SlideShare une entreprise Scribd logo

EnergySec & NESCO Overview

Télécharger en tant que PPTX, PDF
EnergySec
EnergySec

At the 2012 Technologies for Security and Compliance Summit, Patrick Miller provides an overview of various industry specific related cybersecurity topics focusing on information sharing.

TechnologieBusiness
1  sur  40
EnergySec & National Electric Cyber Security Organization (NESCO) Overview 2012 Technologies for Security and Compliance Summit The Anfield Group August 1-2 2012 Barton Creek Resort – Austin, TX
New, New Security Model  Nation State quality adversaries  Fear the auditor more than attacker  Regulatory avalanche forecast  Constant compromise  Ecosystem of organizations  Information sharing is holy grail The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec 9/1/2012 with funding assistance from the U.S. Department of Energy 2
Info-Share to the Rescue!  What does Information Sharing really mean? – Taking vs. Sharing – Secrecy for secrecy’s sake – Government doesn’t share well (yet)  Very useful approach, but not a panacea  Comes with trade-offs… The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec 9/1/2012 with funding assistance from the U.S. Department of Energy 3
Information Sharing Reality Some Pros… Some Cons…  What works, what  Classification and doesn’t handling, both Gov  Benchmarking and Corporations  Situational  Lawyers, awareness agreements and  Tactical threat and contracts vulnerability analysis  Community-sourcing  Consumers will always outnumber  Regulatory sharers compliance  Mentoring  Trust; n parties 9/1/2012  Doesn’t scale well The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec with funding assistance from the U.S. Department of Energy 4
Who is EnergySec?  Unique, non-profit, independent, public- private information sharing organization  Borne from Energy Sector  Bottom-up vs. top-down  TRUSTED – By the industry, for the industry – Non-profit 501(c)(3) – Independent, private – 10+ years of information sharing experience 9/1/2012 The National Electric Sector Cybersecurity Organization is partially funded by the US Department of Energy 5
EnergySec Background  10.2001: Precursor to E-Sec NW formed  7.2004: E-Sec NW formalized and “founded” – Asset owner/operator ONLY; all volunteer  1.2008: SANS Information Sharing Award  12.2008: Incorporated E-Sec NW as EnergySec  10.2009: 501(c)(3) nonprofit determination  4.2010: EnergySec applied for NESCO DOE FOA  7.2010: EnergySec awarded NESCO FOA  10.2010: NESCO became operational The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec 9/1/2012 with funding assistance from the U.S. Department of Energy. 6
What EnergySec Is NOT…  Not a lobbyist  Not a vendor  Not a consultant  Not government agency  Not a regulator The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec 9/1/2012 with funding assistance from the U.S. Department of Energy 7
EnergySec Staff  Extensive applied sector experience – Many years employment at asset owners – Operations, security, audit, Sr mgmt, OT, IT – Regional Entity leadership – Independent consulting; big firms and boutiques – Built several successful companies – EnergySec founders, Info-sharing pioneers – Certified, trusted, highly connected, dedicated The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec 9/1/2012 with funding assistance from the U.S. Department of Energy. 8
EnergySec Programs  NESCO: Information Sharing & Best Practices  Advisory Service  EnergySec University – Education/Workforce Development  LIGHTS: Security in a box (turnkey) – Independent board – Partnership with ICS-ISAC The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec 9/1/2012 with funding assistance from the U.S. Department of Energy 9
EnergySec Nonprofit Umbrella EnergySec NESCO Advisory University Other… The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec 9/1/2012 with funding assistance from the U.S. Department of Energy 10
EnergySec Advisory  Customized agenda; facilitated discussion  Examine current and horizon energy sector specific cyber security legislation  Explore methods to meet compliance obligations and enhance security posture  Present threat, vulnerability and impact landscape to executives and staff  Highest concentration of advisors with unique and hard-to-find combination of experience The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec 9/1/2012 with funding assistance from the U.S. Department of Energy 11
EnergySec University  Professional/workforce development path – Internal expertise as instructors – Open faculty roster from best and brightest – Courses in all IT/OT security-related disciplines  Internship matchmaking – coming soon  Working closely with National Board of Information Security Examiners (NBISE) The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec 9/1/2012 with funding assistance from the U.S. Department of Energy 12
What Is NESCO?  R. 3183 “...the Secretary shall establish an independent national energy sector cyber security organization...” – Department Of Energy issued FOA on March 31, 2010  Purpose is to “establish a National Electric Sector Cyber Security Organization that has the knowledge, capabilities, and experience to protect the electric grid and enhance integration of smart grid technologies that are adequately protected against cyber attacks.”  “This organization will serve as a focal point to bring together domestic and international experts, developers, and users who will assess and test the security of novel technology, architectures, and applications.” 9/1/2012 The National Electric Sector Cybersecurity Organization is partially funded by the US Department of Energy 13
NESCO Objectives  Organize, lead and implement a public-private partnership  Focus cybersecurity research and development priorities  Identify and disseminate security best practices  Organize the collection, analysis and dissemination of infrastructure vulnerabilities and threats  Work cooperatively with the DOE and other Federal Agencies  Enhance cybersecurity of the bulk power grid and electric infrastructure 9/1/2012 The National Electric Sector Cybersecurity Organization is partially funded by the US Department of Energy 14
Who Is NESCO? • IOU • Product • Muni • Service • Coop Asset Owners Vendor Govt Academia/Research • Non-Reg • Public • Regulatory • Private • Fed, State… The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec 9/1/2012 with funding assistance from the U.S. Department of Energy. 15
Connect & Support Utility Asset Owners 9/1/2012 The National Electric Sector Cybersecurity Organization is partially funded by the US Department of Energy 16
Membership Growth The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec 9/1/2012 with funding assistance from the U.S. Department of Energy 17
Member Demographics Membership by Individual Membership by Organization Academic Academic 2% 5% Vendor/Other 22% Vendor/Other 35% Govt/Regulatory 12% Asset Owner Asset Owner 49% 64% Govt/Regulatory 11% 1,050 Individual members 363 unique organizations Predominately Asset Owner Driven Membership Base The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec 9/1/2012 with funding assistance from the U.S. Department of Energy 18
Membership Overview  NESCO Members of Sept 30 2011 (1 year) – 788 NESCO members – 278 unique organizations  NESCO Members as of July 12 2012: – 1050 individuals – 363 unique organizations Note: This represents a nearly 50% annual growth rate The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec 9/1/2012 with funding assistance from the U.S. Department of Energy 19
Social Media Outreach  NESCO mailing list: 3536  NESCO Twitter followers: 2635  NESCO LinkedIn group members: 535 The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec 9/1/2012 with funding assistance from the U.S. Department of Energy 20
Direct Outreach  3 Town Hall meetings  19 Voice of the Industry (VOI) meetings  82 TAC notices; 149 follow up threads  71 presentations/panels  94 event participation  37 blog mentions  43 interviews and article citations The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec 9/1/2012 with funding assistance from the U.S. Department of Energy 21
Engage, Equip & Empower  Sharing requires trust  Trust is built on relationships  Our approach… – Bringing people together – Flexible technology options and solutions to extend and enhance relationships – Organic growth; birds of a feather The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec 9/1/2012 with funding assistance from the U.S. Department of Energy 22
NESCO Is Technology  Secure collaboration portal – Wiki – Working groups – Discussion forums – Email distribution lists  Rapid Notification System  Social Media – LinkedIn, Twitter, Facebook The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec 9/1/2012 with funding assistance from the U.S. Department of Energy. 23
NESCO Tools  Email distribution lists  Secure collaboration wiki  Secure instant messaging  Rapid notification mechanisms  Resource repository  Most technologies have non- attribution (anonymous) options 9/1/2012 The National Electric Sector Cybersecurity Organization is partially funded by the US Department of Energy 24
NESCO Resource Repository  Best/common practices  Policy, process, procedure  Compliance approaches  Document Templates  Code snippets, scripts  System configurations  Links to useful security sites  And more… 9/1/2012 The National Electric Sector Cybersecurity Organization is partially funded by the US Department of Energy 25
NESCO Tactical Analysis Center  Supports ES-ISAC and ICS-CERT  Open & private source intelligence  Asset owner volunteer handler SMEs with virtual “dashboards”  Rapid, community-sourced analysis  Secure communications  Rapid notification system  Daily diaries, trending  Quarterly & annual reports 9/1/2012 The National Electric Sector Cybersecurity Organization is partially funded by the US Department of Energy 26
ES-ISAC, ICS-CERT and TAC  An analogy… triage and long term care  Basic differences of the TAC – Operated by an independent non-profit org – Not associated with a federal regulatory agency • DOE partner is non-regulatory • Funding expires in 2014, only “seed” money provided • Funding model involves cost-share, so industry bears cost throughout entire effort – Electric sector specific – Provides feeds, when requested to NERC & DHS &… The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec 9/1/2012 with funding assistance from the U.S. Department of Energy 27
ES-ISAC, ICS-CERT and TAC  Basic differences of the TAC – Covers all entities, not just Registered Entities under the NERC Functional Model • Not just Bulk Electric w/ CA and CCA • Includes smart grid, distribution, QF generation – NESCO staff work alongside industry handlers – RNS has direct access to security staff – Volunteer reporting structure, not mandatory – Private position offers unique vendor relationships – Anonymized pass through for bi-directional sharing The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec 9/1/2012 with funding assistance from the U.S. Department of Energy 28
NESCO Products  Whitepapers – DNS Exfiltration – Security Logging Best Practices and Capability Maturity Models – Public Key Infrastructure, Automated Metering Infrastructure and Industrial Control Systems – DOE Electric Sector Cybersecurity Capability Maturity Model (ES-C2M2) – coming soon! – What else would you like to see? The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec 9/1/2012 with funding assistance from the U.S. Department of Energy. 29
NESCO Products  Rapid Notification System – Night Dragon webcast – Duqu webcast – Multiple TAC notices The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec 9/1/2012 with funding assistance from the U.S. Department of Energy 30
NESCO Success Stories …is fantastic that [DOE produces] a document that deals with a subject so technical and that it makes available to the public. http://goo.gl/0xiWp The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec 9/1/2012 with funding assistance from the U.S. Department of Energy. 31
NESCO Success Stories  Spearphishing notices from asset owner shared with DHS for action – Result: DHS ICS-CERT advisory issued  Accounts from service contractor posted to Internet reviewed for asset owner data – Result: Direct contact warning to specific parties The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec 9/1/2012 with funding assistance from the U.S. Department of Energy. 32
NESCO Success Stories  Exposed control systems posted on Internet matched to asset owners – Result: Direct contact warning to specific parties  EnergySec spearphishing attempt – Result: Cross-organization comparison with general industry advisory; IOCs published The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec 9/1/2012 with funding assistance from the U.S. Department of Energy 33
NESCO Success Stories  Industry and [some] Regional Entities seeking to modify process for Technical Feasibility Exceptions to maximize security benefit – Result: NESCO provided independent and impartial discussion forum, webinar and industry feedback loop for proposed change to process The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec 9/1/2012 with funding assistance from the U.S. Department of Energy 34
NESCO Success Stories The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec 9/1/2012 with funding assistance from the U.S. Department of Energy 35
NESCO Funding Model  Department of Energy FOA  Cooperative agreement  Cost-share is ~40%, ramps over life of 3.5 year “seed” window  At end of seed window, NESCO is fully funded by industry  Supported by underwriters and TAC subscriptions The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec 9/1/2012 with funding assistance from the U.S. Department of Energy 36
NESCO Summary  Focused on building trust through relationships to further security collaboration and sharing  Flexible technology facilitates and catalyzes information/resource sharing efforts  Supports existing successful programs  Security voice of the electric sector 9/1/2012 The National Electric Sector Cybersecurity Organization is partially funded by the US Department of Energy 37
Get Connected  EnergySec Summit: September 25-28 – NESCO Town Hall – CISO Forum – Policy and Technical Tracks  EnergySec University Courses – NERC CIP Training: Las Vegas 10/25 – NERC CIP Training: Sacramento 12/4 – Cybersecurity for Operations: Nashville 11/7  NESCO Voice of the Industry (VOI) Meetings The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec 9/1/2012 with funding assistance from the U.S. Department of Energy 38
Get Connected  www.energysec.org  www.energysec.org/join  www.energysec.org/tac-subscription- service  TAC@energysec.org  New NESCO website soon! The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec 9/1/2012 with funding assistance from the U.S. Department of Energy 39
Questions? Patrick C Miller Principal Investigator, National Electric Sector Cybersecurity Organization President & CEO, EnergySec patrick.miller@energysec.org 503.446.1212 (desk) @patrickcmiller (twitter) www.energysec.org The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec 9/1/2012 with funding assistance from the U.S. Department of Energy 40

Recommandé

Next Generation Information Sharing For The Electric Sector
Next Generation Information Sharing For The Electric SectorNext Generation Information Sharing For The Electric Sector
Next Generation Information Sharing For The Electric SectorEnergySec
 
Hype, Hope and Happenstance: Cyber Threats and Opportunities in an Age of Aut...
Hype, Hope and Happenstance: Cyber Threats and Opportunities in an Age of Aut...Hype, Hope and Happenstance: Cyber Threats and Opportunities in an Age of Aut...
Hype, Hope and Happenstance: Cyber Threats and Opportunities in an Age of Aut...EnergySec
 
EnergySec and the NESCO overview
EnergySec and the NESCO overviewEnergySec and the NESCO overview
EnergySec and the NESCO overviewEnergySec
 
Security From the Ground Up
Security From the Ground UpSecurity From the Ground Up
Security From the Ground UpEnergySec
 
Security From the Ground Up
Security From the Ground UpSecurity From the Ground Up
Security From the Ground UpEnergySec
 
Dan Vilenski Israel Nanotechnology Initiative
Dan Vilenski Israel Nanotechnology InitiativeDan Vilenski Israel Nanotechnology Initiative
Dan Vilenski Israel Nanotechnology InitiativeDmitry Tseitlin
 
San~o y salvo
San~o y salvoSan~o y salvo
San~o y salvomartindudziak
 
The Expanding Web of Cybersecurity Requirements
The Expanding Web of Cybersecurity RequirementsThe Expanding Web of Cybersecurity Requirements
The Expanding Web of Cybersecurity RequirementsEnergySec
 

Recommandé

Next Generation Information Sharing For The Electric Sector
Next Generation Information Sharing For The Electric SectorNext Generation Information Sharing For The Electric Sector
Next Generation Information Sharing For The Electric SectorEnergySec
 
Hype, Hope and Happenstance: Cyber Threats and Opportunities in an Age of Aut...
Hype, Hope and Happenstance: Cyber Threats and Opportunities in an Age of Aut...Hype, Hope and Happenstance: Cyber Threats and Opportunities in an Age of Aut...
Hype, Hope and Happenstance: Cyber Threats and Opportunities in an Age of Aut...EnergySec
 
EnergySec and the NESCO overview
EnergySec and the NESCO overviewEnergySec and the NESCO overview
EnergySec and the NESCO overviewEnergySec
 
Security From the Ground Up
Security From the Ground UpSecurity From the Ground Up
Security From the Ground UpEnergySec
 
Security From the Ground Up
Security From the Ground UpSecurity From the Ground Up
Security From the Ground UpEnergySec
 
Dan Vilenski Israel Nanotechnology Initiative
Dan Vilenski Israel Nanotechnology InitiativeDan Vilenski Israel Nanotechnology Initiative
Dan Vilenski Israel Nanotechnology InitiativeDmitry Tseitlin
 
San~o y salvo
San~o y salvoSan~o y salvo
San~o y salvomartindudziak
 
The Expanding Web of Cybersecurity Requirements
The Expanding Web of Cybersecurity RequirementsThe Expanding Web of Cybersecurity Requirements
The Expanding Web of Cybersecurity RequirementsEnergySec
 
NESCO Year 2 Overview
NESCO Year 2 OverviewNESCO Year 2 Overview
NESCO Year 2 OverviewEnergySec
 
Next Generation Information Sharing for the Electric Sector
Next Generation Information Sharing for the Electric SectorNext Generation Information Sharing for the Electric Sector
Next Generation Information Sharing for the Electric SectorEnergySec
 
EnergySec & National Electric Cyber Security Organization (NESCO) Overview by...
EnergySec & National Electric Cyber Security Organization (NESCO) Overview by...EnergySec & National Electric Cyber Security Organization (NESCO) Overview by...
EnergySec & National Electric Cyber Security Organization (NESCO) Overview by...TheAnfieldGroup
 
NESCO: A Closer Look
NESCO: A Closer LookNESCO: A Closer Look
NESCO: A Closer LookEnergySec
 
Bridging the Gap: Between Operations and IT
Bridging the Gap: Between Operations and ITBridging the Gap: Between Operations and IT
Bridging the Gap: Between Operations and ITEnergySec
 
EISS Cybersecurity Briefing
EISS Cybersecurity BriefingEISS Cybersecurity Briefing
EISS Cybersecurity BriefingEnergySec
 
TAC Subscription Webinar
TAC Subscription WebinarTAC Subscription Webinar
TAC Subscription WebinarEnergySec
 
Interoperability, Standards and Cybersecurity: A Business Perspective
Interoperability, Standards and Cybersecurity: A Business PerspectiveInteroperability, Standards and Cybersecurity: A Business Perspective
Interoperability, Standards and Cybersecurity: A Business PerspectiveEnergySec
 
NESCO Overview: Emerson Ovation User Group BOD Meeting
NESCO Overview: Emerson Ovation User Group BOD MeetingNESCO Overview: Emerson Ovation User Group BOD Meeting
NESCO Overview: Emerson Ovation User Group BOD MeetingEnergySec
 
Emerson Ovation User Group BOD Meeting
Emerson Ovation User Group BOD MeetingEmerson Ovation User Group BOD Meeting
Emerson Ovation User Group BOD MeetingEnergySec
 
What's "Smart" Got to Do With It?: A technical overview of Advanced Metering ...
What's "Smart" Got to Do With It?: A technical overview of Advanced Metering ...What's "Smart" Got to Do With It?: A technical overview of Advanced Metering ...
What's "Smart" Got to Do With It?: A technical overview of Advanced Metering ...EnergySec
 
Don't Get Hacked! Cybersecurity Boot Camp
Don't Get Hacked! Cybersecurity Boot CampDon't Get Hacked! Cybersecurity Boot Camp
Don't Get Hacked! Cybersecurity Boot CampEnergySec
 
NESCO/NESCOR Joint Overview
NESCO/NESCOR Joint OverviewNESCO/NESCOR Joint Overview
NESCO/NESCOR Joint OverviewEnergySec
 
One Security Device to Rule Them All
One Security Device to Rule Them AllOne Security Device to Rule Them All
One Security Device to Rule Them AllInnoTech
 
Data Protection for Higher Education
Data Protection for Higher EducationData Protection for Higher Education
Data Protection for Higher EducationKate Carruthers
 
Cases
CasesCases
CasesAlexandra
 
Aniketos trust bus_sept_2012
Aniketos trust bus_sept_2012Aniketos trust bus_sept_2012
Aniketos trust bus_sept_2012Aniketos EU FP7 Project
 
OEB Cyber Security Framework
OEB Cyber Security FrameworkOEB Cyber Security Framework
OEB Cyber Security FrameworkNorbi Hegedus
 
Irene Moetsana-Moeng: Stakeholders in Cybersecurity: Collaborative Defence fo...
Irene Moetsana-Moeng: Stakeholders in Cybersecurity: Collaborative Defence fo...Irene Moetsana-Moeng: Stakeholders in Cybersecurity: Collaborative Defence fo...
Irene Moetsana-Moeng: Stakeholders in Cybersecurity: Collaborative Defence fo...itnewsafrica
 
Emile Monette: How do we Strengthen the Public-Private Partnership to Mitigat...
Emile Monette: How do we Strengthen the Public-Private Partnership to Mitigat...Emile Monette: How do we Strengthen the Public-Private Partnership to Mitigat...
Emile Monette: How do we Strengthen the Public-Private Partnership to Mitigat...Government Technology and Services Coalition
 
Gary Leatherman - A Holistic Approach for Reimagining Cyber Defense
Gary Leatherman - A Holistic Approach for Reimagining Cyber DefenseGary Leatherman - A Holistic Approach for Reimagining Cyber Defense
Gary Leatherman - A Holistic Approach for Reimagining Cyber DefenseEnergySec
 
Slide Griffin - Practical Attacks and Mitigations
Slide Griffin - Practical Attacks and MitigationsSlide Griffin - Practical Attacks and Mitigations
Slide Griffin - Practical Attacks and MitigationsEnergySec
 

Contenu connexe

Similaire à EnergySec & NESCO Overview

NESCO Year 2 Overview
NESCO Year 2 OverviewNESCO Year 2 Overview
NESCO Year 2 OverviewEnergySec
 
Next Generation Information Sharing for the Electric Sector
Next Generation Information Sharing for the Electric SectorNext Generation Information Sharing for the Electric Sector
Next Generation Information Sharing for the Electric SectorEnergySec
 
EnergySec & National Electric Cyber Security Organization (NESCO) Overview by...
EnergySec & National Electric Cyber Security Organization (NESCO) Overview by...EnergySec & National Electric Cyber Security Organization (NESCO) Overview by...
EnergySec & National Electric Cyber Security Organization (NESCO) Overview by...TheAnfieldGroup
 
NESCO: A Closer Look
NESCO: A Closer LookNESCO: A Closer Look
NESCO: A Closer LookEnergySec
 
Bridging the Gap: Between Operations and IT
Bridging the Gap: Between Operations and ITBridging the Gap: Between Operations and IT
Bridging the Gap: Between Operations and ITEnergySec
 
EISS Cybersecurity Briefing
EISS Cybersecurity BriefingEISS Cybersecurity Briefing
EISS Cybersecurity BriefingEnergySec
 
TAC Subscription Webinar
TAC Subscription WebinarTAC Subscription Webinar
TAC Subscription WebinarEnergySec
 
Interoperability, Standards and Cybersecurity: A Business Perspective
Interoperability, Standards and Cybersecurity: A Business PerspectiveInteroperability, Standards and Cybersecurity: A Business Perspective
Interoperability, Standards and Cybersecurity: A Business PerspectiveEnergySec
 
NESCO Overview: Emerson Ovation User Group BOD Meeting
NESCO Overview: Emerson Ovation User Group BOD MeetingNESCO Overview: Emerson Ovation User Group BOD Meeting
NESCO Overview: Emerson Ovation User Group BOD MeetingEnergySec
 
Emerson Ovation User Group BOD Meeting
Emerson Ovation User Group BOD MeetingEmerson Ovation User Group BOD Meeting
Emerson Ovation User Group BOD MeetingEnergySec
 
What's "Smart" Got to Do With It?: A technical overview of Advanced Metering ...
What's "Smart" Got to Do With It?: A technical overview of Advanced Metering ...What's "Smart" Got to Do With It?: A technical overview of Advanced Metering ...
What's "Smart" Got to Do With It?: A technical overview of Advanced Metering ...EnergySec
 
Don't Get Hacked! Cybersecurity Boot Camp
Don't Get Hacked! Cybersecurity Boot CampDon't Get Hacked! Cybersecurity Boot Camp
Don't Get Hacked! Cybersecurity Boot CampEnergySec
 
NESCO/NESCOR Joint Overview
NESCO/NESCOR Joint OverviewNESCO/NESCOR Joint Overview
NESCO/NESCOR Joint OverviewEnergySec
 
One Security Device to Rule Them All
One Security Device to Rule Them AllOne Security Device to Rule Them All
One Security Device to Rule Them AllInnoTech
 
Data Protection for Higher Education
Data Protection for Higher EducationData Protection for Higher Education
Data Protection for Higher EducationKate Carruthers
 
OEB Cyber Security Framework
OEB Cyber Security FrameworkOEB Cyber Security Framework
OEB Cyber Security FrameworkNorbi Hegedus
 
Irene Moetsana-Moeng: Stakeholders in Cybersecurity: Collaborative Defence fo...
Irene Moetsana-Moeng: Stakeholders in Cybersecurity: Collaborative Defence fo...Irene Moetsana-Moeng: Stakeholders in Cybersecurity: Collaborative Defence fo...
Irene Moetsana-Moeng: Stakeholders in Cybersecurity: Collaborative Defence fo...itnewsafrica
 

Similaire à EnergySec & NESCO Overview (20)

NESCO Year 2 Overview
NESCO Year 2 OverviewNESCO Year 2 Overview
NESCO Year 2 Overview
 
Next Generation Information Sharing for the Electric Sector
Next Generation Information Sharing for the Electric SectorNext Generation Information Sharing for the Electric Sector
Next Generation Information Sharing for the Electric Sector
 
EnergySec & National Electric Cyber Security Organization (NESCO) Overview by...
EnergySec & National Electric Cyber Security Organization (NESCO) Overview by...EnergySec & National Electric Cyber Security Organization (NESCO) Overview by...
EnergySec & National Electric Cyber Security Organization (NESCO) Overview by...
 
NESCO: A Closer Look
NESCO: A Closer LookNESCO: A Closer Look
NESCO: A Closer Look
 
Bridging the Gap: Between Operations and IT
Bridging the Gap: Between Operations and ITBridging the Gap: Between Operations and IT
Bridging the Gap: Between Operations and IT
 
EISS Cybersecurity Briefing
EISS Cybersecurity BriefingEISS Cybersecurity Briefing
EISS Cybersecurity Briefing
 
TAC Subscription Webinar
TAC Subscription WebinarTAC Subscription Webinar
TAC Subscription Webinar
 
Interoperability, Standards and Cybersecurity: A Business Perspective
Interoperability, Standards and Cybersecurity: A Business PerspectiveInteroperability, Standards and Cybersecurity: A Business Perspective
Interoperability, Standards and Cybersecurity: A Business Perspective
 
NESCO Overview: Emerson Ovation User Group BOD Meeting
NESCO Overview: Emerson Ovation User Group BOD MeetingNESCO Overview: Emerson Ovation User Group BOD Meeting
NESCO Overview: Emerson Ovation User Group BOD Meeting
 
Emerson Ovation User Group BOD Meeting
Emerson Ovation User Group BOD MeetingEmerson Ovation User Group BOD Meeting
Emerson Ovation User Group BOD Meeting
 
What's "Smart" Got to Do With It?: A technical overview of Advanced Metering ...
What's "Smart" Got to Do With It?: A technical overview of Advanced Metering ...What's "Smart" Got to Do With It?: A technical overview of Advanced Metering ...
What's "Smart" Got to Do With It?: A technical overview of Advanced Metering ...
 
Don't Get Hacked! Cybersecurity Boot Camp
Don't Get Hacked! Cybersecurity Boot CampDon't Get Hacked! Cybersecurity Boot Camp
Don't Get Hacked! Cybersecurity Boot Camp
 
NESCO/NESCOR Joint Overview
NESCO/NESCOR Joint OverviewNESCO/NESCOR Joint Overview
NESCO/NESCOR Joint Overview
 
One Security Device to Rule Them All
One Security Device to Rule Them AllOne Security Device to Rule Them All
One Security Device to Rule Them All
 
Data Protection for Higher Education
Data Protection for Higher EducationData Protection for Higher Education
Data Protection for Higher Education
 
Cases
CasesCases
Cases
 
Aniketos trust bus_sept_2012
Aniketos trust bus_sept_2012Aniketos trust bus_sept_2012
Aniketos trust bus_sept_2012
 
OEB Cyber Security Framework
OEB Cyber Security FrameworkOEB Cyber Security Framework
OEB Cyber Security Framework
 
Irene Moetsana-Moeng: Stakeholders in Cybersecurity: Collaborative Defence fo...
Irene Moetsana-Moeng: Stakeholders in Cybersecurity: Collaborative Defence fo...Irene Moetsana-Moeng: Stakeholders in Cybersecurity: Collaborative Defence fo...
Irene Moetsana-Moeng: Stakeholders in Cybersecurity: Collaborative Defence fo...
 
Emile Monette: How do we Strengthen the Public-Private Partnership to Mitigat...
Emile Monette: How do we Strengthen the Public-Private Partnership to Mitigat...Emile Monette: How do we Strengthen the Public-Private Partnership to Mitigat...
Emile Monette: How do we Strengthen the Public-Private Partnership to Mitigat...
 

Plus de EnergySec

Gary Leatherman - A Holistic Approach for Reimagining Cyber Defense
Gary Leatherman - A Holistic Approach for Reimagining Cyber DefenseGary Leatherman - A Holistic Approach for Reimagining Cyber Defense
Gary Leatherman - A Holistic Approach for Reimagining Cyber DefenseEnergySec
 
Slide Griffin - Practical Attacks and Mitigations
Slide Griffin - Practical Attacks and MitigationsSlide Griffin - Practical Attacks and Mitigations
Slide Griffin - Practical Attacks and MitigationsEnergySec
 
Patrick Miller - Tackling Tomorrow's Biggest Cybersecurity Problems with Real...
Patrick Miller - Tackling Tomorrow's Biggest Cybersecurity Problems with Real...Patrick Miller - Tackling Tomorrow's Biggest Cybersecurity Problems with Real...
Patrick Miller - Tackling Tomorrow's Biggest Cybersecurity Problems with Real...EnergySec
 
Jack Whitsitt - Yours, Anecdotally
Jack Whitsitt - Yours, AnecdotallyJack Whitsitt - Yours, Anecdotally
Jack Whitsitt - Yours, AnecdotallyEnergySec
 
Steve Parker - The Internet of Everything: Cyber-defense in an Age of Ubiquit...
Steve Parker - The Internet of Everything: Cyber-defense in an Age of Ubiquit...Steve Parker - The Internet of Everything: Cyber-defense in an Age of Ubiquit...
Steve Parker - The Internet of Everything: Cyber-defense in an Age of Ubiquit...EnergySec
 
Daniel Lance - What "You've Got Mail" Taught Me About Cyber Security
Daniel Lance - What "You've Got Mail" Taught Me About Cyber SecurityDaniel Lance - What "You've Got Mail" Taught Me About Cyber Security
Daniel Lance - What "You've Got Mail" Taught Me About Cyber SecurityEnergySec
 
Lessons Learned For NERC CIPv5 Compliance & Configuration Change Management
Lessons Learned For NERC CIPv5 Compliance & Configuration Change ManagementLessons Learned For NERC CIPv5 Compliance & Configuration Change Management
Lessons Learned For NERC CIPv5 Compliance & Configuration Change ManagementEnergySec
 
Explore the Implicit Requirements of the NERC CIP RSAWs
Explore the Implicit Requirements of the NERC CIP RSAWsExplore the Implicit Requirements of the NERC CIP RSAWs
Explore the Implicit Requirements of the NERC CIP RSAWsEnergySec
 
Wireless Sensor Networks: Nothing is Out of Reach
Wireless Sensor Networks: Nothing is Out of ReachWireless Sensor Networks: Nothing is Out of Reach
Wireless Sensor Networks: Nothing is Out of ReachEnergySec
 
Please, Come and Hack my SCADA System!
Please, Come and Hack my SCADA System!Please, Come and Hack my SCADA System!
Please, Come and Hack my SCADA System!EnergySec
 
Unidirectional Network Architectures
Unidirectional Network ArchitecturesUnidirectional Network Architectures
Unidirectional Network ArchitecturesEnergySec
 
NERC CIP Version 5 and Beyond – Compliance and the Vendor’s Role
NERC CIP Version 5 and Beyond – Compliance and the Vendor’s RoleNERC CIP Version 5 and Beyond – Compliance and the Vendor’s Role
NERC CIP Version 5 and Beyond – Compliance and the Vendor’s RoleEnergySec
 
Industrial Technology Trajectory: Running With Scissors
Industrial Technology Trajectory: Running With ScissorsIndustrial Technology Trajectory: Running With Scissors
Industrial Technology Trajectory: Running With ScissorsEnergySec
 
The Path to Confident Compliance and the Transition to NERC CIP Version 5 – A...
The Path to Confident Compliance and the Transition to NERC CIP Version 5 – A...The Path to Confident Compliance and the Transition to NERC CIP Version 5 – A...
The Path to Confident Compliance and the Transition to NERC CIP Version 5 – A...EnergySec
 
ICS Cybersecurity: How to Protect the Proprietary Cyber Assets That Hackers C...
ICS Cybersecurity: How to Protect the Proprietary Cyber Assets That Hackers C...ICS Cybersecurity: How to Protect the Proprietary Cyber Assets That Hackers C...
ICS Cybersecurity: How to Protect the Proprietary Cyber Assets That Hackers C...EnergySec
 
Where Cyber Security Meets Operational Value
Where Cyber Security Meets Operational ValueWhere Cyber Security Meets Operational Value
Where Cyber Security Meets Operational ValueEnergySec
 
Where Are All The ICS Attacks?
Where Are All The ICS Attacks?Where Are All The ICS Attacks?
Where Are All The ICS Attacks?EnergySec
 
SAP’s Utilities Roadmap Overview, The Evolution of Regulatory Compliance and ...
SAP’s Utilities Roadmap Overview, The Evolution of Regulatory Compliance and ...SAP’s Utilities Roadmap Overview, The Evolution of Regulatory Compliance and ...
SAP’s Utilities Roadmap Overview, The Evolution of Regulatory Compliance and ...EnergySec
 
Industry Reliability and Security Standards Working Together
Industry Reliability and Security Standards Working TogetherIndustry Reliability and Security Standards Working Together
Industry Reliability and Security Standards Working TogetherEnergySec
 
What the Department of Defense and Energy Sector Can Learn from Each Other
What the Department of Defense and Energy Sector Can Learn from Each OtherWhat the Department of Defense and Energy Sector Can Learn from Each Other
What the Department of Defense and Energy Sector Can Learn from Each OtherEnergySec
 

Plus de EnergySec (20)

Gary Leatherman - A Holistic Approach for Reimagining Cyber Defense
Gary Leatherman - A Holistic Approach for Reimagining Cyber DefenseGary Leatherman - A Holistic Approach for Reimagining Cyber Defense
Gary Leatherman - A Holistic Approach for Reimagining Cyber Defense
 
Slide Griffin - Practical Attacks and Mitigations
Slide Griffin - Practical Attacks and MitigationsSlide Griffin - Practical Attacks and Mitigations
Slide Griffin - Practical Attacks and Mitigations
 
Patrick Miller - Tackling Tomorrow's Biggest Cybersecurity Problems with Real...
Patrick Miller - Tackling Tomorrow's Biggest Cybersecurity Problems with Real...Patrick Miller - Tackling Tomorrow's Biggest Cybersecurity Problems with Real...
Patrick Miller - Tackling Tomorrow's Biggest Cybersecurity Problems with Real...
 
Jack Whitsitt - Yours, Anecdotally
Jack Whitsitt - Yours, AnecdotallyJack Whitsitt - Yours, Anecdotally
Jack Whitsitt - Yours, Anecdotally
 
Steve Parker - The Internet of Everything: Cyber-defense in an Age of Ubiquit...
Steve Parker - The Internet of Everything: Cyber-defense in an Age of Ubiquit...Steve Parker - The Internet of Everything: Cyber-defense in an Age of Ubiquit...
Steve Parker - The Internet of Everything: Cyber-defense in an Age of Ubiquit...
 
Daniel Lance - What "You've Got Mail" Taught Me About Cyber Security
Daniel Lance - What "You've Got Mail" Taught Me About Cyber SecurityDaniel Lance - What "You've Got Mail" Taught Me About Cyber Security
Daniel Lance - What "You've Got Mail" Taught Me About Cyber Security
 
Lessons Learned For NERC CIPv5 Compliance & Configuration Change Management
Lessons Learned For NERC CIPv5 Compliance & Configuration Change ManagementLessons Learned For NERC CIPv5 Compliance & Configuration Change Management
Lessons Learned For NERC CIPv5 Compliance & Configuration Change Management
 
Explore the Implicit Requirements of the NERC CIP RSAWs
Explore the Implicit Requirements of the NERC CIP RSAWsExplore the Implicit Requirements of the NERC CIP RSAWs
Explore the Implicit Requirements of the NERC CIP RSAWs
 
Wireless Sensor Networks: Nothing is Out of Reach
Wireless Sensor Networks: Nothing is Out of ReachWireless Sensor Networks: Nothing is Out of Reach
Wireless Sensor Networks: Nothing is Out of Reach
 
Please, Come and Hack my SCADA System!
Please, Come and Hack my SCADA System!Please, Come and Hack my SCADA System!
Please, Come and Hack my SCADA System!
 
Unidirectional Network Architectures
Unidirectional Network ArchitecturesUnidirectional Network Architectures
Unidirectional Network Architectures
 
NERC CIP Version 5 and Beyond – Compliance and the Vendor’s Role
NERC CIP Version 5 and Beyond – Compliance and the Vendor’s RoleNERC CIP Version 5 and Beyond – Compliance and the Vendor’s Role
NERC CIP Version 5 and Beyond – Compliance and the Vendor’s Role
 
Industrial Technology Trajectory: Running With Scissors
Industrial Technology Trajectory: Running With ScissorsIndustrial Technology Trajectory: Running With Scissors
Industrial Technology Trajectory: Running With Scissors
 
The Path to Confident Compliance and the Transition to NERC CIP Version 5 – A...
The Path to Confident Compliance and the Transition to NERC CIP Version 5 – A...The Path to Confident Compliance and the Transition to NERC CIP Version 5 – A...
The Path to Confident Compliance and the Transition to NERC CIP Version 5 – A...
 
ICS Cybersecurity: How to Protect the Proprietary Cyber Assets That Hackers C...
ICS Cybersecurity: How to Protect the Proprietary Cyber Assets That Hackers C...ICS Cybersecurity: How to Protect the Proprietary Cyber Assets That Hackers C...
ICS Cybersecurity: How to Protect the Proprietary Cyber Assets That Hackers C...
 
Where Cyber Security Meets Operational Value
Where Cyber Security Meets Operational ValueWhere Cyber Security Meets Operational Value
Where Cyber Security Meets Operational Value
 
Where Are All The ICS Attacks?
Where Are All The ICS Attacks?Where Are All The ICS Attacks?
Where Are All The ICS Attacks?
 
SAP’s Utilities Roadmap Overview, The Evolution of Regulatory Compliance and ...
SAP’s Utilities Roadmap Overview, The Evolution of Regulatory Compliance and ...SAP’s Utilities Roadmap Overview, The Evolution of Regulatory Compliance and ...
SAP’s Utilities Roadmap Overview, The Evolution of Regulatory Compliance and ...
 
Industry Reliability and Security Standards Working Together
Industry Reliability and Security Standards Working TogetherIndustry Reliability and Security Standards Working Together
Industry Reliability and Security Standards Working Together
 
What the Department of Defense and Energy Sector Can Learn from Each Other
What the Department of Defense and Energy Sector Can Learn from Each OtherWhat the Department of Defense and Energy Sector Can Learn from Each Other
What the Department of Defense and Energy Sector Can Learn from Each Other
 

Dernier

The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityIES VE
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfpanagenda
 
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Mark Goldstein
 
Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical InfrastructureVarsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructureitnewsafrica
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Hiroshi SHIBATA
 
React Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App FrameworkReact Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App FrameworkPixlogix Infotech
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security ObservabilityGlenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security Observabilityitnewsafrica
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...Wes McKinney
 
QCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architecturesQCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architecturesBernd Ruecker
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPathCommunity
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersNicole Novielli
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Farhan Tariq
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024TopCSSGallery
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsNathaniel Shimoni
 

Dernier (20)

The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a reality
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
 
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
 
Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical InfrastructureVarsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024
 
React Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App FrameworkReact Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App Framework
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
 
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security ObservabilityGlenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
 
QCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architecturesQCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architectures
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to Hero
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software Developers
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directions
 

EnergySec & NESCO Overview

  • 1. EnergySec & National Electric Cyber Security Organization (NESCO) Overview 2012 Technologies for Security and Compliance Summit The Anfield Group August 1-2 2012 Barton Creek Resort – Austin, TX
  • 2. New, New Security Model  Nation State quality adversaries  Fear the auditor more than attacker  Regulatory avalanche forecast  Constant compromise  Ecosystem of organizations  Information sharing is holy grail The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec 9/1/2012 with funding assistance from the U.S. Department of Energy 2
  • 3. Info-Share to the Rescue!  What does Information Sharing really mean? – Taking vs. Sharing – Secrecy for secrecy’s sake – Government doesn’t share well (yet)  Very useful approach, but not a panacea  Comes with trade-offs… The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec 9/1/2012 with funding assistance from the U.S. Department of Energy 3
  • 4. Information Sharing Reality Some Pros… Some Cons…  What works, what  Classification and doesn’t handling, both Gov  Benchmarking and Corporations  Situational  Lawyers, awareness agreements and  Tactical threat and contracts vulnerability analysis  Community-sourcing  Consumers will always outnumber  Regulatory sharers compliance  Mentoring  Trust; n parties 9/1/2012  Doesn’t scale well The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec with funding assistance from the U.S. Department of Energy 4
  • 5. Who is EnergySec?  Unique, non-profit, independent, public- private information sharing organization  Borne from Energy Sector  Bottom-up vs. top-down  TRUSTED – By the industry, for the industry – Non-profit 501(c)(3) – Independent, private – 10+ years of information sharing experience 9/1/2012 The National Electric Sector Cybersecurity Organization is partially funded by the US Department of Energy 5
  • 6. EnergySec Background  10.2001: Precursor to E-Sec NW formed  7.2004: E-Sec NW formalized and “founded” – Asset owner/operator ONLY; all volunteer  1.2008: SANS Information Sharing Award  12.2008: Incorporated E-Sec NW as EnergySec  10.2009: 501(c)(3) nonprofit determination  4.2010: EnergySec applied for NESCO DOE FOA  7.2010: EnergySec awarded NESCO FOA  10.2010: NESCO became operational The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec 9/1/2012 with funding assistance from the U.S. Department of Energy. 6
  • 7. What EnergySec Is NOT…  Not a lobbyist  Not a vendor  Not a consultant  Not government agency  Not a regulator The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec 9/1/2012 with funding assistance from the U.S. Department of Energy 7
  • 8. EnergySec Staff  Extensive applied sector experience – Many years employment at asset owners – Operations, security, audit, Sr mgmt, OT, IT – Regional Entity leadership – Independent consulting; big firms and boutiques – Built several successful companies – EnergySec founders, Info-sharing pioneers – Certified, trusted, highly connected, dedicated The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec 9/1/2012 with funding assistance from the U.S. Department of Energy. 8
  • 9. EnergySec Programs  NESCO: Information Sharing & Best Practices  Advisory Service  EnergySec University – Education/Workforce Development  LIGHTS: Security in a box (turnkey) – Independent board – Partnership with ICS-ISAC The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec 9/1/2012 with funding assistance from the U.S. Department of Energy 9
  • 10. EnergySec Nonprofit Umbrella EnergySec NESCO Advisory University Other… The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec 9/1/2012 with funding assistance from the U.S. Department of Energy 10
  • 11. EnergySec Advisory  Customized agenda; facilitated discussion  Examine current and horizon energy sector specific cyber security legislation  Explore methods to meet compliance obligations and enhance security posture  Present threat, vulnerability and impact landscape to executives and staff  Highest concentration of advisors with unique and hard-to-find combination of experience The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec 9/1/2012 with funding assistance from the U.S. Department of Energy 11
  • 12. EnergySec University  Professional/workforce development path – Internal expertise as instructors – Open faculty roster from best and brightest – Courses in all IT/OT security-related disciplines  Internship matchmaking – coming soon  Working closely with National Board of Information Security Examiners (NBISE) The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec 9/1/2012 with funding assistance from the U.S. Department of Energy 12
  • 13. What Is NESCO?  R. 3183 “...the Secretary shall establish an independent national energy sector cyber security organization...” – Department Of Energy issued FOA on March 31, 2010  Purpose is to “establish a National Electric Sector Cyber Security Organization that has the knowledge, capabilities, and experience to protect the electric grid and enhance integration of smart grid technologies that are adequately protected against cyber attacks.”  “This organization will serve as a focal point to bring together domestic and international experts, developers, and users who will assess and test the security of novel technology, architectures, and applications.” 9/1/2012 The National Electric Sector Cybersecurity Organization is partially funded by the US Department of Energy 13
  • 14. NESCO Objectives  Organize, lead and implement a public-private partnership  Focus cybersecurity research and development priorities  Identify and disseminate security best practices  Organize the collection, analysis and dissemination of infrastructure vulnerabilities and threats  Work cooperatively with the DOE and other Federal Agencies  Enhance cybersecurity of the bulk power grid and electric infrastructure 9/1/2012 The National Electric Sector Cybersecurity Organization is partially funded by the US Department of Energy 14
  • 15. Who Is NESCO? • IOU • Product • Muni • Service • Coop Asset Owners Vendor Govt Academia/Research • Non-Reg • Public • Regulatory • Private • Fed, State… The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec 9/1/2012 with funding assistance from the U.S. Department of Energy. 15
  • 16. Connect & Support Utility Asset Owners 9/1/2012 The National Electric Sector Cybersecurity Organization is partially funded by the US Department of Energy 16
  • 17. Membership Growth The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec 9/1/2012 with funding assistance from the U.S. Department of Energy 17
  • 18. Member Demographics Membership by Individual Membership by Organization Academic Academic 2% 5% Vendor/Other 22% Vendor/Other 35% Govt/Regulatory 12% Asset Owner Asset Owner 49% 64% Govt/Regulatory 11% 1,050 Individual members 363 unique organizations Predominately Asset Owner Driven Membership Base The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec 9/1/2012 with funding assistance from the U.S. Department of Energy 18
  • 19. Membership Overview  NESCO Members of Sept 30 2011 (1 year) – 788 NESCO members – 278 unique organizations  NESCO Members as of July 12 2012: – 1050 individuals – 363 unique organizations Note: This represents a nearly 50% annual growth rate The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec 9/1/2012 with funding assistance from the U.S. Department of Energy 19
  • 20. Social Media Outreach  NESCO mailing list: 3536  NESCO Twitter followers: 2635  NESCO LinkedIn group members: 535 The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec 9/1/2012 with funding assistance from the U.S. Department of Energy 20
  • 21. Direct Outreach  3 Town Hall meetings  19 Voice of the Industry (VOI) meetings  82 TAC notices; 149 follow up threads  71 presentations/panels  94 event participation  37 blog mentions  43 interviews and article citations The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec 9/1/2012 with funding assistance from the U.S. Department of Energy 21
  • 22. Engage, Equip & Empower  Sharing requires trust  Trust is built on relationships  Our approach… – Bringing people together – Flexible technology options and solutions to extend and enhance relationships – Organic growth; birds of a feather The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec 9/1/2012 with funding assistance from the U.S. Department of Energy 22
  • 23. NESCO Is Technology  Secure collaboration portal – Wiki – Working groups – Discussion forums – Email distribution lists  Rapid Notification System  Social Media – LinkedIn, Twitter, Facebook The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec 9/1/2012 with funding assistance from the U.S. Department of Energy. 23
  • 24. NESCO Tools  Email distribution lists  Secure collaboration wiki  Secure instant messaging  Rapid notification mechanisms  Resource repository  Most technologies have non- attribution (anonymous) options 9/1/2012 The National Electric Sector Cybersecurity Organization is partially funded by the US Department of Energy 24
  • 25. NESCO Resource Repository  Best/common practices  Policy, process, procedure  Compliance approaches  Document Templates  Code snippets, scripts  System configurations  Links to useful security sites  And more… 9/1/2012 The National Electric Sector Cybersecurity Organization is partially funded by the US Department of Energy 25
  • 26. NESCO Tactical Analysis Center  Supports ES-ISAC and ICS-CERT  Open & private source intelligence  Asset owner volunteer handler SMEs with virtual “dashboards”  Rapid, community-sourced analysis  Secure communications  Rapid notification system  Daily diaries, trending  Quarterly & annual reports 9/1/2012 The National Electric Sector Cybersecurity Organization is partially funded by the US Department of Energy 26
  • 27. ES-ISAC, ICS-CERT and TAC  An analogy… triage and long term care  Basic differences of the TAC – Operated by an independent non-profit org – Not associated with a federal regulatory agency • DOE partner is non-regulatory • Funding expires in 2014, only “seed” money provided • Funding model involves cost-share, so industry bears cost throughout entire effort – Electric sector specific – Provides feeds, when requested to NERC & DHS &… The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec 9/1/2012 with funding assistance from the U.S. Department of Energy 27
  • 28. ES-ISAC, ICS-CERT and TAC  Basic differences of the TAC – Covers all entities, not just Registered Entities under the NERC Functional Model • Not just Bulk Electric w/ CA and CCA • Includes smart grid, distribution, QF generation – NESCO staff work alongside industry handlers – RNS has direct access to security staff – Volunteer reporting structure, not mandatory – Private position offers unique vendor relationships – Anonymized pass through for bi-directional sharing The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec 9/1/2012 with funding assistance from the U.S. Department of Energy 28
  • 29. NESCO Products  Whitepapers – DNS Exfiltration – Security Logging Best Practices and Capability Maturity Models – Public Key Infrastructure, Automated Metering Infrastructure and Industrial Control Systems – DOE Electric Sector Cybersecurity Capability Maturity Model (ES-C2M2) – coming soon! – What else would you like to see? The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec 9/1/2012 with funding assistance from the U.S. Department of Energy. 29
  • 30. NESCO Products  Rapid Notification System – Night Dragon webcast – Duqu webcast – Multiple TAC notices The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec 9/1/2012 with funding assistance from the U.S. Department of Energy 30
  • 31. NESCO Success Stories …is fantastic that [DOE produces] a document that deals with a subject so technical and that it makes available to the public. http://goo.gl/0xiWp The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec 9/1/2012 with funding assistance from the U.S. Department of Energy. 31
  • 32. NESCO Success Stories  Spearphishing notices from asset owner shared with DHS for action – Result: DHS ICS-CERT advisory issued  Accounts from service contractor posted to Internet reviewed for asset owner data – Result: Direct contact warning to specific parties The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec 9/1/2012 with funding assistance from the U.S. Department of Energy. 32
  • 33. NESCO Success Stories  Exposed control systems posted on Internet matched to asset owners – Result: Direct contact warning to specific parties  EnergySec spearphishing attempt – Result: Cross-organization comparison with general industry advisory; IOCs published The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec 9/1/2012 with funding assistance from the U.S. Department of Energy 33
  • 34. NESCO Success Stories  Industry and [some] Regional Entities seeking to modify process for Technical Feasibility Exceptions to maximize security benefit – Result: NESCO provided independent and impartial discussion forum, webinar and industry feedback loop for proposed change to process The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec 9/1/2012 with funding assistance from the U.S. Department of Energy 34
  • 35. NESCO Success Stories The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec 9/1/2012 with funding assistance from the U.S. Department of Energy 35
  • 36. NESCO Funding Model  Department of Energy FOA  Cooperative agreement  Cost-share is ~40%, ramps over life of 3.5 year “seed” window  At end of seed window, NESCO is fully funded by industry  Supported by underwriters and TAC subscriptions The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec 9/1/2012 with funding assistance from the U.S. Department of Energy 36
  • 37. NESCO Summary  Focused on building trust through relationships to further security collaboration and sharing  Flexible technology facilitates and catalyzes information/resource sharing efforts  Supports existing successful programs  Security voice of the electric sector 9/1/2012 The National Electric Sector Cybersecurity Organization is partially funded by the US Department of Energy 37
  • 38. Get Connected  EnergySec Summit: September 25-28 – NESCO Town Hall – CISO Forum – Policy and Technical Tracks  EnergySec University Courses – NERC CIP Training: Las Vegas 10/25 – NERC CIP Training: Sacramento 12/4 – Cybersecurity for Operations: Nashville 11/7  NESCO Voice of the Industry (VOI) Meetings The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec 9/1/2012 with funding assistance from the U.S. Department of Energy 38
  • 39. Get Connected  www.energysec.org  www.energysec.org/join  www.energysec.org/tac-subscription- service  TAC@energysec.org  New NESCO website soon! The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec 9/1/2012 with funding assistance from the U.S. Department of Energy 39
  • 40. Questions? Patrick C Miller Principal Investigator, National Electric Sector Cybersecurity Organization President & CEO, EnergySec patrick.miller@energysec.org 503.446.1212 (desk) @patrickcmiller (twitter) www.energysec.org The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec 9/1/2012 with funding assistance from the U.S. Department of Energy 40