ELECTRIC SECTOR MANAGED SECURITY SERVICES: A LOOK AHEAD NOVEMBER 7, - - PowerPoint PPT Presentation

▶

Mar 13, 2024 142 likes •204 views

ANNUAL INDUSTRY WORKSHOP NOVEMBER 6-7, 2013 ELECTRIC SECTOR MANAGED SECURITY SERVICES: A LOOK AHEAD NOVEMBER 7, 2013 BILL MENTER DIRECTOR, VIASAT TRUSTWORTHY CYBER INFRASTRUCTURE FOR THE POWER GRID | TCIPG.ORG 1 UNIVERSITY OF ILLINOIS |

SLIDE 1

ANNUAL INDUSTRY WORKSHOP NOVEMBER 6-7, 2013

TRUSTWORTHY CYBER INFRASTRUCTURE FOR THE POWER GRID | TCIPG.ORG

UNIVERSITY OF ILLINOIS | DARTMOUTH COLLEGE | UC DAVIS | WASHINGTON STATE UNIVERSITY

FUNDING SUPPORT PROVIDED BY DOE-OE AND DHS S&T

1

ELECTRIC SECTOR MANAGED SECURITY SERVICES: A LOOK AHEAD BILL MENTER

DIRECTOR, VIASAT NOVEMBER 7, 2013

SLIDE 2

2

ANNUAL INDUSTRY WORKSHOP – NOVEMBER 6-7, 2013

TRUSTWORTHY CYBER INFRASTRUCTURE FOR THE POWER GRID | TCIPG.OR G

FIRST THINGS FIRST

Disclaimer: We do not provide Managed

Security Services

But our on-going Common Cybersecurity

Services (CCS) development with several Utilities is causing us to think about how the MSS model may evolve

SLIDE 3

3

ANNUAL INDUSTRY WORKSHOP – NOVEMBER 6-7, 2013

TRUSTWORTHY CYBER INFRASTRUCTURE FOR THE POWER GRID | TCIPG.OR G

CYBERSECURITY MARKET FORCES

Electric Sector Market forces

– The Cyber threat is increasing (and will continue to do so) – Security Compliance rigor is increasing, as are the financial penalties for non-compliance – Utility budgets are tight (and will be for awhile)

These forces will put enormous pressure on

Utilities for the foreseeable future

The Utilities will adapt in different ways

SLIDE 4

4

ANNUAL INDUSTRY WORKSHOP – NOVEMBER 6-7, 2013

TRUSTWORTHY CYBER INFRASTRUCTURE FOR THE POWER GRID | TCIPG.OR G

MSS SHIFT #1 – UTILITIES’ ADAPTATION

In the new Cyber Era, size matters

– Large utilities (e.g., IOUs) will build/expand their

wn Security Operations Center (SOC) capability

– Co-ops may collaborate – e.g., a centralized SOC – Small independent utilities will likely need help from outside orgs due to cost constraints

Possible adaptation approaches

– New business model for large Utilities: provide MSS/SOC capability to Utilities that can’t afford their own – More cross-Utility cyber defense cooperation

SLIDE 5

5

ANNUAL INDUSTRY WORKSHOP – NOVEMBER 6-7, 2013

TRUSTWORTHY CYBER INFRASTRUCTURE FOR THE POWER GRID | TCIPG.OR G

MSS SHIFT #2 – NEW CAPABILITIES

Cybersecurity Visualization: Visual cueing of

Cyber network / physical status

Dynamic NERC CIP 5 compliance

assessment: automated, real-time Compliance measurement and notification

Automated cyber response: Wire-rate

protection IAW human-controlled “policy”

Cooperative tipping & cueing: Formalized

ANNUAL INDUSTRY WORKSHOP NOVEMBER 6-7, 2013

1

ELECTRIC SECTOR MANAGED SECURITY SERVICES: A LOOK AHEAD BILL MENTER

2

FIRST THINGS FIRST

Security Services

Services (CCS) development with several Utilities is causing us to think about how the MSS model may evolve

3

CYBERSECURITY MARKET FORCES

– The Cyber threat is increasing (and will continue to do so) – Security Compliance rigor is increasing, as are the financial penalties for non-compliance – Utility budgets are tight (and will be for awhile)

Utilities for the foreseeable future

4

MSS SHIFT #1 – UTILITIES’ ADAPTATION

– Large utilities (e.g., IOUs) will build/expand their

– Co-ops may collaborate – e.g., a centralized SOC – Small independent utilities will likely need help from outside orgs due to cost constraints

– New business model for large Utilities: provide MSS/SOC capability to Utilities that can’t afford their own – More cross-Utility cyber defense cooperation

5

MSS SHIFT #2 – NEW CAPABILITIES

Cyber network / physical status

assessment: automated, real-time Compliance measurement and notification

protection IAW human-controlled “policy”

intel sharing on Cyber incidents and pre- cursor events