Presented by: Julie Soutuyo, Tennessee Valley Authority Abstract: Over the past 40 years, the energy industry has evolved to a position of dependence upon information technology to accomplish its mission. Cyber attacks have become a “way of life”; as the Nation, industry, organizations, and individuals strive to operate safely and securely in cyberspace. Most rely on a compliance-based “whack-a-mole”; approach to cyber defense which presents multiple barriers to hackers, based on the last attack, with efforts to “hit” any that get inside the organization’s defenses. While still valid, this compliance-based approach has significant challenges: stopping intruders, mitigating the problems they create, and positioning an organization to achieve its mission under a cyber attack. Cyber experts across the Nation are increasingly turning to resiliency as a means for fighting through these attacks with the objective of meeting operational and mission requirements in spite of the attacks. This shift is driving organizations to rethink their organizational structures to achieve unity of effort and streamlined decision-making in the face of a fast paced set of operational demands. This presentation will highlight the strategies to promote a cyber resilient organization.

1. Julie
Soutuyo
Senior
Program
Manager
Tennessee
Valley
Authority
Improving
Organiza.onal
Resilience
to
an
Increasing
and
Evolving
Threat
EnergySec
9th
Annual
Security
Summit
September
18,
2013
Denver,
CO
Organiza.onal
Cyber
Resilience

2. 2
TVA
Restricted
Informa=on
–
Delibera=ve
and
Pre-­‐Decisional
Privileged
Table
of
Contents
• The
CEO’s
Challenge
• Cybersecurity
in
Context
• The
Cyber
Risk
• Possible
Solu=ons
The
CEO’s
Challenge
Cybersecurity
in
Context
The
Cyber
Risk
Possible
Solu=ons

3. 3
TVA
Restricted
Informa=on
–
Delibera=ve
and
Pre-­‐Decisional
Privileged
On
July
25th,
our
CEO
challenged
the
TVA
staff
to
improve
our
future
economic
posture
• Doing
so
while
effec=vely
opera=ng
across
four
impera=ves:
– Debt,
– Rates,
– Stewardship,
and
– Asset
PorNolio
• In
an
opera=ng
environment
focused
on
– Trust,
– Safety,
and
– Change
• And
a
significant
evolu=on
of
our
culture
• His
message
was
clear…the
TVA
must
undertake
major
transforma=on
The
CEO’s
Challenge
Cybersecurity
in
Context
The
Cyber
Risk
Possible
Solu=ons

4. TVA
Restricted
Informa=on
–
Delibera=ve
and
Pre-­‐Decisional
Privileged
The
company
is
undergoing
a
transforma.on
of
business
and
culture…
• This
is
an
op=mal
=me
to
make
progress
on
communica=ng
the
benefits
of
becoming
more
cyber
resilient;
– New
CEO
– Economic
challenges
– Changes
in
organiza=onal
structure
and
strategic
direc=on
– Increased
focus
on
reducing
risk
– An
appeal
to
all
employees
to
be
innova=ve
in
finding
solu=ons
The
CEO’s
Challenge
Cybersecurity
in
Context
The
Cyber
Risk
Possible
Solu=ons

5. TVA
Restricted
Informa=on
–
Delibera=ve
and
Pre-­‐Decisional
Privileged
The
challenge
is
that
“Cyber”
is
not
always
well
understood
by
u.li.es…
• Cyber
security
is
seen
as
important
but
many
employees
don’t
understand
the
threat:
– Cyber
terminology
is
confusing
– Some
don’t
believe
the
threat
is
“real”
– Many
feel
that
sensi=ve
networks
and
assets
are
sufficiently
isolated
– “No
way!
I’m
not
shuZng
down
to
patch
anything!
My
1995
ICS
technology
(with
no
maintenance
agreement
in
place)
is
safe!!”
The
CEO’s
Challenge
Cybersecurity
in
Context
The
Cyber
Risk
Possible
Solu=ons
• Execu=ves
are
o`en
in
the
same
“boat”:
– Didn’t
we
fix
that
already?
– NERC
CIP
must
be
addressing
my
requirements
– Not
cri=cal
to
making
electricity
– What
am
I
geZng
in
return
for
this
investment?
– Who
else
is
experiencing
this?
Nobody
in
the
industry?
Why
am
I
spending
so
much????
“Uh, I think your Stuxnet ate my Poison Ivy
and caused my Duqu to explode after a
denial of service…..then the Aurora came
after the Shamoon and finally, I just decided
to go phishing with my kill chain…”
Note:
Cyber
Terms
are
not
“common”
u.lity
jargon!

6. 6
TVA
Restricted
Informa=on
–
Delibera=ve
and
Pre-­‐Decisional
Privileged
A
key
component
of
influencing
change
within
an
organiza.on’s
culture
is
to
tell
a
story….
The
CEO’s
Challenge
Cybersecurity
in
Context
The
Cyber
Risk
Possible
Solu=ons
My story about how to become
more cyber resilient starts with
the network....
...and ends with TVA in a much better
cybersecurity posture by 2020; ready
to face next generation cyber
threats.

7. TVA
Restricted
Informa=on
–
Delibera=ve
and
Pre-­‐Decisional
Privileged
Like
other
U.li.es,
TVA
has
many
different
networks
used
to
operate
the
company
• Different
types
of
networks
across
the
corporate
and
power
environments
are
the
means
for
execu=ng
the
TVA
mission
– Opera=ons
managed;
sensor
data
and
decisions
from
ICS
– Safely
operate
and
maintain
power
plants
and
transmissions
systems
– Buy
and
sell
power;
bill
customers;
receive
revenues
– Communicate
internally
and
externally
– Manage
environmental
requirements
• These
same
networks
are
the
target
of
cyber
afacks
and
the
poten=al
means
for
afacking
TVA
Cri=cal
Assets
or
Business
Processes
• The
afackers
are…
– More
sophis=cated
and
effec=ve
– With
the
poten=al
for
causing
serious
disrup=on
and
even
destruc=on
of
our
resources
– Interested
in
achieving
various
objec=ves
The
CEO’s
Challenge
Cybersecurity
in
Context
The
Cyber
Risk
Possible
Solu=ons

8. 8
TVA
Restricted
Informa=on
–
Delibera=ve
and
Pre-­‐Decisional
Privileged
Even
as
we
resolve
our
financial
challenges,
we
have
an
opportunity
to
drive
change…
• Working
collec=vely
on
solu=ons
to
our
networked
security…
– Across
func=onal
lines
that
have
common
ground
– To
iden=fy
mutually
suppor=ve
solu=ons
– Towards
becoming
opera=onally
resilient
to
cyber
afacks
– And,
the
means
to
tackle
the
broader
financial
challenges
• NOW
is
the
=me
for
developing
our
cybersecurity
resilience
to
protect
our
networked
resources
and
con=nue
to
fulfill
our
mission
requirements
– Make
recommenda=ons
to
evolve
our
cyber
opera=ons
posture
from…
• Compliance
• To
becoming
agile
• And
ul=mately
resilient
– Which
will
allow
TVA
to
recognize
• Enhanced
cybersecurity
safety
• Building
trust
and
confidence
across
our
enterprise
and
with
our
customers
• Avoid
catastrophic
costs
resul=ng
from
an
increasingly
likely
cyber
afack
• While
embracing
change
The
CEO’s
Challenge
Cybersecurity
in
Context
The
Cyber
Risk
Possible
Solu=ons

9. 9
TVA
Restricted
Informa=on
–
Delibera=ve
and
Pre-­‐Decisional
Privileged
1970s.
Introduc=on
of
1st
genera=on
“monolithic”
SCADA
systems
The
TVA
has
been
a
technology
leader
through
the
20th
Century
40s
–
expanded
hydropower
construc=on
60s
–
Introduc=on
of
nuclear
power
plants
50s
–
Largest
electricity
supplier
70s
–
80s
–
Focus
on
energy
conserva=on
90s
–
Increased
compe==on;
clean
air
focus
2000s
–
focus
on
energy,
environment,
and
economic
development
1933.
TVA
established
by
Congress
to
address
environmental,
economic,
and
technological
challenges
including
delivery
of
low-­‐cost
electricity
1969.
The
Internet
(ARPANET)
brought
on
line
1959.
Federal
appropria=ons
ended;
TVA
becomes
self-­‐
financing
Major
TVA
events
Major
Internet
events
1991.
World
Wide
Web
evolves
through
new
protocol,
hypertext
• Explosive
growth
of
the
internet
• Rise
of
social
networking
(e.g.,
Facebook,
Twifer)
• Exponen=al
growth
of
mobility
planorms
1982:
Internet
protocol
TCP/IP
standardized
1980s.
Growth
of
2nd
genera=on
“distributed”
SCADA
systems
1990s.
3rd
genera=on
“Networked”
SCADA
systems
Major
cyber
a_acks
2000.
DDOS
afack
across
commercial
web
sites
($1.7B
in
damages)
2010.
Stuxnet
infected
Iranian
nuclear
facili=es
2009.
Merrick
Bank
lost
$16M
a`er
hackers
compromised
40M
credit
card
accounts
2003.
Slammer
worm
infected
90%
of
vulnerable
computers
within
10
min
($1B
in
damage)
1999.
Federal
appropria=ons
for
environmental
stewardship
and
economic
development
ac=vi=es
ended
2012.
More
than
30,000
computers
at
Saudi
Aramco
(oil
company)
destroyed
by
virus
• IT
revolu=onized
our
industry
– Affected
every
element
of
power
genera=on
and
delivery
– Almost
always
“bolted
on”
and
not
“built
in”
• AND…introduced
significant
risk
from
cyber
afacks
– With
Increased
frequency,
from
more
adversaries,
with
greater
sophis=ca=on,
against
more
targets,
with
increased
success,
…and
greater
impact
The
CEO’s
Challenge
Cybersecurity
in
Context
The
Cyber
Risk
Possible
Solu=ons

10. 10
TVA
Restricted
Informa=on
–
Delibera=ve
and
Pre-­‐Decisional
Privileged
…and
technology
with
the
cyber
threat
has
introduced
risk
to
our
impera.ves
Change
Trust
Safety
Rates
• Increases
costs
from:
o Disrup=on
of
service
and
restora=on
requirements
o Legal
fees
resul=ng
from
the`
or
destruc=on
of
data
• Poten=al
loss
of
customers
(par=cularly
industrial
customers)
Debt
• Immediate
impact
to
O&M
costs
to
restore
systems
damaged
or
destroyed
by
a
cyber
afack
o Could
cause
TVA
to
exceed
its
debt
threshold
Stewardship
• Loss
of
trust
and
credibility…
o Customers
due
to
loss
of
privacy
data
or
service
outage
o Government
due
to
na=onal
power
grid
impacts
• Safety
…
placing
staff
in
harms
way
working
to
resolve
outages
• Economic
and
environmental
impacts
resul=ng
from
destruc=on
of
major
environmentally
sensi=ve
TVA
components
Asset
PorNolio
• Unstable
and/or
unreliable
cri=cal
asset
performance
• Poten=al
damage,
destruc=on,
and
loss
of
assets
o Both
short
and
long
term
The
Cyber
Threat
is
driving
unwanted
change
into
TVA
and
in
turn
is
eroding
our
trust
and
safety
The
CEO’s
Challenge
Cybersecurity
in
Context
The
Cyber
Risk
Possible
Solu=ons

11. We
can
control
some
of
the
drivers
of
risk
and
some
we
can’t
External
Drivers
Those
we
can’t
control
• Customers…those
whom
we
serve,
with
expecta=ons
for
– Uninterrupted
service
– Reasonably
priced
electricity
– Protec=on
of
Personal
Iden=fica=on
Informa=on
and
privacy
expecta=ons
– Environmental
stewardship
• Government
(e.g.,
NERC)…Drive
oversight
&
regula=ons
– Drives
cost
(e.g.,
changes
in
“bright
line,”
EPA
requirements)
– Expects
industry
to
operate
systems
securely
and
safely
(e.g.,
nuclear
facili=es
operate
in
a
virtually
‘zero
defect
environment”)
• Industry…Both
Partners/Compe=tors
– Jointly
managing
the
Na=on’s
power
grid
• Vendors…suppor=ng
TVA
– Drive
change
with
updates
and
new
capabili=es
• Threat
Actors
(e.g.,
hac.vists,
criminals,
Na.on
States)
– Focused
on
embarrassment,
exploita=on,
the`,
disrup=on,
and
destruc=on
– Capable
of
taking
over
Industrial
Control
Systems
(ICS)
and
corporate
networks;
shuZng
them
down;
crea=ng
significant
risk
to
TVA
staff
and
customers
(loss
of
service;
restora=on
risks,
etc.)
Internal
Drivers
Those
we
can
control
• TVA
Organiza=on
– Decentralized,
=ered,
&
distributed
• Staff
– The
guardians
of
TVA
culture
– Both
driving
and
resis=ng
change
• Culture
– Accountability
• Technology
– Constantly
increasing
the
pace
of
change
with
technology
refresh,
updates,
patches,
etc.
• Aged
Infrastructure
– Some
is
80
years
old…does
not
always
adapt
easily
– Cybersecurity
technology
solu=ons
generally
bolted
on
vice
built
in
• Funding
and
Budgets
– Bounded
(as
our
CEO
reminded
us)
– Debt
ceiling
is
almost
gone
Can
Impact
our
Costs
The
CEO’s
Challenge
Cybersecurity
in
Context
The
Cyber
Risk
Possible
Solu=ons

12. 12
TVA
Restricted
Informa=on
–
Delibera=ve
and
Pre-­‐Decisional
Privileged
This
isn’t
to
suggest
that
only
bad
things
evolve
from
this
challenging
period
of
change
• Large
scale
change
presents
an
opportunity
to
examine
our
approach
to
cybersecurity
• Increase
trust
in
our
systems
– Enhance
our
cybersecurity
posture
– Revisit
how
we
fund
• How
much
are
we
inves=ng
now
• Percentage
of
our
network
coverage
• Known
risks
in
different
opera=ng
environments
that
have
not
been
addressed
(e.g.,
corporate,
nuclear,
fossil,
etc.)
• Which
investments
would
create
the
maximum
value
(near,
mid,
and
long
term)
impact
– Examine
cybersecurity
across
func=onal
elements
(e.g.,
IT,
Opera=ons,
and
Supply/Logis=cs)
to
collec=vely
develop
ideas
and
op=ons
to
befer
secure
our
networks
• Ul=mately,
cybersecurity
is
about
risk…and
money
– How
much
cybersecurity
risk
are
we
willing
to
accept
– At
what
cost
• To
make
changes
• To
avoid
poten=al
catastrophic
costs
The
CEO’s
Challenge
Cybersecurity
in
Context
The
Cyber
Risk
Possible
Solu=ons
We
are
not
alone
in
this
struggle…the
en6re
industry
is
challenged

13. 13
TVA
Restricted
Informa=on
–
Delibera=ve
and
Pre-­‐Decisional
Privileged
The
CEO’s
challenge
is
an
opportunity
to…
Define
the
cybersecurity
risks
we
face…
…and
the
implica6ons
for
how
we
secure
our
networks
Consider
the
evolving
cyber
environment…
…and
the
poten6al
implica6ons
for
our
future
opera6ons
Jointly
iden.fy
some
possible
solu.ons…
…and
what
other
op6ons
we
might
consider
Expand
our
approach
to
cybersecurity…
…and
consider
cross
organiza6onal,
mul6-­‐func6onal
solu6ons
Redefine
our
understanding
of
networks…
…and
protect
them
as
vital
to
execu6ng
our
mission
Examine
the
costs
of
doing
so…
…and
the
poten6al
costs
of
not
Assess
the
.ming
of
making
changes…
…in
the
near,
mid,
or
long
term
The
CEO’s
Challenge
Cybersecurity
in
Context
The
Cyber
Risk
Possible
Solu=ons

14. Today,
the
government’s
cybersecurity
response
focuses
on
regula.ons
&
standards
The
Government
Response
• NERC
CIP
has
issued
28
documents
detailing
Reliability
Standards
– Set
standards
for
repor=ng,
cyber
asset
iden=fica=on,
system
categoriza=on,
security
management
controls,
personnel
and
training
standards,
management
(electronic,
physical,
and
systems
security
management),
configura=on
management,
informa=on
protec=on
– Each
includes
requirements
and
measures;
for
example…
• CIP-­‐001-­‐2a
has
4
requirements
and
4
measures
• CIP-­‐002-­‐3
has
4
requirements
with
5
sub-­‐
requirements
and
7
sub-­‐sub
requirements,
and
4
measures
…
And
Industry
Complies
• Developed
large
IT
organiza=onal
structures
to
meet
requirements
• Expended
significant
resources
to
protect
systems
and
networks
• Has
not
been
as
likely
to
adopt
recommenda=ons
(vice
requirements)
• In
fact…compliance,
all
too
oAen
is
the
founda6on
and
primary
means
for
mi6ga6ng
risk
…
“If
I
comply,
I’m
protected”
Standards,
requirements,
alerts,
repor6ng
and
compliance
serve
an
important
func6on
for
fulfilling
organiza6onal
objec6ves
opera6ng
in
cyberspace
The
CEO’s
Challenge
Cybersecurity
in
Context
The
Cyber
Risk
Possible
Solu=ons

15. 15
TVA
Restricted
Informa=on
–
Delibera=ve
and
Pre-­‐Decisional
Privileged
But,
compliance
alone
is
risky
and
the
nature
of
the
energy
industry
poses
addi.onal
challenges
Opera.onal
Organiza.onal
Resourcing
Focus
Compliance-based defense (e.g.,
NERC CIP and NIST guidelines)
Leadership and technical staff
from corporate headquarters to
distributors are independent
Primarily on O&M (vice capital
expenditures) to meet regulatory
requirements
Challenges
Complex situational
awareness; discerning source of
disruption or destruction between
routine failures vice cyber attacks
Need to integrate across diverse
operational platforms to establish
an operational framework and
increase employee awareness
Increased costs
• Operating and maintaining multiple IT
solutions and architectures
• Executing compliance requirements
across multiple organizational
elements
• Capital IT expenditures are
accomplished independently; plants,
vendors, distributors adopt different
solutions that frequently aren’t
interoperable or require expensive
interfaces
• Missed opportunities to gain
efficiencies and savings through
consolidated, organization-wide
negotiations with vendors (vendors
often drive solutions)
Limited response actions:
• Frequently “after the event”
• Reluctance to shut systems
down
Organiza=on-­‐wide
solu=ons
to
cyber
afacks
difficult
and
costly
due
to
loose
federa=on
of
IT
infrastructures,
complex
and
different
network
environments,
requiring
specialized
solu=ons
Slowed response waiting for
developed, tested, deployed, and
approved solutions
Result
Increased potential for success of cyber attacks with resulting
energy disruption, loss of data and corresponding legal and financial impacts
The
CEO’s
Challenge
Cybersecurity
in
Context
The
Cyber
Risk
Possible
Solu=ons

16. 16
TVA
Restricted
Informa=on
–
Delibera=ve
and
Pre-­‐Decisional
Privileged
Those
challenges
affect
our
ability
to
respond
quickly…and
in
cyberspace
it’s
all
about
speed
“Time
is
Money”
was
never
more
true…and
it’s
not
just
one
cyber
aKack…it’s
hundreds…thousands
and
they
aren’t
going
to
stop…
because
it
works
Discovery
Detec=on
Response
Recovery
• Time
between
discovery
of
a
zero
day
vulnerability
and
the
development,
tes=ng,
deployment,
and
implementa=on
of
a
solu=on
• Time
between
a
successful
breach
of
a
network/system
and
discovery
by
the
organiza=on
• Time
to
develop,
test,
deploy,
and
implement
solu=ons
• Time
to
restore
network/systems
to
full
opera=onal
capabili=es
The
CEO’s
Challenge
Cybersecurity
in
Context
The
Cyber
Risk
Possible
Solu=ons

17. 17
TVA
Restricted
Informa=on
–
Delibera=ve
and
Pre-­‐Decisional
Privileged
…and
cyberspace
is
not
gehng
any
slower
or
safer
• Cyber
afacks
are
increasing
every
day
– Across
the
Na=on
– Our
industry
– …and
against
TVA
• Using
a
wide
variety
of
methodologies
– “Phishing”
…
social
engineering
of
email
– Malware
…
plan=ng
tools
and
so`ware
in
our
networks
– Denial
of
Service
…
denying
us
and
our
customers
access
to
our
networks
– Ransomware
…
hijacking
computers
forcing
payment
for
release
• And
it’s
not
going
to
get
any
befer
for
the
foreseeable
future
– …because
it
works
The
CEO’s
Challenge
Cybersecurity
in
Context
The
Cyber
Risk
Possible
Solu=ons
• DHS
reported
198
afacks
on
cri=cal
U.S.
infrastructure
in
2012…up
from
9
in
2009
• In
2012
,
ICS-­‐CERT
tracked
171
unique
vulnerabili=es
affec=ng
ICS
products
across
55
vendors
• The
TVA
experienced
an
almost
30%
increase
in
afacks
year
over
year
• Over
the
last
quarter,
DELL
SecureWorks
has
escalated
269
incidents
beyond
the
SOC

18. 18
TVA
Restricted
Informa=on
–
Delibera=ve
and
Pre-­‐Decisional
Privileged
Given
“Time
is
Money”…we
must…
• Be
more
than
compliant…compliance
ac6vi6es
are
“table
stakes”
• Be
faster…
– Iden=fy
vulnerabili=es
faster
across
the
enterprise
– Iden=fy
afacks
faster
– Work
the
development,
tes=ng,
and
deployment
of
solu=ons
faster
– Make
decisions
faster
– Restore
networks
and
systems
faster
• Be
more
agile
by
crea=ng
response
op:ons
vice
just
“stopping
the
pain”
• Systema=cally
build
a
plan
towards
becoming
resilient,
able
to
meet
mission
requirements
by
“figh=ng
through”
cyber
afacks
• We
need
a
paradigm
shi`
in
our
approach
beyond
compliance
to
become
agile
and
ul=mately
resilient
Time/Speed
Money
Cost
of
a
Cyber
Afack
$$$
The
CEO’s
Challenge
Cybersecurity
in
Context
The
Cyber
Risk
Possible
Solu=ons
The
average
cost
of
a
breach
is
about
$188
per
stolen
record,
and
the
average
loss
per
incident
is
$9.4
million
Ponemon
Ins=tute

19. 19
TVA
Restricted
Informa=on
–
Delibera=ve
and
Pre-­‐Decisional
Privileged
A
journey
towards
resilience
can
be
itera.ve
Compliant
• Con=nue
to
meet
requirements
• Expand
to
execu=ng
NERC/NIST
recommenda=ons
• Develop
op=ons
for
becoming
more
agile
and
make
plans
to
become
resilient
• Evolve
the
TVA
culture
to
embrace
cybersecurity
safety
Agile
• Harden
network
infrastructure
and
develop
op=ons
and
alterna=ves
to
become
more
robust
to
withstanding
cyber
afacks
• Develop
architectures
and
acquisi=on
strategies
that
will
serve
as
the
founda=on
for
becoming
resilient
• 1-­‐3
year
=me
frame
to
develop
and
deploy
in
stages
Resilient
• Build
security
in
to
our
infrastructure
• Execute
a
plan
and
suppor=ng
architectures
and
acquisi=on
strategy
• Withstand,
mi=gate,
and
defeat
cyber
afacks
with
planned,
rehearsed,
responses
that
ensure
mission
execu=on
• 3-­‐7
years
synchronized
with
other
programs
and
opera=ons
across
TVA
The
CEO’s
Challenge
Cybersecurity
in
Context
The
Cyber
Risk
Possible
Solu.ons
3-­‐7
Years
1-­‐3
Years
Today

20. 20
TVA
Restricted
Informa=on
–
Delibera=ve
and
Pre-­‐Decisional
Privileged
Resiliency
is
a
complex
set
of
ac.vi.es
that
must
be
programmed
into
our
“opera.onal
DNA”
and
be…
…Planned
…Prac.ced
…Unified
…
and
Resourced
• Execute
compliance
based
requirements…as
well
as
recommenda=ons
• Develop
IT/Cyber
architecture
integrated
with
other
u=lity
disciplines
for
next
genera=on
systems
• With
corresponding
and
suppor=ng
policy
implementa=ons
• And
suppor=ng
acquisi.on
strategies
for
the
“long
haul”
• Interdependencies
must
be
understood
and
documented
• Services,
data
storage,
system
cri=cality
must
be
documented
in
advance
to
program
response
ac=ons
in
a
=mely
manner
• Cyber
resiliency
must
be
prac=ced
• Leaders
and
technical
staff
trained
and
exercised
in
roles
and
responsibili=es
• Immediate
ac=on
drills
must
be
documented
and
rehearsed
Across
large,
diverse,
decentralized
organiza=ons
(e.g.,
TVA)
requires:
• Coordinated
and
integrated
architectures
• Standardize
with
“controlled
diversity”
of
approved
tools,
equipment
and
vendors
• Comprehensive
situa=onal
awareness
across
all
components
• Consolidated
and
centralized
decision
–
making…there’s
no
=me
for
debate
• Acquisi.on
strategy
that
addresses
resiliency
requirements
• Supports
security
architectures
• Maximize
IT/cyber
resources
and
interoperability
through
vendor
strategies
• Redundant
(backup)
resources
must
be
iden=fied
and
if
necessary
resourced
We
may
not
simply
declare
we
are
resilient;
rather
it
requires
a
set
of
comprehensive
reforms
organiza:onally
to
evolve
itself.
The
CEO’s
Challenge
Cybersecurity
in
Context
The
Cyber
Risk
Possible
Solu.ons

21. 21
TVA
Restricted
Informa=on
–
Delibera=ve
and
Pre-­‐Decisional
Privileged
We’ve
proposed
some
“ideas”
as
a
start
point
for
op.ons
leading
to
resilience
that
are…
• By
no
means
comprehensive
– But
intended
to
get
the
discussion
started
• Grouped
by
– Network
and
Security
Capabili=es
– Engineering
– Organiza=onal
– Supply
Chain
– Enterprise
Risk
Management
• Characterized
along
spectrums
of…
– Costs
(low,
moderate,
and
high)
– Time
(near,
mid,
and
long)
• Opportuni=es
for
the
TVA
staff
– To
embrace
and
drive
essen=al
change
across
our
organiza=on
– Build
trust
in
an
environment
of
shared
cybersecurity
safety
– To
leverage
the
unique
cross
func=onal
quali=es
of
IT/Cyber
The
CEO’s
Challenge
Cybersecurity
in
Context
The
Cyber
Risk
Possible
Solu.ons

22. TVA
Restricted
Informa=on
–
Delibera=ve
and
Pre-­‐Decisional
Privileged
Network
and
Security
Capabili.es
• Embed
TVA-­‐wide
IT/Cyber
situa.onal
awareness
within
exis=ng
TVA
opera=ons
center(s)
with
complete
performance
view
of
corporate
and
power
WAN
and
LAN
networks
– Provide
100%
situa=onal
awareness
of
ALL
TVA
(transmission,
IT,
nuclear,
etc.)
– Efficiencies
and
cost
savings
– High
Cost
–
Long
Term
• Enhanced
Incident
Response
capabili.es
across
the
en=re
enterprise
– Enhance
Unity
of
Effort
and
decrease
response
=mes
– Low
Cost
–
Near
Term
• Evaluate
cybersecurity
effec.veness
of
network
carriers
and
embed
corresponding
requirements
in
contracts
– Create
op=ons
to
increase
robust
network
capabili=es
and
capacity
– Low
Cost
–
Mid
Term
• Work
with
vendors
to
ensure
cybersecurity
is
built
in
to
their
products
including
situa.onal
awareness
– Moderate
Cost
–
Long
Term
• Examine
op.ons
for
establishing
the
means
for
tes.ng
Vendor
products
and
our
own
(e.g.,
incorporated
network
firewalls,
wireless
encryp=on
and
DMZ’s
as
the
primary
maintenance
and
diagnos=c
hub
for
plant
)
– Require
Vendor
cer=fica=on
through
the
facility
– Moderate
cost
–
Mid
Term
• Con.nue
to
expand
and
build
on
current
government
rela.onships
at
the
network
level
and
through
policies
and
procedures
– Low
Cost
–
Near
Term
The
CEO’s
Challenge
Cybersecurity
in
Context
The
Cyber
Risk
Possible
Solu.ons

23. …and…
Engineering
• Embed
cybersecurity
technology
in
all
Engineering
ini.a.ves
and
architectures
(all
forms,
civil,
mechanical,
power,
IT)
as
a
requirement
for
program
approval
– Require
resiliency
strategies
in
opera=onal
and
acquisi=on
reviews
and
escalate
the
concept
into
the
strategic
plan
– Cultural
shi`
– Low
cost
–
Near
Term
• Build
an
IT/cyber
architecture
that
captures
the
ideas,
op=ons,
and
plans
for
securing
the
network
to
serve
as
the
founda=on
of
our
cyber
resiliency
– Low
Cost
–
Mid
Term
• Improve
and
invest
in
data
reten.on
and
back-­‐
up
strategies
across
TVA
(corporate
IT
and
plant)
to
enable
recovery
when
needed
– Moderate
Costs
–
Mid
Term
Organiza.onal
• Inextricably
bind
security
and
safety
e.g.
“If
it’s
not
secure,
it’s
not
safe”
– Culture
shi`…safely
opera=ng
network,
individual
computers,
etc.
– Low
Cost
–
Near
Term
• Promote
cybersecurity
safety
across
the
TVA
(e.g.,
staff,
customers,
vendors,
etc.)
– For
smart
grid,
demand
response,
financial,
and
other
inter-­‐connec=ons
– Low
Cost
–
Near
Term
• A_ract
and
recruit
technology
companies
into
Tennessee
Valley
who
build
programmable
components
and
thereby
enhance
the
defense
industrial
base
security
and
that
of
u=li=es/
cri=cal
infrastructure
– Manufacturers
become
customers
– Low
Cost
–
Long
Term
The
CEO’s
Challenge
Cybersecurity
in
Context
The
Cyber
Risk
Possible
Solu.ons

24. …and…
Supply
Chain
• Perform
a
source
of
supply
analysis
on
programmable
logic
components
(relays,
switches,
routers,
etc.)
to
determine
country
of
origin;
conduct
cost-­‐benefit
analysis
for
replacing
PLCs
per
risk
analysis
– Low
Cost
–
Near
Term
• Increase
security
specifica.ons
on
all
acquisi=ons
– Low
Cost
–
Near
Term
• Reward
vendors
and
partners
who
exhibit
excep.onal
security
performance
– Contractual
requirements,
measures,
and
rewards
for
securely
maintaining
vendor
supplied
technologies
– Create
vendor
guidelines
for
security
standards
through
contracts
– Low
Cost
–
Near,
Mid,
and
Long
Term
(contract
dependent)
• Use
pre-­‐ve_ed
Government
contract
vehicles
to
acquire
security
services
when
possible
– Low
Cost
–
Near
Term
Enterprise
Risk
Management
• Raise
cyber
risk
awareness
– Understand
the
impact
of
cyber
threats
to
all
current
TVA
Risks
– Low
Cost
–
Near
Term
• Adjust
Enterprise
Risk
Management
(ERM)
to
more
fully
address
financial
implica=ons
of
the
risks
and
impacts
of
cyber
afacks
– Low
Cost
–
Near
Term
• Expand
opera.onal
risk
view
to
“look
outside
the
fence”
and
ensure
communica=ons
and
collabora=on
are
occurring
with
en==es
external
and
internal
to
TVA
The
CEO’s
Challenge
Cybersecurity
in
Context
The
Cyber
Risk
Possible
Solu.ons

25. 25
TVA
Restricted
Informa=on
–
Delibera=ve
and
Pre-­‐Decisional
Privileged
We
won’t
get
there
overnight
…
but
we
need
to
start
now
Acquisi=on
strategy
drawn
from
a
comprehensive
architecture
to
balance
capital
with
O&M
expenditures
Consolidate
IT
Architecture
to
guide
IT
and
cyber
decisions
Vendor/Supplier
DMZ
established
elimina=ng
remotely
managed
systems
Mission
Cri=cal
Environment
for
management
of
most
important
data
and
systems
“Smart
Grid”
deployment
Unified
cyber
incidence
response
strategy
Ideas
–
Op=ons
–
Plan
Embed
IT/Cyber
situa=onal
awareness
capabili=es
in
opera=ons
Create
so`ware,
hardware
tes=ng
capability
including
wireless
&
mobility
Publish
Vendor
Security
requirements
2013
-­‐
Compliant
(meet
requirements)
2016
-­‐
Agile
(have
op=ons)
2020
–
Resilient
(cybersecurity
built
in)
The
Threat
Build/Expand
cyber
intelligence
sources
Perform
source
supply
analysis
of
cri=cal
cyber
components
Afract/recruit
technology
companies
to
the
valley
Our
goal
must
be
to
close
this
gap
The
CEO’s
Challenge
Cybersecurity
in
Context
The
Cyber
Risk
Possible
Solu.ons
In the 20th Century TVA built an incredible economic engine
for the Nation and benefited immeasurably from advances in
technology; In the 21st Century we must now transform how
we employ that technology to protect our mission

26. TVA
Restricted
Informa=on
–
Delibera=ve
and
Pre-­‐Decisional
Privileged
So
here
is
the
bo_om
line
• We
face
serious
financial
challenges
• Over
the
past
50
years,
advances
in
technology
made
significant
contribu=ons
to
achieving
the
TVA
mission
– Today,
virtually
everything
we
do,
depends
on
the
network
– That
reliance
has
introduced
significant
business
risk
…
and
the
cyber
threat
is
growing
• Our
approach
to
cybersecurity
has
been
par=ally
compliance
based…but
we
are
making
cuZng
edge
investments
to
develop
a
broader
capability
and
have
been
lauded
by
mul=ple
agencies
for
our
dynamic
approach
• We
s=ll
need
a
paradigm
shi`
across
the
agency
– Con=nue
to
be
fully
compliant
– Increase
response
op=ons
to
become
resilient;
focused
on
con=nuing
the
mission
– Engineer
cybersecurity
standards
in
the
system
design
process
and
a
suppor=ng
cyber/IT
acquisi=on
strategy
• We’ve
captured
ideas
from
across
the
TVA
…
we
need
to
examine
them
and
iden=fy
more
• And
as
we
do
so…
fulfill
our
CEO’s
challenge
• And
the
broader
set
of
benefits
we
may
derive
are
compelling
– Serve
as
an
industry
leader
for
how
to
integrate
cybersecurity
and
energy/power
– Leverage
the
collec=ve
efforts
to
evolve
our
culture
– Exercise
cross
func=onal
ini=a=ves
in
developing
workable
op=ons
– Enhance
both
trust
and
safety
through
the
process
There
will
be
costs…but
the
cost
of
doing
nothing
could
be
staggering

27. TVA
Restricted
Informa=on
–
Delibera=ve
and
Pre-­‐Decisional
Privileged
Tennessee
Valley
Authority
Julie
Soutuyo
Senior
Program
Manager
Email:
jsoutuyo@tva.gov
Phone:
(703)
862-­‐0819
Discussion,
Ques.ons,
and
Feedback
Discussion,
Ques=ons
&
Feedback