industry Reliability and Security Standards Working Together
Industry Reliability and Security Standards Working TogetherIndustry Reliability and Security Standards Working Together
Industry Reliability and Security Standards Working Together
 
What the Department of Defense and Energy Sector Can Learn from Each Other
What the Department of Defense and Energy Sector Can Learn from Each OtherWhat the Department of Defense and Energy Sector Can Learn from Each Other
What the Department of Defense and Energy Sector Can Learn from Each Other
 
Third Party Security Testing for Advanced Metering Infrastructure Program
Third Party Security Testing for Advanced Metering Infrastructure ProgramThird Party Security Testing for Advanced Metering Infrastructure Program
Third Party Security Testing for Advanced Metering Infrastructure Program
 
Beyond Public Private Partnerships: Collaboration, Coordination and Commitmen...
Beyond Public Private Partnerships: Collaboration, Coordination and Commitmen...Beyond Public Private Partnerships: Collaboration, Coordination and Commitmen...
Beyond Public Private Partnerships: Collaboration, Coordination and Commitmen...
 
Sea Changes, Strategic Implications, Board Cyber Perspectives
Sea Changes, Strategic Implications, Board Cyber PerspectivesSea Changes, Strategic Implications, Board Cyber Perspectives
Sea Changes, Strategic Implications, Board Cyber Perspectives
 

Dernier

Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilV3cube
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsRoshan Dwivedi
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 

Dernier (20)

Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 

Security of the Electric Grid: It's more than just NERC CIP

  • 1. Security  of  the  Electric  Grid:     It’s  more  than  just  NERC-­‐CIP   Prudence  Parks   Director  of  Government  Affairs  and     Legisla've  Counsel   U?li?es  Telecom  Council       EnergySec  Summit   Portland,  Oregon   September  26,  2012   ©  2012  U'li'es  Telecom  Council  
  • 2. What’s  on  the  Security  List  Besides  NERC-­‐CIP   •  Spectrum  for  Communica'ons   •  Standards  Development   •  Security  of  Cloud  Compu'ng   •  Privacy  &  Civil  Liber'es   •  Supply    Chain   •  Jurisdic'onal  Authority  Changes   ©  2012  U'li'es  Telecom  Council  
  • 3. Spectrum:  It’s  in  Short  Supply   •  U'li'es  and  other  CI  rely  on  private  internal   communica'ons  networks  to  support  core  services,   including  electric,  gas  &  water   •  U'li'es  have  NO  spectrum  dedicated  to  their  exclusive   use   •  Data  generated    by  SG  needs  bigger  pipes   •  Diversity  of  terrain/remote  coverage  makes  lower  bands   preferable-­‐  but  also  eyed  by  commercial  service  providers   •  U'li'es  auc'on  exempt  BUT  auc'on  revenue  aSrac've  to   Congress     ©  2012  U'li'es  Telecom  Council  
  • 4. Spectrum:  The  Challenges   •  Federal  spectrum:  PCAST  Report   –  Commercial  wireless  compe'ng  for  access  to  spectrum   –  Federal  incumbents  reluctant  to  share  or  relocate   •  Public  safety  spectrum   –  Sharing  700  MHz  requires  nego'a'on  and  may  take  considerable  'me   before  the  PSBN  is  available   –  4.9  GHz  spectrum  is  subject  to  loose  coordina'on  rules;  pushback  from   public  safety     •  Outsourcing  to  Commercial  Service  Providers   –  Meet  CI  requirements?   –  Non-­‐mission  cri'cal  func'ons   –  Mission  cri'cal:  Loss  of  control;  compliance  with  NERC/CIP     ©  2012  U'li'es  Telecom  Council  
  • 5. Standards:  Na?onal  v.  Interna?onal   •  Four  different  efforts  in  3  bodies  most  prominent  in  the  space   •  IEC  62443-­‐2-­‐1  –  Industrial  communica'on  networks  -­‐  Network  and  system  security  -­‐   Part  2-­‐1:  (hSp://webstore.iec.ch/webstore/webstore.nsf/Artnum_PK/44613)   •  IEEE  2030-­‐2011  -­‐  IEEE  Guide  for  Smart  Grid  Interoperability  of  Energy  Technology   and  Informa'on  Technology  Opera'on  with  the  Electric  Power  System  (EPS),  End-­‐ Use  Applica'ons,  and  Loads,  2011  (hSp://standards.ieee.org/findstds/standard/2030-­‐2011.html)   •  IEEE  P2030.4  Drai  Guide  for  Control  and  Automa'on  Installa'ons  Applied  to  the   Electric  Power  Infrastructure  (under  development)  ( hSp://standards.ieee.org/develop/project/2030.4.html)     •  ISO/IEC  JTC1  SC27  Study  Period  on  Smart  Grid  Environments  (in  progress)     •  NIST  authorized  to  develop  SG  standards  in  the  US,  so  trumps  interna'onal  standards     •  But  ISO  &  IEC  standards  recognized  by  WTO,  can  be  integrated  into  trade  agreements     ©  2012  U'li'es  Telecom  Council  
  • 6. Cloud  Compu?ng  &  SG  –  Is  it  Secure?   •  NIST  Publica'on  800-­‐146  by  the  Computer  Security  Division  of  the   Informa'on  Technology  Laboratory  ( hSp://www.thecre.com/fisma/wp-­‐content/uploads/2012/05/ sp800-­‐146.pdf)     •  Security  issues  of  communica'ons  links  between  user  and  cloud     •  SGIP  considering  whether  security  standard  for  cloud  compu'ng  as  it   pertains  to  SG  should  be  developed     •  Issues  to  be  addressed:   –  What  are  the  proper'es  of  the  SG  that  could  be  unique  to  cloud    compu'ng?   –  Are  there  issues  that  prevent  cloud  compu'ng  for  SG  applica'ons,  such  as  latency?   –  Are  other  cybersecurity  groups  looking  at  SG  cloud  compu'ng?   –  Can  a  shared  cloud  be  created  for  u'lity  industry  with  hardened  security?   ©  2012  U'li'es  Telecom  Council  
  • 7. Privacy  and  Civil  Liber?es   •  NIST  SGIP  forming  privacy  subgroup  for  next  version  of  NISTR  7628   •  Over  200  bills  in  Congress  dealing  with  privacy     •  Inability  to  arrive  at  compromise  on  cybersecurity  bill  not  just  whether   should  include  CI  protec'ons,  but  how  protect  privacy  and  civil  liber'es  of   consumers     •  Issues:       –  What  can  u'li'es  do  with  Smart  meter  data   –  Protec'on  of  informa'on  shared  with  exchanges  and  the  Government   –  Length  of  'me  that  the  data  can  be  kept   –  What  type  of  informa'on  can  be  collected   –  No'fica'on  requirements  if  security  breaches         ©  2012  U'li'es  Telecom  Council  
  • 8. Security  of  the  Supply  Chain   •  Defini'on:    Informa'on  and  Communica'on  Technology  (ICT)  products  are   assembled,  built,  and  transported  by  mul'ple  vendors  around  the  world   before  they  are  acquired  without  the  knowledge  of  the  acquirer   •  Abundant  opportuni'es  exist  for  malicious  actors  to  tamper  with  and   sabotage  products,  ul'mately  compromising  system  integrity  and   opera'ons     •  Much  publicized  incidents  (counterfeit  hardware  sold  to  government   agencies)   •  Organiza'ons  acquiring  hardware,  soiware,  and  services  are  not  able  to   fully  understand  and  appropriately  manage  the  security  risks  associated   with  the  use  of  these  products  and  services   •  Challenges  range  from  poor  acquirer  prac'ces  to  lack  of  transparency  into   the  supply  chain       ©  2012  U'li'es  Telecom  Council  
  • 9. This  is  how  Department  of  Defense   Depicts  This  Challenge   Scope  of  Supplier  Expansion  and  Foreign  Involvement”   graphic  in  DACS  www.soiwaretechnews.com  Secure   Soiware  Engineering,  July  2005  ar'cle  “Soiware   Development  Security:  A  Risk  Management  Perspec've”   synopsis  of  May  2004  GAO-­‐04-­‐678  report  “Defense   Acquisi'on:  Knowledge  of  Soiware  Suppliers  Needed  to   Manage  Risks”     ©  2012  U'li'es  Telecom  Council  
  • 10. Who  will  be  in  Charge?   •  Legisla'on  puts  DHS  in  charge  of  Na'onal  Cybersecurity   Council:  voluntary  or  mandatory  standards  for  CI  protec'on?   •  DOE:  Guides  for  ARRA  recepients;  NARUC:  Regulators  guide   •  Execu've  Order:     –  DHS  in  charge  but  cannot  expand  on  exis'ng  authority   –  Senator  Lieberman  to  WH:  :    “I  urge  you  to  explore  any  means  at  your   disposal  that  would  encourage  regulators  to  make  mandatory  the   standards  developed  by  the  Department  of  Homeland  Security  pursuant   to  your  execu've  order  so  we  can  guarantee  that  our  most  cri'cal   infrastructure  will  be  defended  against  aSacks  from  our  adversaries.”     •  FERC  establishes  Office  of  Energy  Infrastructure  Security   –  To    focus  on  poten'al  cyber  and  physical  security  risks  to  energy   facili'es  under  its  jurisdic'on,  including  EMP   ©  2012  U'li'es  Telecom  Council  
  • 11. Conclusions   •  Spectrum  is  key  to  Smart  Grid:  lack  of  spectrum  capacity  causes  patchwork   systems,  push  to  use  commercial  systems  outside  u'lity  control   •  Standards  for  the  SG  are  s'll  being  developed  to  include    security  issues   •  SG  means  terabytes  of  data  and  may  increase  use  of  cloud  compu'ng,  with   addi'onal  security  issues   •  SG  means  Energy  Management  using  consumer  data  and  added  privacy   protec'on  and  data  security   •  SG  means  applica'ons  manufactured  without  transparency  of  supplier   security   •  Jurisdic'on  over  mandatory    cybersecurity  standards  may  reside  in  mul'ple   agencies  and  departments  with  mul'ple  audits     ©  2012  U'li'es  Telecom  Council  
  • 12. Thank  you!   For  more  informa'on,  contact:     Prudence  Parks,  prudence.parks@utc.org    202-­‐833-­‐6806       ©  2012  U'li'es  Telecom  Council