ef effec ecti tive ve appro roache ches s to to
play

EF EFFEC ECTI TIVE VE APPRO ROACHE CHES S TO TO CYBERSE - PowerPoint PPT Presentation

Jan 01, 2024 •192 likes •465 views

EF EFFEC ECTI TIVE VE APPRO ROACHE CHES S TO TO CYBERSE SECUR URITY FOR UT UTILITIES TERRY M. JARRETT HEALY & HEALY ATTORNEYS AT LAW, LLC OCTOBER 24, 2013 1 AGENDA Why Cybersecurity? A Few Helpful Cybersecurity Concepts

  1. EF EFFEC ECTI TIVE VE APPRO ROACHE CHES S TO TO CYBERSE SECUR URITY FOR UT UTILITIES TERRY M. JARRETT HEALY & HEALY ATTORNEYS AT LAW, LLC OCTOBER 24, 2013 1

  2. AGENDA • Why Cybersecurity? • A Few Helpful Cybersecurity Concepts • Developing Expertise: Cybersecurity Resources 2

  3. WHY CYBERSECURITY? 3

  4. JUST LOOK AT RECENT HEADLINES IN THE NEWS . . . • “State -Sponsored Cyber Attacks - This is Only the Beginning: Survey,” securityweek.com, September 4, 2013 • “Syria's cyberattack: First wave of a bigger war ?,” cnn.com, August 30, 2013 • “Exclusive: Cyberattack Leaves Natural Gas Pipelines Vulnerable to Sabotage,” csmonitor.com, February 27, 2013 • “Chinese Hackers Seen as Increasingly Professional, Experts Say,” FoxNews.com, February 25, 2013 • “Hackers Take Aim at Key U.S. Infrastructure,” money.cnn.com, February 20, 2013 • “US Says Iranian Hackers Behind Electronic Assaults on US Banks, Foreign Energy Firms,” Wall St. Journal, October 12, 2012 4

  5. ANOTHER KEY REASON CYBERSECURITY MATTERS • According to NERC’s monthly Key Compliance Trends publication, there are about 100 CIP violations per month • Fines for compliance violations can be up to $1 million/day, and in the past four years, actual fines assessed have totaled more than $150 million 5

  6. HIGHER o Largest IOUs Cyber-security resources Most Impact o Transmission Operators o Generators o Other IOUs Most Vulnerable o Distribution Utilities (Electric, Water, Gas) o Smallest Utilities LOWER Impact from Attack HIGHER 6

  7. CYBER THREATS • The power grid is transitioning from a previously isolated environment to a complex interconnected one • Smart grid may be vulnerable to cyber attacks because it has extensive information systems and communications systems components • As new smart grid technologies are deployed, new vulnerabilities and risks increase 7

  8. THREAT SOURCES • Hackers • Alone or in a group (like Anonymous). They are doing it primarily for fun, to cause embarrassment, or to make a political statement. • Disgruntled Employees • Organized Criminal Elements • Industrial Spies • These are malicious actors interested in stealing information for financial gain • Nation-states • Malicious actors interested in taking down the grid as part of a larger attack or cyber warfare • This is increasing 8

  9. WHAT IS THE GOAL OF CYBERSECURITY? • Goal is not to have a response to a cyber threat that is piecemeal, reactive, or fragmented • Aim is to encourage proactive and strategic action on the part of utilities, rather than a patchwork response 9

  10. A Few Helpful Cybersecurity Concepts 10

  11. CONCEPTS THAT SHOULD INFORM AN ASSESSMENT OF A UTILITY’S CYBERSECURITY PERFORMANCE • Prioritizing systems and networks over components • Ensuring that human factors are considered • Deploying defense-in-depth • Promoting system resilience 11

  12. SECURING SYSTEMS AND NETWORKS VS. DEVICES ON THE NETWORK • Cybersecurity may call for securing entire networks, in addition to devices on that network. • For example, the meters within a smart grid system can be fortified against attack, but in order to ensure that the entire network of the smart grid system is secure, the components linking those meters, as well as every other component in between, must be secured as well. 12

  13. SECURING SYSTEMS AND NETWORKS VS. DEVICES ON THE NETWORK • Another example: An employee brings a thumb drive infected with malware to work and plugs it into his or her computer. You want a security system that can isolate and quarantine the malware before it infects the entire system. 13

  14. PERSONNEL SURETY: SECURING PEOPLE AS WELL AS SYSTEMS • A system is only as secure as the people who run and operate it. • Training is essential to ensure that in the event of a cyber attack, personnel are skilled in identifying and responding to the impacts. • Personnel can also be “insiders” involved in a deliberate or accidental cybersecurity breach. Identifying key personnel and using background checks is a potential strategy to mitigate this, but once they have been hired, policies that limit an individual’s ability to inflict harm may also be important. 14

  15. DEFENSE-IN-DEPTH • Achieving defense-in-depth requires placing multiple, diverse barriers in front of a potential attacker • An overall cybersecurity policy that calls for multiple measures and employs cybersecurity strategies such as identifying authentication and authorization, admission control, encryption, integrity checking, detections of policy violations, data logging and data auditing • Effective cybersecurity often encompasses physical as well as technological measures – restricted access to server rooms, locks on smart meters, security fencing and cameras at key substations, for example 15

  16. RESILIENCE AND RECOVERY • Resilience ensures that the unexpected will not persist indefinitely • A resilient system will not only be prepared for deterring, defending against and mitigating attacks, but also for ensuring quick and efficient restoration in the event that an attack compromises the system, through disaster recovery planning 16

  17. REGULATORY OVERSIGHT • Regulatory role is increasing • More cyber attacks to business processes and NERC CIP Standards compliance are driving new cybersecurity expenditures by utilities • Deployment of smart grid adds new cost and reliability elements 17

  18. Deve veloping loping Expertise ertise: : Cybe berse rsecurity curity Res esourc ources es 18

  19. FOUR KEY AREAS THAT MOTIVATE AND INFORM UTILITY INVESTMENTS IN CYBERSECURITY • Good business practices by the utilities • Laws • Enforceable standards • Voluntary best-practice guidance 19

  20. GOOD BUSINESS PRACTICES • It’s good business for utilities to avoid power outages • Customer complaints • Regulatory, political and public scrutiny • So, its good business to prevent cyber attacks on their systems 20

  21. LAWS • State laws require that utilities must provide safe and adequate (reliable) service • In Missouri, statute is § 393.130.1, RSMo • Federal Law • FERC regulates the interstate transmission of electricity, natural gas, and oil. FERC also reviews proposals to build liquefied natural gas (LNG) terminals and interstate natural gas pipelines as well as licensing hydropower projects. 21

  22. ENFORCEABLE STANDARDS • North American Electric Reliability Corporation Critical Infrastructure Protection Reliability Standards (NERC CIP) http://www.nerc.com/page.php?cid=6|69 • These standards already drive a good deal of cybersecurity investments and, as greater coverage is applied to protection of the electric grid, this process will only become more important. • NERC’s CIP efforts include standards development, compliance enforcement, and supporting and providing technical subject matter expertise to the program. 22

  23. VOLUNTARY BEST PRACTICE GUIDANCE • National Institute of Standards and Technology ( NIST) Smart Grid Interoperability Panel and Cyber Security Working Group http://collaborate.nist.gov/twiki- sggrid/bin/view/SmartGrid/CyberSecurityCTG • NIST Interagency Report (NISTIR) 7628, Guidelines for Smart Grid Cyber Security, available here: http://csrc.nist.gov/publications/PubsNISTIRs.html #NIST-IR-7628 23

  24. VOLUNTARY BEST PRACTICE GUIDANCE • National Electric Sector Cybersecurity Organization (NESCO)/National Electric Sector Cybersecurity Organization Resource (NESCOR) • Formed by DOE, NESCO creates a “comprehensive public private partnership to coordinate the efforts in the industry to meet the growing challenge of securing the electric sector.” • Formed by EnergySec and the Electric Power Research Institute (EPRI), NESCOR is intended to strengthen the cyber security posture of the electric sector by establishing a broad-based public-private partnership with the Department of Energy (DOE) for collaboration and cooperation. • The two organizations bring together experts to strengthen the cybersecurity posture of the electric sector by working with the DOE Electricity Sector Information Sharing and Analysis Center and industry. 24

  25. AMERICAN PUBLIC POWER ASSOCIATION (APPA) • www.publicpower.org 25

  26. CONCLUSIONS • Cyber security is a process, not an end goal • Absolute cybersecurity is neither attainable, nor is it the end goal • Cybersecurity is best approached through a nimble and complex balance of functionality, security and cost • Planning for, protecting against, detecting and responding to cyber attack must take into account a dynamic relationship of systems, physical components, people and their function 26

  27. QUESTIONS? Terry M. Jarrett Healy & Healy Law Offices, LLC 573-415-8379 terry@healylawoffices.com 27

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Developing an effec tive Developing an effec tive c our c our c our c our se outc omes se

Developing an effec tive Developing an effec tive c our c our c our c our se outc omes se

Developing an effec tive Developing an effec tive c our c our c our c our se outc omes se outc omes se outc omes se outc omes Pr Pr of Dr of Dr Shahr Shahr in Mohammad in Mohammad Dir Dir ec tor ec tor of Ac ademic Quality of

730 views • 27 slides
ape utic s. Delivering safe and effec tive therapeutic s in pe t the r that elevate the standard

ape utic s. Delivering safe and effec tive therapeutic s in pe t the r that elevate the standard

A pione e r ape utic s. Delivering safe and effec tive therapeutic s in pe t the r that elevate the standard o f c are in veterinary medic ine 1 Provided March 14, 2018. Provided March 14, 2018. Safe Har bor State me nt Special Note Regarding

332 views • 31 slides
Co mmunity Ba se d Pa rtic ipa to ry Appro a c he s to Unde rsta nding a nd Addre ssing L a

Co mmunity Ba se d Pa rtic ipa to ry Appro a c he s to Unde rsta nding a nd Addre ssing L a

Co mmunity Ba se d Pa rtic ipa to ry Appro a c he s to Unde rsta nding a nd Addre ssing L a te HI V Dia g no sis in Oa kla nd A Co lla b o ra tive Ca se Study Aminatu R. Yusuf 1 , Christina Grijalva 2 , Sandi Mc Co y 3 , PhD, MPH, Carla

100 views • 9 slides
So c ia l Sa b o ta g e o f the Pe rso n with Dia b e te s A T ria l Cha lle ng ing Our Appro

So c ia l Sa b o ta g e o f the Pe rso n with Dia b e te s A T ria l Cha lle ng ing Our Appro

So c ia l Sa b o ta g e o f the Pe rso n with Dia b e te s A T ria l Cha lle ng ing Our Appro a c h to Ca re Me g a n Muo z, MSN, CMSRN, CDCE S Ba c he lo r s a nd Ma ste r s o f Nursing Ce rtific a tio ns in Me dic a l Surg ic a

1k views • 66 slides
Ma rke t-Ba se d Appro a c he s to Sto rmwa te r Ma na g e me nt A dia lo g ue fro m the Na

Ma rke t-Ba se d Appro a c he s to Sto rmwa te r Ma na g e me nt A dia lo g ue fro m the Na

Ma rke t-Ba se d Appro a c he s to Sto rmwa te r Ma na g e me nt A dia lo g ue fro m the Na tio na l Ne two rk o n Wa te r Qua lity T ra ding 4640 SW Macadam Ave., Suite 50, Portland, OR 97239 | T: 503.946.8350 | F: 971.229.1968 | W:

483 views • 10 slides
An Appro a c h to F o rma liza tio n o f the I nfo rma l E c o no my in Ja ma ic a F or

An Appro a c h to F o rma liza tio n o f the I nfo rma l E c o no my in Ja ma ic a F or

An Appro a c h to F o rma liza tio n o f the I nfo rma l E c o no my in Ja ma ic a F or malization Me e ting on E xpe r ie nc e s in L atin Ame r ic a and the Car ibbe an unde r the F OR L AC Pr ogr amme 20-21 Apr il, 2015,

397 views • 28 slides
Mid Sweden University stersund, Sweden MILEN International Conference, 22-23 Nov 2012, Oslo,

Mid Sweden University stersund, Sweden MILEN International Conference, 22-23 Nov 2012, Oslo,

Or Orga ganiza nizati tion onal persp al perspec ecti tive ves on s on ad adop opti tion on of of en energ ergy effi y efficien ciency cy mea measu sures res in S in Swed wedish ish multi multi- storey store y ap

466 views • 20 slides
Welcome to Robert Frost! Principal Mrs. Roache Im so excited youre here today! My goal is

Welcome to Robert Frost! Principal Mrs. Roache Im so excited youre here today! My goal is

Welcome to Robert Frost! Principal Mrs. Roache Im so excited youre here today! My goal is that each of your children learn and grow more than ever here at Robert Frost! I look forward to partnering with you this year please do not

598 views • 13 slides
Obj Objec ecti tives ves Afte ter r th this session, on, you you wi will ll be ab able

Obj Objec ecti tives ves Afte ter r th this session, on, you you wi will ll be ab able

Obj Objec ecti tives ves Afte ter r th this session, on, you you wi will ll be ab able e to: Explain the Guardianship Assistance Program (GAP), including eligibility and benefits. Describe Permanent Guardianship and apply FSFN

492 views • 32 slides
INC O ME SHARE AG REEMENT S: A NEW APPRO AC H T O PAY FO R C O L L EG E? Cou ourtne ney M

INC O ME SHARE AG REEMENT S: A NEW APPRO AC H T O PAY FO R C O L L EG E? Cou ourtne ney M

INC O ME SHARE AG REEMENT S: A NEW APPRO AC H T O PAY FO R C O L L EG E? Cou ourtne ney M y McB cBeth Univ iver ersit ity of y of Utah ah Terri T i Tayl ylor Mode oderated b by: Lumin ina F Foun oundat datio ion Ben B

307 views • 28 slides
Ac tive Co lla b o ra tive L e a rning a nd F a c ulty De ve lo pme nt in the Re de sig n o

Ac tive Co lla b o ra tive L e a rning a nd F a c ulty De ve lo pme nt in the Re de sig n o

Ac tive Co lla b o ra tive L e a rning a nd F a c ulty De ve lo pme nt in the Re de sig n o f I ntro duc to ry Ma the ma tic s Co urse Mic he lle Gua n a nd Ve sna K ilib a rda I U No rthwe st Ja nua ry 19 th , 2019 Jo int Ma the ma

562 views • 23 slides
New (an New (and d old) old) Stu Bowns Stu B ns Insp Inspec ecti tion on HYDROM HYD

New (an New (and d old) old) Stu Bowns Stu B ns Insp Inspec ecti tion on HYDROM HYD

Michigan WEA Collect Mi higan WEA Collections ions Seminar Seminar October Octobe r 1, 20 1, 2009 09 New (an New (and d old) old) Stu Bowns Stu B ns Insp Inspec ecti tion on HYDROM HYD OMAX USA USA 859-512 859 512-7878

395 views • 39 slides
What is Value? How can we make effec,ve decisions

What is Value? How can we make effec,ve decisions

What is Value? How can we make effec,ve decisions unless we understand Value? How do we gain a sense of fulfilment or of purpose

321 views • 15 slides
Using Restora-ve Concepts and Approaches for More Effec-ve

Using Restora-ve Concepts and Approaches for More Effec-ve

Using Restora-ve Concepts and Approaches for More Effec-ve Employee Engagement IIRP European Conference Sharon Mast June 10,2015 FACT or FICTION

665 views • 31 slides
Effec%ve Test Data Management in End-To-End and API

Effec%ve Test Data Management in End-To-End and API

Effec%ve Test Data Management in End-To-End and API Tes%ng in Agile environment. Excel isnt a long-term solu1on Mark Lambert (VP Products

652 views • 28 slides
T he ra pe utic Appro a c he s to Juve nile Co urt K a the rine Ha ze n, MA, JD Me la nie

T he ra pe utic Appro a c he s to Juve nile Co urt K a the rine Ha ze n, MA, JD Me la nie

6/18/2018 T he ra pe utic Appro a c he s to Juve nile Co urt K a the rine Ha ze n, MA, JD Me la nie F e ssing e r L a ure l Jo hnso n, JD & Ho n. E liza b e th Crnko vic h Ove rvie w I ntro duc tio ns Psyc ho lo g ic a

413 views • 20 slides
Project Plan BAPS 2: Battle Aircraft Position Share 2 The Capstone Experience Team Boeing Chris

Project Plan BAPS 2: Battle Aircraft Position Share 2 The Capstone Experience Team Boeing Chris

Project Plan BAPS 2: Battle Aircraft Position Share 2 The Capstone Experience Team Boeing Chris Heuser Josh Theisen Nick Palm Devin Rosen Department of Computer Science and Engineering Michigan State University Fall 2011 From Students

436 views • 11 slides
The Internet as a Field of War Anne Plouy Claerwen OHara Louis Lonet Lucy Turner Leiden

The Internet as a Field of War Anne Plouy Claerwen OHara Louis Lonet Lucy Turner Leiden

The Internet as a Field of War Anne Plouy Claerwen OHara Louis Lonet Lucy Turner Leiden University, The Netherlands Leiden University, 16/11/2015 Why? Military spending Increase in attacks Heightened vulnerability Increase in

186 views • 15 slides
SCALABILITY OF COMPOSITE INDICES OF WELL-BEING: INDICES OF WELL-BEING: THE CASE OF THE THE CASE

SCALABILITY OF COMPOSITE INDICES OF WELL-BEING: INDICES OF WELL-BEING: THE CASE OF THE THE CASE

FCD CWI FCD CWI SCALABILITY OF COMPOSITE INDICES OF WELL-BEING: INDICES OF WELL-BEING: THE CASE OF THE THE CASE OF THE CHILD AND YOUTH WELL-BEING INDEX* Kenneth C. Land, Ph.D., Duke University Italian Association for Quality of Life Studies

722 views • 35 slides
The Pupil Voice Forum 2016/2017 Beth Thomas Participation and Childrens Rights Worker

The Pupil Voice Forum 2016/2017 Beth Thomas Participation and Childrens Rights Worker

The Pupil Voice Forum 2016/2017 Beth Thomas Participation and Childrens Rights Worker (Schools) Schools Scrutiny Work Programme, August 31 st 2017 Contents 1. Aims of the Pupil Voice 7. Session Format Forum 8. Analysis of Sessions 2.

384 views • 21 slides
1/13/09 FLOCON 2009, Scottsdale, AZ DoD Disclaimer This document was prepared as a service to

1/13/09 FLOCON 2009, Scottsdale, AZ DoD Disclaimer This document was prepared as a service to

1/13/09 FLOCON 2009, Scottsdale, AZ DoD Disclaimer This document was prepared as a service to the DoD community. Neither the United States Government nor any of their employees, makes any warranty, expressed or implied, or assumes any legal

287 views • 17 slides
What is Our Greatest Cyber-Security Threat? OT vulnerability explained and national conversation

What is Our Greatest Cyber-Security Threat? OT vulnerability explained and national conversation

What is Our Greatest Cyber-Security Threat? OT vulnerability explained and national conversation about security and privacy urged at ASU Biodesign presentation Where is the U.S. most vulnerable to cyber-security attack? And, what is the greatest

80 views • 4 slides
6th Plenary meeting of the LoD-12 9 th of June 2020 International Air Force Semester via VTC

6th Plenary meeting of the LoD-12 9 th of June 2020 International Air Force Semester via VTC

6th Plenary meeting of the LoD-12 9 th of June 2020 International Air Force Semester via VTC Proposal Submission Partners Intellectual Outputs Learning-Teaching-Training Activities Agenda Transnational Meetings

279 views • 24 slides
UTCS Scholarships for Service Preparing for a Career in Security Dr. Bill Young Department of

UTCS Scholarships for Service Preparing for a Career in Security Dr. Bill Young Department of

UTCS Scholarships for Service Preparing for a Career in Security Dr. Bill Young Department of Computer Sciences University of Texas at Austin Spring, 2016 Slideset 1: 1 UTCS Scholarships for Service How Bad Is It? Cyberwarfare greater

510 views • 13 slides

More recommend