cyber security incident reporting
play

Cyber Security Incident Reporting Notice of Proposed Rulemaking - PowerPoint PPT Presentation

Mar 28, 2023 •337 likes •460 views

Supply Chain Risk Management Reliability Standard and Cyber Security Incident Reporting Notice of Proposed Rulemaking Update --- Patricia Eke Energy Industry Analyst Office of Electric Reliability June 7, 2018 6/7/2018 Disclaimer The

  1. Supply Chain Risk Management Reliability Standard and Cyber Security Incident Reporting Notice of Proposed Rulemaking Update --- Patricia Eke Energy Industry Analyst Office of Electric Reliability June 7, 2018 6/7/2018

  2. Disclaimer The views expressed herein are mine, and do not necessarily reflect the views of the Commission, individual Commissioners, Commission staff, or individual Commission staff members 6/7/2018 2

  3. Supply Chain Risk Management Reliability Standard ( Order No. 829) • Issued by the Commission: July 21, 2016 Directs NERC to develop Reliability Standard(s) for supply • chain risk management for industrial control system hardware, software, and computing and networking services associated with the Bulk-Power System • Mitigate risk of a cybersecurity incident associated with reliable operations of the Bulk-Power System 6/7/2018 3

  4. FERC Order No. 829 In FERC Order No. 829, the Commission directed NERC to develop a Reliability Standard(s) to address supply chain risk management. The new or modified Standard should address the following security objectives: 1. Software Integrity and Authenticity 2. Vendor Remote Access 3. Information System Planning 4. Vendor Risk Management & Procurement Controls 6/7/2018 4

  5. FERC Order No. 829 • On September 26, 2017, NERC proposed new and enhanced Reliability Standards to address supply chain cybersecurity risk management as directed in Order No. 829:  CIP-013-1 (Cybersecurity- Supply Chain Risk Management Reliability Standards)  CIP-005-6 (Electronic Security Perimeter) and;  CIP-010-3 (Configuration Change Management) NERC Board of Trustees issued resolutions directing NERC • to further study supply chain risks 6/7/2018 5

  6. FERC Order No. 829 • On January 18, 2018, the Commission proposed to adopt enhanced Supply Chain Risk Management Reliability Standards (SCRM) • The Commission proposed to find that a significant cyber security risk remains in the proposed SCRM Standards and proposed to direct NERC to:  Include Electronic Access Control or Monitoring Systems (EACMS) associated with medium and high impact bulk electric systems within the scope of the SCRM Standards and; Evaluate the risks presented by Physical Access Control  Systems (PACS) and Protected Cyber Assets ( PCA) as part of the study proposed by the NERC Board of Trustees 6 6/7/2018

  7. FERC Order No. 829 • Deadline for Comments: March 26, 2018 • Comments currently under Commission staff review 6/7/2018 7

  8. Cyber Security Incident Reporting Notice of Proposed Rulemaking (NOPR) • Issued by the Commission: December 21, 2017 • Proposes to direct NERC to develop and submit modifications to the Critical Infrastructure Protection (CIP) Reliability Standards to improve the reporting of Cyber Security Incidents, including incidents that might facilitate subsequent efforts to harm the reliable operation of the bulk electric system 8 6/7/2018

  9. Cyber Security Incident Reporting NOPR • Current reporting thresholds may understate the true scope of cyber-related threats facing the Bulk-Power System. • Lack of any NERC reportable cybersecurity incidents in 2015 and 2016, suggests a gap in the current reporting requirements  DOE Electric Disturbance Reporting Form OE-417 contained four cybersecurity incidents reported in 2016: two suspected cyber attacks and two actual cyber attacks in 2016.  ICS-CERT responded to fifty-nine (59) cybersecurity incidents within the Energy Sector in 2016. 9 6/7/2018

  10. Cyber Security Incident Reporting NOPR Includes Five Proposals 1. Expanding the reporting threshold to include attempted compromise as well as actual compromise. 2. Specifying the content required in mandatory cyber security incident reporting. 3. Establishing a deadline for when the entity must file a cyber security incident report to E-ISAC. 4. Including DHS ICS-CERT as a mandatory recipient of these incident report. 5. Requiring that NERC file an annual, public, and anonymized summary of the cyber security incidents. 10 6/7/2018

  11. Cyber Security Incident Reporting NOPR • Deadline for Comments: February 26, 2018 • Comments currently under Commission staff review 6/7/2018 11

  12. Questions? 6/7/2018 12

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Cyber Security Risk Using the Cyber Security Measurement Framework Cyber Security Framework

Cyber Security Risk Using the Cyber Security Measurement Framework Cyber Security Framework

Cyber Security Risk Using the Cyber Security Measurement Framework Cyber Security Framework Reporting Objectives Executive Summary Information Assess Current Cyber Security Posture Measure Progress Toward Improvement Assess

634 views • 5 slides
BC Oil and Gas Commission Incident Reporting 1 Incident Reporting: Systems and Processes

BC Oil and Gas Commission Incident Reporting 1 Incident Reporting: Systems and Processes

BC Oil and Gas Commission Incident Reporting 1 Incident Reporting: Systems and Processes Regulatory Framework In British Columbia, oil and gas incidents are managed in accordance with the following legislation and regulations: 1. The Oil and

277 views • 12 slides
Cyber security technology consulting, incident response and applied research company with a

Cyber security technology consulting, incident response and applied research company with a

Cyber security technology consulting, incident response and applied research company with a focus on services for specialized public service providers, finance industry and corporations with high data sensitivity. NRDCS.L T TIMETABLE FOR

612 views • 12 slides
Vancouver 2010 Olympics Lessons Learned: Cyber Robert Pitcher, Cyber Incident Handler

Vancouver 2010 Olympics Lessons Learned: Cyber Robert Pitcher, Cyber Incident Handler

Vancouver 2010 Olympics Lessons Learned: Cyber Robert Pitcher, Cyber Incident Handler robert.pitcher@ps.gc.ca Public Safety Canada FIRST Conference 15 June 2011 Agenda Canadian Cyber Incident Response Centre Roles and Responsibilities

408 views • 21 slides
Maritime cyber security Jakob P. Larsen, Head of Maritime Security jpl@bimco.org 2019 ReCAAP ISC

Maritime cyber security Jakob P. Larsen, Head of Maritime Security jpl@bimco.org 2019 ReCAAP ISC

Maritime cyber security Jakob P. Larsen, Head of Maritime Security jpl@bimco.org 2019 ReCAAP ISC Piracy and Sea Robbery Conference Agenda The regulatory framework Shipping industry guidance Cyber incident examples from real life

355 views • 10 slides
GE Incident Response Insight Awareness Advantage Sean Mason Director, Incident Response

GE Incident Response Insight Awareness Advantage Sean Mason Director, Incident Response

GE Incident Response Insight Awareness Advantage Sean Mason Director, Incident Response Investing in new talent & capabilities Incident response Cyber intelligence Digital forensics Security architecture Identity management

609 views • 42 slides
2018 Data Security Incident Response Report Building Cyber Resilience: Compromise Response

2018 Data Security Incident Response Report Building Cyber Resilience: Compromise Response

2018 Data Security Incident Response Report Building Cyber Resilience: Compromise Response Intelligence in Action April 11, 2018 Contact Information Theodore J. Kobus, III Casie D. Collignon Leader, Privacy and Data Protection Practice

448 views • 23 slides
Shorting, reporting and profiting in the era of cyber security Recent short seller collaborations

Shorting, reporting and profiting in the era of cyber security Recent short seller collaborations

SHORT SELLING Shorting, reporting and profiting in the era of cyber security Recent short seller collaborations with security researchers demonstrate a new trend in the evolving short seller strategy of publishing harmful information about a

154 views • 3 slides
UTSA Secure Information and Resource Sharing in Cloud Infrastructure as a Service Cyber Incident

UTSA Secure Information and Resource Sharing in Cloud Infrastructure as a Service Cyber Incident

UTSA Secure Information and Resource Sharing in Cloud Infrastructure as a Service Cyber Incident Response Models for Information and Resource Sharing Amy(Yun) Zhang, Ravi Sandhu Institute for Cyber Security University of Texas at San

704 views • 42 slides
CERT Symposium: Cyber Security Incident Management for Health Information Exchanges June 26, 2013

CERT Symposium: Cyber Security Incident Management for Health Information Exchanges June 26, 2013

Pennsylvania eHealth Partnership Authority Pennsylvanias Journey for Health Information Exchange CERT Symposium: Cyber Security Incident Management for Health Information Exchanges June 26, 2013 Pittsburgh, PA The Journey to the Triple AI

916 views • 33 slides
Cyber Security in Mining Automation Ragnar Schierholz, Head of Cyber Security, Industrial

Cyber Security in Mining Automation Ragnar Schierholz, Head of Cyber Security, Industrial

ABB MINING USER CONFERENCE, MAY 02-05, 2017 Cyber Security in Mining Automation Ragnar Schierholz, Head of Cyber Security, Industrial Automation Division Agenda Why worry about cyber security? ABBs approach to cyber security Cyber security

1.07k views • 39 slides
UTSA Community-Based Secure Information and Resource Sharing in AWS Public Cloud Cyber Incident

UTSA Community-Based Secure Information and Resource Sharing in AWS Public Cloud Cyber Incident

UTSA Community-Based Secure Information and Resource Sharing in AWS Public Cloud Cyber Incident Response A Model for Information and Resource Sharing Amy(Yun) Zhang, Farhan Patwa, Ravi Sandhu Institute for Cyber Security University of Texas

578 views • 19 slides
Biovigilance Component Hemovigilance Module Incident Reporting National Center for Emerging and

Biovigilance Component Hemovigilance Module Incident Reporting National Center for Emerging and

Biovigilance Component Hemovigilance Module Incident Reporting National Center for Emerging and Zoonotic Infectious Diseases Division of Healthcare Quality Promotion 1 Objectives Review key terms used in incident reporting. Provide

822 views • 39 slides
Biovigilance Component Hemovigilance Module Incident Reporting National Center for Emerging and

Biovigilance Component Hemovigilance Module Incident Reporting National Center for Emerging and

Biovigilance Component Hemovigilance Module Incident Reporting National Center for Emerging and Zoonotic Infectious Diseases Division of Healthcare Quality Promotion 1 Objectives Review key terms used in incident reporting Provide

694 views • 44 slides
Incident Reporting: a lawyers perspective OECD Expert Workshop on Improving the Measurement of

Incident Reporting: a lawyers perspective OECD Expert Workshop on Improving the Measurement of

Incident Reporting: a lawyers perspective OECD Expert Workshop on Improving the Measurement of Security Incidents and Risk Management Swiss Re Centre for Global Dialogue Hans Allnutt Partner hallnutt@dacbeachcroft.com (+44) 20 7894 6925

677 views • 9 slides
UTSA Community-Based Secure Information and Resource Sharing in Azure Cloud IaaS Cyber Incident

UTSA Community-Based Secure Information and Resource Sharing in Azure Cloud IaaS Cyber Incident

UTSA Community-Based Secure Information and Resource Sharing in Azure Cloud IaaS Cyber Incident Response Models for Information and Resource Sharing Yun Zhang, Farhan Patwa , Ravi Sandhu Institute for Cyber Security University of Texas at

711 views • 20 slides
Global Supply Chains and Wage Inequality Arnaud Costinot Jonathan Vogel Su Wang MIT, Columbia,

Global Supply Chains and Wage Inequality Arnaud Costinot Jonathan Vogel Su Wang MIT, Columbia,

Global Supply Chains and Wage Inequality Arnaud Costinot Jonathan Vogel Su Wang MIT, Columbia, MIT January 2012 CVW (MIT, Columbia, MIT) Global Supply Chains and Wage Inequality January 2012 1 / 18 Motivation Most production processes

578 views • 18 slides
OPEN DAY 2020 WELCOME TO THE GRADUATE DIPLOMA (HD) PROGRAMME IN SUPPLY CHAIN MANAGEMENT Open

OPEN DAY 2020 WELCOME TO THE GRADUATE DIPLOMA (HD) PROGRAMME IN SUPPLY CHAIN MANAGEMENT Open

OPEN DAY 2020 WELCOME TO THE GRADUATE DIPLOMA (HD) PROGRAMME IN SUPPLY CHAIN MANAGEMENT Open Day Slide Graduate Diploma in Supply Chain Management 1 SCM IS ABOUT ORCHESTRATING SUPPLY CHAINS AND TEARING DOWN FUNCTIONAL SILOS consumer

270 views • 12 slides
The Aerospace & Defense Forum Arizona Chapter January 12, 2017 1840 West 1 st Avenue Mesa,

The Aerospace & Defense Forum Arizona Chapter January 12, 2017 1840 West 1 st Avenue Mesa,

The Aerospace & Defense Forum Arizona Chapter January 12, 2017 1840 West 1 st Avenue Mesa, AZ 85202 www.phxlogistics.com sales@phxlogistics.com INTRODUCTION TO SALES, INVENTORY AND OPERATIONS PLANNING (SIOP) Thank you to our Chapter Host:

642 views • 12 slides
Women in Supply Chain Succession Planning in Organizations Thursday, August 27, 12:00 p.m.

Women in Supply Chain Succession Planning in Organizations Thursday, August 27, 12:00 p.m.

Women in Supply Chain Succession Planning in Organizations Thursday, August 27, 12:00 p.m. 1:00 p.m. Center for Supply Chain Management The Center for Supply Chain management focuses on supporting our students through: Applied

2.18k views • 15 slides
Managing human rights risks in the supply chain Business & Human Rights in Brazil online

Managing human rights risks in the supply chain Business & Human Rights in Brazil online

Managing human rights risks in the supply chain Business & Human Rights in Brazil online workshop series 23 June 2020 Webinar logistics Chatham House rule Use the information you receive today, but do not affiliate the information with

250 views • 23 slides
Discrete simulation examples Prof.dr.ir. Alexander Verbraeck Professor, Faculty of TPM, TU Delft

Discrete simulation examples Prof.dr.ir. Alexander Verbraeck Professor, Faculty of TPM, TU Delft

Discrete simulation examples Prof.dr.ir. Alexander Verbraeck Professor, Faculty of TPM, TU Delft Overview Types of discrete-event simulation software: general purpose drag-and-drop programming libraries Case 1: Airport

586 views • 20 slides
SPLC meeting Betty Cremmins Washington, DC Senior Manager, Supply Chain May 2014 betty@cdp.net

SPLC meeting Betty Cremmins Washington, DC Senior Manager, Supply Chain May 2014 betty@cdp.net

SPLC meeting Betty Cremmins Washington, DC Senior Manager, Supply Chain May 2014 betty@cdp.net | +1 212 378 2085 www.cdp.net | @CDP CDP s Mission and Programs {{ To transform the global economic system to prevent dangerous climate

194 views • 17 slides
Running Supply Chains is like a Massively Multiplayer Online Game Michael Hugos CIO at Large,

Running Supply Chains is like a Massively Multiplayer Online Game Michael Hugos CIO at Large,

Running Supply Chains is like a Massively Multiplayer Online Game Michael Hugos CIO at Large, SCM Globe http: / / scmglobe.com/ Supply Chain Challenges Best laid plans quickly out of date Steady Volatile (planning cycles take too long)

468 views • 15 slides

More recommend