When we talk about cyber security, we recognize that it is part of a holistic approach to security and critical infrastructure protection. Tools and technology are not enough to ensure that mission critical systems provide capabilities needed for the military, continuity of government and commercial enterprises to continue operations in the face of emerging threats. Recognizing the unique nature of our location on the Hawaiian Islands in the middle of the Pacific, we also understand the importance of collaboration and alignment of critical infrastructure protection among the military, state government, commercial and public stakeholders. A comprehensive approach needs to include innovative capabilities, a thorough analysis of operational dependencies, and the organizational collaboration required to protect critical capabilities. In this session, we will discuss our innovate approach to developing a holistic cyber security approach for critical infrastructure and share a case study to help you think differently about your own approaches for security.

1. This document contains Booz Allen Hamilton, Inc. Proprietary and Confidential Business Information.
A Holistic Approach for Reimagining Cyber Defense
23 February 2016

2. This document contains Booz Allen Hamilton, Inc. Proprietary and Confidential Business Information. .
Introduction
The Approach
• Know
• Protect
• Respond
• Mature
Sector Study- The Electric Utility Sector
Agenda
2

3. This document contains Booz Allen Hamilton, Inc. Proprietary and Confidential Business Information. .
Mission
Booz Allen Hamilton partners with clients to solve their most important and complex problems,
making their mission our mission and delivering results that endure
What We Bring
Expertise, objectivity, and the capabilities of exceptional people —combined with the
institutional experience of helping clients succeed for 100 years
What Distinguishes Us
Booz Allen combines a consultant’s unique problem-solving orientation with deep technical
knowledge and strong execution to help clients achieve success in their critical missions
The Firm
 Annual Revenue — $4 billion
 Public corporation
 Founded in 1914
Scale and Scope
 Over 24,000 talented people, serving
clients from more than 80 offices
 Approx. 300 staff in Hawaii
 Office in Honolulu for over 20 years
Booz Allen Hamilton is a leading strategy & technology
consulting firm and solutions provider

4. This document contains Booz Allen Hamilton, Inc. Proprietary and Confidential Business Information. .
Asset Management- Realizing tailored asset management systems
that enable proper classification, tracking, protection, configuration,
and usage of those assets.
Situational Awareness- Establishing real-time visibility into your
cyber ecosystem, providing insights into activities that impact your
unique environment.
Threat Intelligence- Providing clear insights on current and
emerging threat activity in order to drive more informed and precise
decision making.
Vulnerability Management- Identifying, quantifying, and prioritizing
the vulnerabilities in systems, networks, processes, or applications,
and developing plans for intelligently reducing vulnerability.
Know- Understand your business and the cyber risk within
it
4

5. This document contains Booz Allen Hamilton, Inc. Proprietary and Confidential Business Information. .
Specific alerts and warnings relevant to the client are more
valuable than generic reports of vulnerabilities
5
Cyber4Sight- Booz Allen developed the line of Cyber4Sight® to provide cyber
threat alerting and warning services, on-call intelligence analysis, and deep web
intelligence that warn our clients of threats in near real-time.
Insider4Sight- Rogue internal employees fly under the radar of organizations that
use network audit tools to prevent outside threats. I4S was created to identify
insider threats using advanced detection and analytical tools.
Global4Sight- Our line of threat and competitive intelligence Global4Sight™
products combine open-source cloud architecture with social media research and
intelligence analysis to give clients key information on global threats and global
market opportunities.

6. This document contains Booz Allen Hamilton, Inc. Proprietary and Confidential Business Information. .
 Application Security- Developing and deploying software assurance processes,
controls, and countermeasures to secure software applications throughout the product
lifecycle--from design to maintenance.
 Identity & Access Management- Enabling program design support and deployment
of solutions to assure that information is derived from a trusted source and is only
available to authorized entities.
 Information Protection- Cross-disciplinary solutions to protect sensitive information
from unauthorized access, use, disclosure, disruption, modification, recording, and
destruction.
 Infrastructure & Mobile Security- Providing a stable and resilient baseline
infrastructure, along with a flexible and secure mobile platform that meets mission and
business needs.
 Supplier Security Management- Applying industry-leading, vendor-agnostic
solutions to carefully identify, prioritize, and manage risk in your supply chain and
across your supplier community.
Protect- Secure your organization, operations, products,
and services
6

7. This document contains Booz Allen Hamilton, Inc. Proprietary and Confidential Business Information. .
Continuous Monitoring can help Compliance and Network
Management/Defense needs across the Enterprise.
7

8. This document contains Booz Allen Hamilton, Inc. Proprietary and Confidential Business Information. .
Incident Response- Support to assess incidents,
mitigate the issue, determine the extent of exposure, and
manage communications.
Postmortem Analysis- Analysis of security incidents to
support investigations, document lessons learned, and
improve the overall incident response process.
Remediation- Development and implementation of
targeted action plans for short-term incident containment
and longer-term ecosystem resilience.
Respond- Triage, respond, and learn from cyber incidents
8

9. This document contains Booz Allen Hamilton, Inc. Proprietary and Confidential Business Information. .
Automated First Responder (AFR) – arms analysts with a
proven tool to identify and eradicate APTs
APT-specific suite of tools that can rapidly identify
APTs and their malicious code
Software Distribution
Server
Collection
Server
Enterprise
Workstations/Servers
Standalone Analysis
Environment
Processing
Server
Analyst
1
2
3
4 5
9
Analyst

10. This document contains Booz Allen Hamilton, Inc. Proprietary and Confidential Business Information. .
 Awareness- Development and deployment of tailored and impactful training content
to ensure organization-wide awareness and adoption of cyber security priorities.
 Governance- Establishment of environment-specific cyber strategy, policies, and
procedures, along with impactful organizational designs and operating models.
 Human Capital Development- Fostering and maintaining a secure cyber
environment via attracting, developing, and retaining a high-performing cyber
workforce.
 Information Risk Management- Design and delivery of processes and tools for
methodically identifying, analyzing, prioritizing, responding to, and monitoring cyber
risks.
 Organizational Change Management- Holistically managing the transition of
business processes, technologies, and cultures from a current state to a desired
target state.
Mature- Build and manage a world-class cyber program and
workforce.
10

11. This document contains Booz Allen Hamilton, Inc. Proprietary and Confidential Business Information. .
Effective governance requires a comprehensive and
detailed strategy backed by clear and effective policies
11
Functional and
enabling controls
Functional controls are more technical/operational in nature (e.g., application security,
vulnerability assessment), while enabling controls pertain to governance, risk management, and
other organizational functions that support (i.e., enable) the technical operations
Appropriate Level
Views- high and
low
Logically organized objectives and measures that are used to pinpoint and evaluate specific
aspects of your security program
Address all
dimensions
People, process, and technology dimensions – Multifaceted views that let you evaluate each
control area in its key component parts
Maturity Spectrum A maturity spectrum of granular and measureable details – A clear scale of maturity, defined by
characteristics and indicators to accurately assess your level of maturity
Best Practices A foundation grounded in established best practices – Developed from best practices across
industry, government, and academia.

12. This document contains Booz Allen Hamilton, Inc. Proprietary and Confidential Business Information. .
Current state of the industry
Where it is going
Implications
Case Study- The electric utility industry
12

13. This document contains Booz Allen Hamilton, Inc. Proprietary and Confidential Business Information. .
All investor and privately held utilities are regulated by state
regulatory commissions and federal agencies
Why Regulated?
 Utilities are “natural monopolies”
• Major scale economies on distribution
• Generation not a “natural monopoly”
• Retail not a “natural monopoly” although significant scale economies apply
 Utilities provide a public “good”
• Integral to function of society and economy
• Safety and reliability issues
State Utility
Commissions
DOE,
NERC, DOT,
et. al.
FERC
Rates and Services
Service Complaints
Reliability
Service Territory
Expansions /
Investments
Ownership
Reporting
Ownership
Reliability
Access
Reporting
Reliability
Safety

14. This document contains Booz Allen Hamilton, Inc. Proprietary and Confidential Business Information. .
An electric transaction in a market with a single buyer and
competitive generation
Utility
Transmission
Residential
Customers
Commercial
Customers
Industrial
Customers
Utility Buyer
Utility Generation
Distribution
Independent
Generation
Independent
Generation
Examples: Georgia, Alabama

15. This document contains Booz Allen Hamilton, Inc. Proprietary and Confidential Business Information. .
An electric transaction in a market with wholesale /
industrial competition
Utility
Transmission
Distribution
Regulated Utility
Generation
Independent
Generation
Independent
Generation
Wholesale
Marketers
System
Operations
Residential
Customers
Small
Commercial
Customers
Industrial
Customers
Large
Commercial
Customers
Generation
Coordinator
Examples: New York, California

16. This document contains Booz Allen Hamilton, Inc. Proprietary and Confidential Business Information. .
Due to regulation, utilities have limited options for making
and spending money
Utilities’ profit is almost always best on a regulated rate
of return on capital investment
Operations and Maintenance (including fuel for those
that generate) is usually a pass through, but must be
justified before the regulators (PUS/PSC)
Reliability is their key metric
• Used to justify new capital investments
• Poor reliability gets a lot of negative attention from
customers and politicians
• Regulators respond to this negative attention

17. This document contains Booz Allen Hamilton, Inc. Proprietary and Confidential Business Information. .
Historically, severe weather accounts for the majority of grid
reliability issues, but physical attacks are a growing concern
Major Grid Disturbances
0
20
40
60
80
100
120
140
160
2003 2004 2005 2006 2007 2008 2014
Weather Equipment Control Systems Human Error Load Shedding Other
Number
Of
Incidents
Source: EIA, BAH Analysis

18. This document contains Booz Allen Hamilton, Inc. Proprietary and Confidential Business Information. .
Compliance Example- DTE Cyber Program Development
18
Detroit Edison (DTE)
Cyber Security Program Assessment and Gap Analysis, Procedure Development
Client
Challenge
Detroit Edison (DTE) sought an outside perspective on their position relative to key
milestone requirements for implementation of NEI 08-09, and support to create a
compliance roadmap including resource estimates to meet required deadlines.
Booz Allen
Solution
To support DTE, Booz Allen:
 Reviewed existing DTE procedures against the requirements of NEI 08-09
 Formulated recommendations to address compliance gaps
 Helped to quantify the LOE required for CDA Assessments, Critical System and
CDA identification and documentation, and sustaining program support (excluding
remediation required from initial assessments)
 Assessed DTE’s level of compliance with 2012 milestones, and made
recommendations to re-deploy labor to meet this year’s deadlines in the area of
Critical System/CDA identification and documentation
 Initiated effort to support development of the set of additional needed required
procedures
Results DTE implemented recommendations for labor re-direction and is on track to meet all
2012 milestones. Procedures are currently under development to allow full compliance
within the required timeline.

19. This document contains Booz Allen Hamilton, Inc. Proprietary and Confidential Business Information. .
Because of these reasons cyber security has been only a
compliance issue, but things are changing

20. This document contains Booz Allen Hamilton, Inc. Proprietary and Confidential Business Information. .
As the grid transforms it will become more dependent upon
“smart” technology- increasing the need for cyber security
20