SlideShare une entreprise Scribd logo

EnergySec & National Electric Cyber Security Organization (NESCO) Overview by Patrick Miller, EnergySec

Télécharger en tant que PPTX, PDF
T
TheAnfieldGroup

The National Electric Sector Cybersecurity Organization (NESCO) was established by the U.S. Department of Energy to enhance cybersecurity information sharing in the electric sector. NESCO is operated by EnergySec, a nonprofit, and provides members with tools like a collaboration portal, rapid notification system, and Tactical Analysis Center. NESCO has grown significantly since its inception and aims to be fully industry-funded after an initial seed period supported by the Department of Energy.

TechnologieBusiness
1  sur  40
EnergySec & National Electric Cyber Security Organization (NESCO) Overview 2012 Technologies for Security and Compliance Summit The Anfield Group August 1-2 2012 Barton Creek Resort – Austin, TX
New, New Security Model  Nation State quality adversaries  Fear the auditor more than attacker  Regulatory avalanche forecast  Constant compromise  Ecosystem of organizations  Information sharing is holy grail 2 7/31/201 3 The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec with funding assistance from the U.S. Department of Energy
Info-Share to the Rescue!  What does Information Sharing really mean? – Taking vs. Sharing – Secrecy for secrecy’s sake – Government doesn’t share well (yet)  Very useful approach, but not a panacea  Comes with trade-offs… 3 7/31/201 3 The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec with funding assistance from the U.S. Department of Energy
Information Sharing Reality Some Pros…  What works, what doesn’t  Benchmarking  Situational awareness  Tactical threat and vulnerability analysis  Community-sourcing  Regulatory compliance  Mentoring 4 7/31/201 3 The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec with funding assistance from the U.S. Department of Energy Some Cons…  Classification and handling, both Gov and Corporations  Lawyers, agreements and contracts  Consumers will always outnumber sharers  Trust; n parties  Doesn’t scale well
Who is EnergySec?  Unique, non-profit, independent, public- private information sharing organization  Borne from Energy Sector  Bottom-up vs. top-down  TRUSTED – By the industry, for the industry – Non-profit 501(c)(3) – Independent, private – 10+ years of information sharing experience 5 7/31/201 3 The National Electric Sector Cybersecurity Organization is partially funded by the US Department of Energy
EnergySec Background  10.2001: Precursor to E-Sec NW formed  7.2004: E-Sec NW formalized and “founded” – Asset owner/operator ONLY; all volunteer  1.2008: SANS Information Sharing Award  12.2008: Incorporated E-Sec NW as EnergySec  10.2009: 501(c)(3) nonprofit determination  4.2010: EnergySec applied for NESCO DOE FOA  7.2010: EnergySec awarded NESCO FOA  10.2010: NESCO became operational 6 7/31/201 3 The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec with funding assistance from the U.S. Department of Energy.
What EnergySec Is NOT…  Not a lobbyist  Not a vendor  Not a consultant  Not government agency  Not a regulator 7 7/31/201 3 The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec with funding assistance from the U.S. Department of Energy
EnergySec Staff  Extensive applied sector experience – Many years employment at asset owners – Operations, security, audit, Sr mgmt, OT, IT – Regional Entity leadership – Independent consulting; big firms and boutiques – Built several successful companies – EnergySec founders, Info-sharing pioneers – Certified, trusted, highly connected, dedicated 8 7/31/201 3 The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec with funding assistance from the U.S. Department of Energy.
EnergySec Programs  NESCO: Information Sharing & Best Practices  Advisory Service  EnergySec University – Education/Workforce Development  LIGHTS: Security in a box (turnkey) – Independent board – Partnership with ICS-ISAC 9 7/31/201 3 The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec with funding assistance from the U.S. Department of Energy
EnergySec Nonprofit Umbrella EnergySec NESCO Advisory University Other… 10 7/31/201 3 The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec with funding assistance from the U.S. Department of Energy
EnergySec Advisory  Customized agenda; facilitated discussion  Examine current and horizon energy sector specific cyber security legislation  Explore methods to meet compliance obligations and enhance security posture  Present threat, vulnerability and impact landscape to executives and staff  Highest concentration of advisors with unique and hard-to-find combination of experience 11 7/31/201 3 The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec with funding assistance from the U.S. Department of Energy
EnergySec University  Professional/workforce development path – Internal expertise as instructors – Open faculty roster from best and brightest – Courses in all IT/OT security-related disciplines  Internship matchmaking – coming soon  Working closely with National Board of Information Security Examiners (NBISE) 12 7/31/201 3 The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec with funding assistance from the U.S. Department of Energy
What Is NESCO?  R. 3183 “...the Secretary shall establish an independent national energy sector cyber security organization...” – Department Of Energy issued FOA on March 31, 2010  Purpose is to “establish a National Electric Sector Cyber Security Organization that has the knowledge, capabilities, and experience to protect the electric grid and enhance integration of smart grid technologies that are adequately protected against cyber attacks.”  “This organization will serve as a focal point to bring together domestic and international experts, developers, and users who will assess and test the security of novel technology, architectures, and applications.” 13 7/31/201 3 The National Electric Sector Cybersecurity Organization is partially funded by the US Department of Energy
NESCO Objectives  Organize, lead and implement a public-private partnership  Focus cybersecurity research and development priorities  Identify and disseminate security best practices  Organize the collection, analysis and dissemination of infrastructure vulnerabilities and threats  Work cooperatively with the DOE and other Federal Agencies  Enhance cybersecurity of the bulk power grid and electric infrastructure 14 7/31/201 3 The National Electric Sector Cybersecurity Organization is partially funded by the US Department of Energy
Who Is NESCO? 15 7/31/201 3 The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec with funding assistance from the U.S. Department of Energy. • Public • Private • Non-Reg • Regulatory • Fed, State… • Product • Service • IOU • Muni • Coop Asset Owners Vendor Academia/Research Govt
Connect & Support 16 7/31/201 3 The National Electric Sector Cybersecurity Organization is partially funded by the US Department of Energy Utility Asset Owners
Membership Growth 17 7/31/201 3 The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec with funding assistance from the U.S. Department of Energy
Member Demographics 18 7/31/201 3 The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec with funding assistance from the U.S. Department of Energy Academic 5% Asset Owner 49% Govt/Regulatory 11% Vendor/Other 35% Membership by Organization Academic 2% Asset Owner 64% Govt/Regulatory 12% Vendor/Other 22% Membership by Individual 363 unique organizations1,050 Individual members Predominately Asset Owner Driven Membership Base
Membership Overview  NESCO Members of Sept 30 2011 (1 year) – 788 NESCO members – 278 unique organizations  NESCO Members as of July 12 2012: – 1050 individuals – 363 unique organizations Note: This represents a nearly 50% annual growth rate 19 7/31/201 3 The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec with funding assistance from the U.S. Department of Energy
Social Media Outreach  NESCO mailing list: 3536  NESCO Twitter followers: 2635  NESCO LinkedIn group members: 535 20 7/31/201 3 The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec with funding assistance from the U.S. Department of Energy
Direct Outreach  3 Town Hall meetings  19 Voice of the Industry (VOI) meetings  82 TAC notices; 149 follow up threads  71 presentations/panels  94 event participation  37 blog mentions  43 interviews and article citations 21 7/31/201 3 The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec with funding assistance from the U.S. Department of Energy
Engage, Equip & Empower 22 7/31/201 3 The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec with funding assistance from the U.S. Department of Energy  Sharing requires trust  Trust is built on relationships  Our approach… – Bringing people together – Flexible technology options and solutions to extend and enhance relationships – Organic growth; birds of a feather
NESCO Is Technology  Secure collaboration portal – Wiki – Working groups – Discussion forums – Email distribution lists  Rapid Notification System  Social Media – LinkedIn, Twitter, Facebook 23 7/31/201 3 The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec with funding assistance from the U.S. Department of Energy.
NESCO Tools 24 7/31/201 3 The National Electric Sector Cybersecurity Organization is partially funded by the US Department of Energy  Email distribution lists  Secure collaboration wiki  Secure instant messaging  Rapid notification mechanisms  Resource repository  Most technologies have non- attribution (anonymous) options
NESCO Resource Repository 25 7/31/201 3 The National Electric Sector Cybersecurity Organization is partially funded by the US Department of Energy  Best/common practices  Policy, process, procedure  Compliance approaches  Document Templates  Code snippets, scripts  System configurations  Links to useful security sites  And more…
NESCO Tactical Analysis Center  Supports ES-ISAC and ICS-CERT  Open & private source intelligence  Asset owner volunteer handler SMEs with virtual “dashboards”  Rapid, community-sourced analysis  Secure communications  Rapid notification system  Daily diaries, trending  Quarterly & annual reports 26 7/31/201 3 The National Electric Sector Cybersecurity Organization is partially funded by the US Department of Energy
ES-ISAC, ICS-CERT and TAC  An analogy… triage and long term care  Basic differences of the TAC – Operated by an independent non-profit org – Not associated with a federal regulatory agency • DOE partner is non-regulatory • Funding expires in 2014, only “seed” money provided • Funding model involves cost-share, so industry bears cost throughout entire effort – Electric sector specific – Provides feeds, when requested to NERC & DHS & … 27 7/31/201 3 The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec with funding assistance from the U.S. Department of Energy
ES-ISAC, ICS-CERT and TAC  Basic differences of the TAC – Covers all entities, not just Registered Entities under the NERC Functional Model • Not just Bulk Electric w/ CA and CCA • Includes smart grid, distribution, QF generation – NESCO staff work alongside industry handlers – RNS has direct access to security staff – Volunteer reporting structure, not mandatory – Private position offers unique vendor relationships – Anonymized pass through for bi-directional sharing 28 7/31/201 3 The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec with funding assistance from the U.S. Department of Energy
NESCO Products  Whitepapers – DNS Exfiltration – Security Logging Best Practices and Capability Maturity Models – Public Key Infrastructure, Automated Metering Infrastructure and Industrial Control Systems – DOE Electric Sector Cybersecurity Capability Maturity Model (ES-C2M2) – coming soon! – What else would you like to see? 29 7/31/201 3 The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec with funding assistance from the U.S. Department of Energy.
NESCO Products  Rapid Notification System – Night Dragon webcast – Duqu webcast – Multiple TAC notices 30 7/31/201 3 The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec with funding assistance from the U.S. Department of Energy
NESCO Success Stories 31 7/31/201 3 The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec with funding assistance from the U.S. Department of Energy. …is fantastic that [DOE produces] a document that deals with a subject so technical and that it makes available to the public. http://goo.gl/0xiWp
NESCO Success Stories  Spearphishing notices from asset owner shared with DHS for action – Result: DHS ICS-CERT advisory issued  Accounts from service contractor posted to Internet reviewed for asset owner data – Result: Direct contact warning to specific parties 32 7/31/201 3 The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec with funding assistance from the U.S. Department of Energy.
NESCO Success Stories  Exposed control systems posted on Internet matched to asset owners – Result: Direct contact warning to specific parties  EnergySec spearphishing attempt – Result: Cross-organization comparison with general industry advisory; IOCs published 33 7/31/201 3 The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec with funding assistance from the U.S. Department of Energy
NESCO Success Stories  Industry and [some] Regional Entities seeking to modify process for Technical Feasibility Exceptions to maximize security benefit – Result: NESCO provided independent and impartial discussion forum, webinar and industry feedback loop for proposed change to process 34 7/31/201 3 The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec with funding assistance from the U.S. Department of Energy
NESCO Success Stories 35 7/31/201 3 The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec with funding assistance from the U.S. Department of Energy
NESCO Funding Model  Department of Energy FOA  Cooperative agreement  Cost-share is ~40%, ramps over life of 3.5 year “seed” window  At end of seed window, NESCO is fully funded by industry  Supported by underwriters and TAC subscriptions 36 7/31/201 3 The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec with funding assistance from the U.S. Department of Energy
NESCO Summary  Focused on building trust through relationships to further security collaboration and sharing  Flexible technology facilitates and catalyzes information/resource sharing efforts  Supports existing successful programs  Security voice of the electric sector 37 7/31/201 3 The National Electric Sector Cybersecurity Organization is partially funded by the US Department of Energy
Get Connected  EnergySec Summit: September 25-28 – NESCO Town Hall – CISO Forum – Policy and Technical Tracks  EnergySec University Courses – NERC CIP Training: Las Vegas 10/25 – NERC CIP Training: Sacramento 12/4 – Cybersecurity for Operations: Nashville 11/7  NESCO Voice of the Industry (VOI) Meetings 38 7/31/201 3 The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec with funding assistance from the U.S. Department of Energy
Get Connected  www.energysec.org  www.energysec.org/join  www.energysec.org/tac-subscription- service  TAC@energysec.org  New NESCO website soon! 39 7/31/201 3 The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec with funding assistance from the U.S. Department of Energy
Questions? 40 7/31/201 3 The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec with funding assistance from the U.S. Department of Energy Patrick C Miller Principal Investigator, National Electric Sector Cybersecurity Organization President & CEO, EnergySec patrick.miller@energysec.org 503.446.1212 (desk) @patrickcmiller (twitter) www.energysec.org

Recommandé

TAC Subscription Webinar
TAC Subscription WebinarTAC Subscription Webinar
TAC Subscription Webinar
EnergySec
 
NESCO Year 2 Overview
NESCO Year 2 OverviewNESCO Year 2 Overview
NESCO Year 2 Overview
EnergySec
 
Bridging the Gap: Between Operations and IT
Bridging the Gap: Between Operations and ITBridging the Gap: Between Operations and IT
Bridging the Gap: Between Operations and IT
EnergySec
 
The basics of_taxes_power_point_2.2.2.g1
The basics of_taxes_power_point_2.2.2.g1The basics of_taxes_power_point_2.2.2.g1
The basics of_taxes_power_point_2.2.2.g1
Shannon Gilliland
 
The basics of_taxes_power_point_2.2.2.g1
The basics of_taxes_power_point_2.2.2.g1The basics of_taxes_power_point_2.2.2.g1
The basics of_taxes_power_point_2.2.2.g1
ms_moran
 
Community Energy in Minnesota
Community Energy in MinnesotaCommunity Energy in Minnesota
Community Energy in Minnesota
University of Minnesota
 
Joint us canada_grid_strategy_06_dec2016
Joint us canada_grid_strategy_06_dec2016Joint us canada_grid_strategy_06_dec2016
Joint us canada_grid_strategy_06_dec2016
Елизавета Староверова
 
News 20111004 rwea
News 20111004 rweaNews 20111004 rwea
News 20111004 rwea
Paul Keisch
 

Recommandé

TAC Subscription Webinar
TAC Subscription WebinarTAC Subscription Webinar
TAC Subscription Webinar
EnergySec
 
NESCO Year 2 Overview
NESCO Year 2 OverviewNESCO Year 2 Overview
NESCO Year 2 Overview
EnergySec
 
Bridging the Gap: Between Operations and IT
Bridging the Gap: Between Operations and ITBridging the Gap: Between Operations and IT
Bridging the Gap: Between Operations and IT
EnergySec
 
The basics of_taxes_power_point_2.2.2.g1
The basics of_taxes_power_point_2.2.2.g1The basics of_taxes_power_point_2.2.2.g1
The basics of_taxes_power_point_2.2.2.g1
Shannon Gilliland
 
The basics of_taxes_power_point_2.2.2.g1
The basics of_taxes_power_point_2.2.2.g1The basics of_taxes_power_point_2.2.2.g1
The basics of_taxes_power_point_2.2.2.g1
ms_moran
 
Community Energy in Minnesota
Community Energy in MinnesotaCommunity Energy in Minnesota
Community Energy in Minnesota
University of Minnesota
 
Joint us canada_grid_strategy_06_dec2016
Joint us canada_grid_strategy_06_dec2016Joint us canada_grid_strategy_06_dec2016
Joint us canada_grid_strategy_06_dec2016
Елизавета Староверова
 
News 20111004 rwea
News 20111004 rweaNews 20111004 rwea
News 20111004 rwea
Paul Keisch
 
Collaborative Threat Mitigation or (Collective Self Defense) by Scott Pinkert...
Collaborative Threat Mitigation or (Collective Self Defense) by Scott Pinkert...Collaborative Threat Mitigation or (Collective Self Defense) by Scott Pinkert...
Collaborative Threat Mitigation or (Collective Self Defense) by Scott Pinkert...
TheAnfieldGroup
 
Multi-Cloud, Multi-Network Cyber Awareness, Monitoring and Management by Fran...
Multi-Cloud, Multi-Network Cyber Awareness, Monitoring and Management by Fran...Multi-Cloud, Multi-Network Cyber Awareness, Monitoring and Management by Fran...
Multi-Cloud, Multi-Network Cyber Awareness, Monitoring and Management by Fran...
TheAnfieldGroup
 
Presentation1
Presentation1Presentation1
Presentation1
Patrick Jerwin de Castro
 
Regulators’ Role in Smart Grid Security: What They Want to Know by Alan Rival...
Regulators’ Role in Smart Grid Security: What They Want to Know by Alan Rival...Regulators’ Role in Smart Grid Security: What They Want to Know by Alan Rival...
Regulators’ Role in Smart Grid Security: What They Want to Know by Alan Rival...
TheAnfieldGroup
 
EnergySec & NESCO Overview
EnergySec & NESCO OverviewEnergySec & NESCO Overview
EnergySec & NESCO Overview
EnergySec
 
Synchrophasor Timing Security
Synchrophasor Timing SecuritySynchrophasor Timing Security
Synchrophasor Timing Security
TheAnfieldGroup
 
NESCO: A Closer Look
NESCO: A Closer LookNESCO: A Closer Look
NESCO: A Closer Look
EnergySec
 
Next Generation Information Sharing for the Electric Sector
Next Generation Information Sharing for the Electric SectorNext Generation Information Sharing for the Electric Sector
Next Generation Information Sharing for the Electric Sector
EnergySec
 
Next Generation Information Sharing For The Electric Sector
Next Generation Information Sharing For The Electric SectorNext Generation Information Sharing For The Electric Sector
Next Generation Information Sharing For The Electric Sector
EnergySec
 
The Expanding Web of Cybersecurity Requirements
The Expanding Web of Cybersecurity RequirementsThe Expanding Web of Cybersecurity Requirements
The Expanding Web of Cybersecurity Requirements
EnergySec
 
Emerson Ovation User Group BOD Meeting
Emerson Ovation User Group BOD MeetingEmerson Ovation User Group BOD Meeting
Emerson Ovation User Group BOD Meeting
EnergySec
 
NESCO Overview: Emerson Ovation User Group BOD Meeting
NESCO Overview: Emerson Ovation User Group BOD MeetingNESCO Overview: Emerson Ovation User Group BOD Meeting
NESCO Overview: Emerson Ovation User Group BOD Meeting
EnergySec
 
Hype, Hope and Happenstance: Cyber Threats and Opportunities in an Age of Aut...
Hype, Hope and Happenstance: Cyber Threats and Opportunities in an Age of Aut...Hype, Hope and Happenstance: Cyber Threats and Opportunities in an Age of Aut...
Hype, Hope and Happenstance: Cyber Threats and Opportunities in an Age of Aut...
EnergySec
 
EISS Cybersecurity Briefing
EISS Cybersecurity BriefingEISS Cybersecurity Briefing
EISS Cybersecurity Briefing
EnergySec
 
EnergySec and the NESCO overview
EnergySec and the NESCO overviewEnergySec and the NESCO overview
EnergySec and the NESCO overview
EnergySec
 
Interoperability, Standards and Cybersecurity: A Business Perspective
Interoperability, Standards and Cybersecurity: A Business PerspectiveInteroperability, Standards and Cybersecurity: A Business Perspective
Interoperability, Standards and Cybersecurity: A Business Perspective
EnergySec
 
Building A Stronger And Smarter Electrical Energy Infrastructure IEEE-USA
Building A Stronger And Smarter Electrical Energy Infrastructure IEEE-USABuilding A Stronger And Smarter Electrical Energy Infrastructure IEEE-USA
Building A Stronger And Smarter Electrical Energy Infrastructure IEEE-USA
John Ragan
 
Capstone Paper
Capstone PaperCapstone Paper
Capstone Paper
Thomas Kaczmarek
 
CSRwire & Verizon Webinar_June 26, 2012
CSRwire & Verizon Webinar_June 26, 2012CSRwire & Verizon Webinar_June 26, 2012
CSRwire & Verizon Webinar_June 26, 2012
CSRwire
 
MREC_Massoud Amin-02-20-15_expanded_final
MREC_Massoud Amin-02-20-15_expanded_finalMREC_Massoud Amin-02-20-15_expanded_final
MREC_Massoud Amin-02-20-15_expanded_final
Massoud Amin
 
TSF | Solar on Schools Presentation
TSF | Solar on Schools PresentationTSF | Solar on Schools Presentation
TSF | Solar on Schools Presentation
The Solar Foundation
 
US DEPARTMENT OF ENERGY_POWERPOINT (1).pdf
US DEPARTMENT OF ENERGY_POWERPOINT (1).pdfUS DEPARTMENT OF ENERGY_POWERPOINT (1).pdf
US DEPARTMENT OF ENERGY_POWERPOINT (1).pdf
JesseHill22
 

Contenu connexe

En vedette

Multi-Cloud, Multi-Network Cyber Awareness, Monitoring and Management by Fran...
Multi-Cloud, Multi-Network Cyber Awareness, Monitoring and Management by Fran...Multi-Cloud, Multi-Network Cyber Awareness, Monitoring and Management by Fran...
Multi-Cloud, Multi-Network Cyber Awareness, Monitoring and Management by Fran...
TheAnfieldGroup
 
Regulators’ Role in Smart Grid Security: What They Want to Know by Alan Rival...
Regulators’ Role in Smart Grid Security: What They Want to Know by Alan Rival...Regulators’ Role in Smart Grid Security: What They Want to Know by Alan Rival...
Regulators’ Role in Smart Grid Security: What They Want to Know by Alan Rival...
TheAnfieldGroup
 

En vedette (6)

Collaborative Threat Mitigation or (Collective Self Defense) by Scott Pinkert...
Collaborative Threat Mitigation or (Collective Self Defense) by Scott Pinkert...Collaborative Threat Mitigation or (Collective Self Defense) by Scott Pinkert...
Collaborative Threat Mitigation or (Collective Self Defense) by Scott Pinkert...
 
Multi-Cloud, Multi-Network Cyber Awareness, Monitoring and Management by Fran...
Multi-Cloud, Multi-Network Cyber Awareness, Monitoring and Management by Fran...Multi-Cloud, Multi-Network Cyber Awareness, Monitoring and Management by Fran...
Multi-Cloud, Multi-Network Cyber Awareness, Monitoring and Management by Fran...
 
Presentation1
Presentation1Presentation1
Presentation1
 
Regulators’ Role in Smart Grid Security: What They Want to Know by Alan Rival...
Regulators’ Role in Smart Grid Security: What They Want to Know by Alan Rival...Regulators’ Role in Smart Grid Security: What They Want to Know by Alan Rival...
Regulators’ Role in Smart Grid Security: What They Want to Know by Alan Rival...
 
EnergySec & NESCO Overview
EnergySec & NESCO OverviewEnergySec & NESCO Overview
EnergySec & NESCO Overview
 
Synchrophasor Timing Security
Synchrophasor Timing SecuritySynchrophasor Timing Security
Synchrophasor Timing Security
 

Similaire à EnergySec & National Electric Cyber Security Organization (NESCO) Overview by Patrick Miller, EnergySec

NESCO: A Closer Look
NESCO: A Closer LookNESCO: A Closer Look
NESCO: A Closer Look
EnergySec
 
Next Generation Information Sharing For The Electric Sector
Next Generation Information Sharing For The Electric SectorNext Generation Information Sharing For The Electric Sector
Next Generation Information Sharing For The Electric Sector
EnergySec
 
Emerson Ovation User Group BOD Meeting
Emerson Ovation User Group BOD MeetingEmerson Ovation User Group BOD Meeting
Emerson Ovation User Group BOD Meeting
EnergySec
 
EISS Cybersecurity Briefing
EISS Cybersecurity BriefingEISS Cybersecurity Briefing
EISS Cybersecurity Briefing
EnergySec
 
Interoperability, Standards and Cybersecurity: A Business Perspective
Interoperability, Standards and Cybersecurity: A Business PerspectiveInteroperability, Standards and Cybersecurity: A Business Perspective
Interoperability, Standards and Cybersecurity: A Business Perspective
EnergySec
 
Building A Stronger And Smarter Electrical Energy Infrastructure IEEE-USA
Building A Stronger And Smarter Electrical Energy Infrastructure IEEE-USABuilding A Stronger And Smarter Electrical Energy Infrastructure IEEE-USA
Building A Stronger And Smarter Electrical Energy Infrastructure IEEE-USA
John Ragan
 
CSRwire & Verizon Webinar_June 26, 2012
CSRwire & Verizon Webinar_June 26, 2012CSRwire & Verizon Webinar_June 26, 2012
CSRwire & Verizon Webinar_June 26, 2012
CSRwire
 
MREC_Massoud Amin-02-20-15_expanded_final
MREC_Massoud Amin-02-20-15_expanded_finalMREC_Massoud Amin-02-20-15_expanded_final
MREC_Massoud Amin-02-20-15_expanded_final
Massoud Amin
 
Beceiro clean energy overview
Beceiro clean energy overviewBeceiro clean energy overview
Beceiro clean energy overview
John Thornton
 

Similaire à EnergySec & National Electric Cyber Security Organization (NESCO) Overview by Patrick Miller, EnergySec (20)

NESCO: A Closer Look
NESCO: A Closer LookNESCO: A Closer Look
NESCO: A Closer Look
 
Next Generation Information Sharing for the Electric Sector
Next Generation Information Sharing for the Electric SectorNext Generation Information Sharing for the Electric Sector
Next Generation Information Sharing for the Electric Sector
 
Next Generation Information Sharing For The Electric Sector
Next Generation Information Sharing For The Electric SectorNext Generation Information Sharing For The Electric Sector
Next Generation Information Sharing For The Electric Sector
 
The Expanding Web of Cybersecurity Requirements
The Expanding Web of Cybersecurity RequirementsThe Expanding Web of Cybersecurity Requirements
The Expanding Web of Cybersecurity Requirements
 
Emerson Ovation User Group BOD Meeting
Emerson Ovation User Group BOD MeetingEmerson Ovation User Group BOD Meeting
Emerson Ovation User Group BOD Meeting
 
NESCO Overview: Emerson Ovation User Group BOD Meeting
NESCO Overview: Emerson Ovation User Group BOD MeetingNESCO Overview: Emerson Ovation User Group BOD Meeting
NESCO Overview: Emerson Ovation User Group BOD Meeting
 
Hype, Hope and Happenstance: Cyber Threats and Opportunities in an Age of Aut...
Hype, Hope and Happenstance: Cyber Threats and Opportunities in an Age of Aut...Hype, Hope and Happenstance: Cyber Threats and Opportunities in an Age of Aut...
Hype, Hope and Happenstance: Cyber Threats and Opportunities in an Age of Aut...
 
EISS Cybersecurity Briefing
EISS Cybersecurity BriefingEISS Cybersecurity Briefing
EISS Cybersecurity Briefing
 
EnergySec and the NESCO overview
EnergySec and the NESCO overviewEnergySec and the NESCO overview
EnergySec and the NESCO overview
 
Interoperability, Standards and Cybersecurity: A Business Perspective
Interoperability, Standards and Cybersecurity: A Business PerspectiveInteroperability, Standards and Cybersecurity: A Business Perspective
Interoperability, Standards and Cybersecurity: A Business Perspective
 
Building A Stronger And Smarter Electrical Energy Infrastructure IEEE-USA
Building A Stronger And Smarter Electrical Energy Infrastructure IEEE-USABuilding A Stronger And Smarter Electrical Energy Infrastructure IEEE-USA
Building A Stronger And Smarter Electrical Energy Infrastructure IEEE-USA
 
Capstone Paper
Capstone PaperCapstone Paper
Capstone Paper
 
CSRwire & Verizon Webinar_June 26, 2012
CSRwire & Verizon Webinar_June 26, 2012CSRwire & Verizon Webinar_June 26, 2012
CSRwire & Verizon Webinar_June 26, 2012
 
MREC_Massoud Amin-02-20-15_expanded_final
MREC_Massoud Amin-02-20-15_expanded_finalMREC_Massoud Amin-02-20-15_expanded_final
MREC_Massoud Amin-02-20-15_expanded_final
 
TSF | Solar on Schools Presentation
TSF | Solar on Schools PresentationTSF | Solar on Schools Presentation
TSF | Solar on Schools Presentation
 
US DEPARTMENT OF ENERGY_POWERPOINT (1).pdf
US DEPARTMENT OF ENERGY_POWERPOINT (1).pdfUS DEPARTMENT OF ENERGY_POWERPOINT (1).pdf
US DEPARTMENT OF ENERGY_POWERPOINT (1).pdf
 
EnergyTech2015 Program Guide
EnergyTech2015 Program GuideEnergyTech2015 Program Guide
EnergyTech2015 Program Guide
 
Beceiro clean energy overview
Beceiro clean energy overviewBeceiro clean energy overview
Beceiro clean energy overview
 
Clean Energy Overview - Pecan Street Project_Beceiro
Clean Energy Overview - Pecan Street Project_BeceiroClean Energy Overview - Pecan Street Project_Beceiro
Clean Energy Overview - Pecan Street Project_Beceiro
 
Prof E Hewitt
Prof E HewittProf E Hewitt
Prof E Hewitt
 

Dernier

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
UiPathCommunity
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Angeliki Cooney
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Victor Rentea
 

Dernier (20)

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontology
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital Adaptability
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 

EnergySec & National Electric Cyber Security Organization (NESCO) Overview by Patrick Miller, EnergySec

  • 1. EnergySec & National Electric Cyber Security Organization (NESCO) Overview 2012 Technologies for Security and Compliance Summit The Anfield Group August 1-2 2012 Barton Creek Resort – Austin, TX
  • 2. New, New Security Model  Nation State quality adversaries  Fear the auditor more than attacker  Regulatory avalanche forecast  Constant compromise  Ecosystem of organizations  Information sharing is holy grail 2 7/31/201 3 The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec with funding assistance from the U.S. Department of Energy
  • 3. Info-Share to the Rescue!  What does Information Sharing really mean? – Taking vs. Sharing – Secrecy for secrecy’s sake – Government doesn’t share well (yet)  Very useful approach, but not a panacea  Comes with trade-offs… 3 7/31/201 3 The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec with funding assistance from the U.S. Department of Energy
  • 4. Information Sharing Reality Some Pros…  What works, what doesn’t  Benchmarking  Situational awareness  Tactical threat and vulnerability analysis  Community-sourcing  Regulatory compliance  Mentoring 4 7/31/201 3 The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec with funding assistance from the U.S. Department of Energy Some Cons…  Classification and handling, both Gov and Corporations  Lawyers, agreements and contracts  Consumers will always outnumber sharers  Trust; n parties  Doesn’t scale well
  • 5. Who is EnergySec?  Unique, non-profit, independent, public- private information sharing organization  Borne from Energy Sector  Bottom-up vs. top-down  TRUSTED – By the industry, for the industry – Non-profit 501(c)(3) – Independent, private – 10+ years of information sharing experience 5 7/31/201 3 The National Electric Sector Cybersecurity Organization is partially funded by the US Department of Energy
  • 6. EnergySec Background  10.2001: Precursor to E-Sec NW formed  7.2004: E-Sec NW formalized and “founded” – Asset owner/operator ONLY; all volunteer  1.2008: SANS Information Sharing Award  12.2008: Incorporated E-Sec NW as EnergySec  10.2009: 501(c)(3) nonprofit determination  4.2010: EnergySec applied for NESCO DOE FOA  7.2010: EnergySec awarded NESCO FOA  10.2010: NESCO became operational 6 7/31/201 3 The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec with funding assistance from the U.S. Department of Energy.
  • 7. What EnergySec Is NOT…  Not a lobbyist  Not a vendor  Not a consultant  Not government agency  Not a regulator 7 7/31/201 3 The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec with funding assistance from the U.S. Department of Energy
  • 8. EnergySec Staff  Extensive applied sector experience – Many years employment at asset owners – Operations, security, audit, Sr mgmt, OT, IT – Regional Entity leadership – Independent consulting; big firms and boutiques – Built several successful companies – EnergySec founders, Info-sharing pioneers – Certified, trusted, highly connected, dedicated 8 7/31/201 3 The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec with funding assistance from the U.S. Department of Energy.
  • 9. EnergySec Programs  NESCO: Information Sharing & Best Practices  Advisory Service  EnergySec University – Education/Workforce Development  LIGHTS: Security in a box (turnkey) – Independent board – Partnership with ICS-ISAC 9 7/31/201 3 The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec with funding assistance from the U.S. Department of Energy
  • 10. EnergySec Nonprofit Umbrella EnergySec NESCO Advisory University Other… 10 7/31/201 3 The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec with funding assistance from the U.S. Department of Energy
  • 11. EnergySec Advisory  Customized agenda; facilitated discussion  Examine current and horizon energy sector specific cyber security legislation  Explore methods to meet compliance obligations and enhance security posture  Present threat, vulnerability and impact landscape to executives and staff  Highest concentration of advisors with unique and hard-to-find combination of experience 11 7/31/201 3 The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec with funding assistance from the U.S. Department of Energy
  • 12. EnergySec University  Professional/workforce development path – Internal expertise as instructors – Open faculty roster from best and brightest – Courses in all IT/OT security-related disciplines  Internship matchmaking – coming soon  Working closely with National Board of Information Security Examiners (NBISE) 12 7/31/201 3 The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec with funding assistance from the U.S. Department of Energy
  • 13. What Is NESCO?  R. 3183 “...the Secretary shall establish an independent national energy sector cyber security organization...” – Department Of Energy issued FOA on March 31, 2010  Purpose is to “establish a National Electric Sector Cyber Security Organization that has the knowledge, capabilities, and experience to protect the electric grid and enhance integration of smart grid technologies that are adequately protected against cyber attacks.”  “This organization will serve as a focal point to bring together domestic and international experts, developers, and users who will assess and test the security of novel technology, architectures, and applications.” 13 7/31/201 3 The National Electric Sector Cybersecurity Organization is partially funded by the US Department of Energy
  • 14. NESCO Objectives  Organize, lead and implement a public-private partnership  Focus cybersecurity research and development priorities  Identify and disseminate security best practices  Organize the collection, analysis and dissemination of infrastructure vulnerabilities and threats  Work cooperatively with the DOE and other Federal Agencies  Enhance cybersecurity of the bulk power grid and electric infrastructure 14 7/31/201 3 The National Electric Sector Cybersecurity Organization is partially funded by the US Department of Energy
  • 15. Who Is NESCO? 15 7/31/201 3 The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec with funding assistance from the U.S. Department of Energy. • Public • Private • Non-Reg • Regulatory • Fed, State… • Product • Service • IOU • Muni • Coop Asset Owners Vendor Academia/Research Govt
  • 16. Connect & Support 16 7/31/201 3 The National Electric Sector Cybersecurity Organization is partially funded by the US Department of Energy Utility Asset Owners
  • 17. Membership Growth 17 7/31/201 3 The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec with funding assistance from the U.S. Department of Energy
  • 18. Member Demographics 18 7/31/201 3 The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec with funding assistance from the U.S. Department of Energy Academic 5% Asset Owner 49% Govt/Regulatory 11% Vendor/Other 35% Membership by Organization Academic 2% Asset Owner 64% Govt/Regulatory 12% Vendor/Other 22% Membership by Individual 363 unique organizations1,050 Individual members Predominately Asset Owner Driven Membership Base
  • 19. Membership Overview  NESCO Members of Sept 30 2011 (1 year) – 788 NESCO members – 278 unique organizations  NESCO Members as of July 12 2012: – 1050 individuals – 363 unique organizations Note: This represents a nearly 50% annual growth rate 19 7/31/201 3 The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec with funding assistance from the U.S. Department of Energy
  • 20. Social Media Outreach  NESCO mailing list: 3536  NESCO Twitter followers: 2635  NESCO LinkedIn group members: 535 20 7/31/201 3 The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec with funding assistance from the U.S. Department of Energy
  • 21. Direct Outreach  3 Town Hall meetings  19 Voice of the Industry (VOI) meetings  82 TAC notices; 149 follow up threads  71 presentations/panels  94 event participation  37 blog mentions  43 interviews and article citations 21 7/31/201 3 The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec with funding assistance from the U.S. Department of Energy
  • 22. Engage, Equip & Empower 22 7/31/201 3 The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec with funding assistance from the U.S. Department of Energy  Sharing requires trust  Trust is built on relationships  Our approach… – Bringing people together – Flexible technology options and solutions to extend and enhance relationships – Organic growth; birds of a feather
  • 23. NESCO Is Technology  Secure collaboration portal – Wiki – Working groups – Discussion forums – Email distribution lists  Rapid Notification System  Social Media – LinkedIn, Twitter, Facebook 23 7/31/201 3 The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec with funding assistance from the U.S. Department of Energy.
  • 24. NESCO Tools 24 7/31/201 3 The National Electric Sector Cybersecurity Organization is partially funded by the US Department of Energy  Email distribution lists  Secure collaboration wiki  Secure instant messaging  Rapid notification mechanisms  Resource repository  Most technologies have non- attribution (anonymous) options
  • 25. NESCO Resource Repository 25 7/31/201 3 The National Electric Sector Cybersecurity Organization is partially funded by the US Department of Energy  Best/common practices  Policy, process, procedure  Compliance approaches  Document Templates  Code snippets, scripts  System configurations  Links to useful security sites  And more…
  • 26. NESCO Tactical Analysis Center  Supports ES-ISAC and ICS-CERT  Open & private source intelligence  Asset owner volunteer handler SMEs with virtual “dashboards”  Rapid, community-sourced analysis  Secure communications  Rapid notification system  Daily diaries, trending  Quarterly & annual reports 26 7/31/201 3 The National Electric Sector Cybersecurity Organization is partially funded by the US Department of Energy
  • 27. ES-ISAC, ICS-CERT and TAC  An analogy… triage and long term care  Basic differences of the TAC – Operated by an independent non-profit org – Not associated with a federal regulatory agency • DOE partner is non-regulatory • Funding expires in 2014, only “seed” money provided • Funding model involves cost-share, so industry bears cost throughout entire effort – Electric sector specific – Provides feeds, when requested to NERC & DHS & … 27 7/31/201 3 The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec with funding assistance from the U.S. Department of Energy
  • 28. ES-ISAC, ICS-CERT and TAC  Basic differences of the TAC – Covers all entities, not just Registered Entities under the NERC Functional Model • Not just Bulk Electric w/ CA and CCA • Includes smart grid, distribution, QF generation – NESCO staff work alongside industry handlers – RNS has direct access to security staff – Volunteer reporting structure, not mandatory – Private position offers unique vendor relationships – Anonymized pass through for bi-directional sharing 28 7/31/201 3 The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec with funding assistance from the U.S. Department of Energy
  • 29. NESCO Products  Whitepapers – DNS Exfiltration – Security Logging Best Practices and Capability Maturity Models – Public Key Infrastructure, Automated Metering Infrastructure and Industrial Control Systems – DOE Electric Sector Cybersecurity Capability Maturity Model (ES-C2M2) – coming soon! – What else would you like to see? 29 7/31/201 3 The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec with funding assistance from the U.S. Department of Energy.
  • 30. NESCO Products  Rapid Notification System – Night Dragon webcast – Duqu webcast – Multiple TAC notices 30 7/31/201 3 The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec with funding assistance from the U.S. Department of Energy
  • 31. NESCO Success Stories 31 7/31/201 3 The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec with funding assistance from the U.S. Department of Energy. …is fantastic that [DOE produces] a document that deals with a subject so technical and that it makes available to the public. http://goo.gl/0xiWp
  • 32. NESCO Success Stories  Spearphishing notices from asset owner shared with DHS for action – Result: DHS ICS-CERT advisory issued  Accounts from service contractor posted to Internet reviewed for asset owner data – Result: Direct contact warning to specific parties 32 7/31/201 3 The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec with funding assistance from the U.S. Department of Energy.
  • 33. NESCO Success Stories  Exposed control systems posted on Internet matched to asset owners – Result: Direct contact warning to specific parties  EnergySec spearphishing attempt – Result: Cross-organization comparison with general industry advisory; IOCs published 33 7/31/201 3 The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec with funding assistance from the U.S. Department of Energy
  • 34. NESCO Success Stories  Industry and [some] Regional Entities seeking to modify process for Technical Feasibility Exceptions to maximize security benefit – Result: NESCO provided independent and impartial discussion forum, webinar and industry feedback loop for proposed change to process 34 7/31/201 3 The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec with funding assistance from the U.S. Department of Energy
  • 35. NESCO Success Stories 35 7/31/201 3 The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec with funding assistance from the U.S. Department of Energy
  • 36. NESCO Funding Model  Department of Energy FOA  Cooperative agreement  Cost-share is ~40%, ramps over life of 3.5 year “seed” window  At end of seed window, NESCO is fully funded by industry  Supported by underwriters and TAC subscriptions 36 7/31/201 3 The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec with funding assistance from the U.S. Department of Energy
  • 37. NESCO Summary  Focused on building trust through relationships to further security collaboration and sharing  Flexible technology facilitates and catalyzes information/resource sharing efforts  Supports existing successful programs  Security voice of the electric sector 37 7/31/201 3 The National Electric Sector Cybersecurity Organization is partially funded by the US Department of Energy
  • 38. Get Connected  EnergySec Summit: September 25-28 – NESCO Town Hall – CISO Forum – Policy and Technical Tracks  EnergySec University Courses – NERC CIP Training: Las Vegas 10/25 – NERC CIP Training: Sacramento 12/4 – Cybersecurity for Operations: Nashville 11/7  NESCO Voice of the Industry (VOI) Meetings 38 7/31/201 3 The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec with funding assistance from the U.S. Department of Energy
  • 39. Get Connected  www.energysec.org  www.energysec.org/join  www.energysec.org/tac-subscription- service  TAC@energysec.org  New NESCO website soon! 39 7/31/201 3 The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec with funding assistance from the U.S. Department of Energy
  • 40. Questions? 40 7/31/201 3 The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec with funding assistance from the U.S. Department of Energy Patrick C Miller Principal Investigator, National Electric Sector Cybersecurity Organization President & CEO, EnergySec patrick.miller@energysec.org 503.446.1212 (desk) @patrickcmiller (twitter) www.energysec.org