ground truth competency assessment for smart grid cyber
play

Ground Truth Competency Assessment for Smart Grid Cyber Security - PowerPoint PPT Presentation

May 16, 2023 •308 likes •595 views

Ground Truth Competency Assessment for Smart Grid Cyber Security TCIPG May 4, 2012 Michael Assante President, NBISE David H. Tobey, Ph.D. Director of Research The Need for Cyber Defenders "Everywhere I go, across the country, CEOs and

  1. Ground Truth Competency Assessment for Smart Grid Cyber Security TCIPG May 4, 2012 Michael Assante President, NBISE David H. Tobey, Ph.D. Director of Research

  2. The Need for Cyber Defenders "Everywhere I go, across the country, CEOs and business leaders tell me that one of their chief concerns is having the highly skilled workers they need to power their companies. They believe, and this administration believes, that a globally competitive economy requires a globally competitive workforce…” Secretary of Commerce John Bryson 2

  3. Grid Modernization  Explosion of interconnected automation & intelligence  Growing complexity & sophistication of cyber concerns  Develop adaptive & resilient systems (people & technology)  Onboard new & transforming our current workforce

  4. 21 st Century Grid – Cross Cutting Challenge of Cyber Security Plug-In Hybrid Electric Vehicles / Storage reliability Wind & Variable Generation Demand Response Conventional & “smart grid” Demand Hydro Generation Energy Efficiency Nuclear Rooftop Solar / Local cyber security Wind Development Drivers Policy Security Economic Building the 21 st century grid requires a comprehensive and coordinated approach to policy and resource development – looking at the grid as a whole, not as component parts.

  5. Growing Numbers/Complexity Requires major productivity Things gains and accelerated skill development Devices & Devices Microcontrollers Internet People Hosts Devices Departments PC Organizations Mini Mainframe 1960 1970 1980 1990 2000 2010

  6. NBISE’s Mission Our mission is to increase the security of our nation’s critical infrastructure by improving the science by which we identify and measure the proficiency, the performance, and the potential of the cyber security workforce. Our vision is to establish a national, open source library of assessment, instruction, target practice, and performance support tools that advance cyber defense skills through combining lessons learned from cognitive science and psychometrics. We seek to codify, validate, and disseminate evidence-based practices for accelerating the development of competencies that enable effective performance in addressing the growing cybersecurity threat.

  7. How can we assess and develop the future cybersecurity workforce? 1. Job Definition and Competency Analysis 5. 2. Aptitude Professional Assessment Development 6. Ongoing Plans Performance Support & Simulation Source: Assante, M. J. & Tobey, D. H. (2011) Enhancing the Cybersecurity Workforce. IEEE IT Professional, 13: 12-15. 4. 3. Proficiency Instructional and & Simulation Performance Design Assessment

  8. Moving from summative to formative assessments Example from NBME Examinee Performance Profile

  9. Foundational Support to Achieving the Benefits of Grid Modernization  Purpose: The project contributes to the Department of Energy’s efforts to develop a competency model and explore assessment methods focused on the job responsibilities and unique skill set of Smart Grid cybersecurity specialists. This work is designed to provide a foundation for industry’s ongoing efforts to transform and develop the workforce necessary to achieve the benefits of grid modernization.  Who: Those primarily responsible for operational security functions for day- to-day operations, but not engineering and architecture, in smart grid environments.  How: Examination of the technical, problem solving, social and analytical skills used by senior cyber security staff in the daily execution of their responsibilities.  Verify: A measurement model for assessing knowledge, skills, and abilities in the areas of technical and operational skills.

  10. Subject Matter Expert Panel and Advisory Group Panel Members Panel Officers • • Lee Aber - OPower Chair – Justin Searle UtiliSec • • Sandeep Agrawal - Neilsoft Limited Vice Chair - Scott King Sempra Energy • Bora Akyol - PNNL • Andres Andreu - NeuroFuzz, LLC • Balusamy Arumugam - Infosys Advisory Group • Chris Blask - AlienVault • John Allen – IEIA Forum • Andy Bochman - IBM • Joel Garmon - Wake Forest Baptist Medical Center • Jason Christopher - FERC (CISO) • Art Conklin - University of Houston • Dr. Emannuel - Hooper Global Info Intel and Harvard • Benjamin Damm - Silver Springs Network • Bill Hunteman • Anthony David Scott - Accenture • Jamey Sample - PG&E • Steve Dougherty - IBM Global Technology Services • Ido Dubrawsky - Itron Panel Member • Michael Echols - Salt River Project • Dr. Barbara Endicott-Popovsky - University of Washington Representation • Cliff Eyre - PNNL • Maria Hayden - Pentagon • Charles Reilly – Southern California Edison • Craig Rosen - PG&E Service • Scott Saunders - SMUD • Chris Sawall - Ameren Gov't • Paul Skare - PNNL • Clay Storey - Avista Industry • Dan Thanos - GE Digital Energy • Kevin Tydings - SAIC Research • Don Weber - InGuardians • Mike Wenstrom - Mike Wenstrom Development Partners Vendor • Nic Ziccardi - Network & Security Technologies

  11. Security Testing & Smart Grid Source: Searle, Justin (2012) AMI Penetration Test Plan, National Electric Sector Cybersecurity Organization.

  12. Current Draft OST Competency Model Constructs (Goal & Task Categories) Constructs (Goal & Task Categories) Manage the project Mitigate vulnerabilities • • Develop project plan Identify resources • • Monitor project plan Plan and document actions • Communicate actions Identify the critical vulnerabilities Understand and demonstrate impact • • Identify critical vulnerabilities Specify target-specific impact • • Analyze and map critical vulnerabilities Determine implications/plan response • • Develop and execute mitigation strategy Communicate impact Penetrate targets Educate team and clients • • Educate team Identify targets to penetrate • • Educate clients Analyze targets to penetrate • Develop and execute penetration strategy Exploit vulnerabilities • Infrastructure • Web and Applications • Other • Perform tasks in a safe and lawful fashion

  13. Developing the Science of Competency Assessment: JOB PERFORMANCE MODELING

  14. What is a competency? Broad Consistent Skills (consistency of performance) Ability (transfer across domains) Inconsistent Narrow Knowledge Shallow Deep (understanding of strategy or procedure) = Novice = Apprentice = Journeyman = Master Source: Tobey, D. H. et. al. (in press) Predictive Performance Modeling: An innovative approach to defining critical competencies that distinguish levels of performance," National Board of Information Security Examiners, Idaho Falls, ID, OST Working Group Report NBISE-OST-11-01

  15. Defining proficiency at multiple levels for multiple roles Source: Tobey, D. H. et. al. (2011) Predictive Performance Modeling: An innovative approach to defining critical competencies that distinguish levels of performance," National Board of Information Security Examiners, Idaho Falls, ID, OST Working Group Report NBISE-OST-11-01

  16. Critical Differentiation Analysis Task Criticality Low High Task Differentiation #1 … #1 … #2 … #2 … Low #3 … #3 … #4 … #4 … #5 … #5 … #1 … #1 … #2 … #2 … High #3 … #3 … #4 … #4 … #5 … #5 …

  17. Defining the path to performance Masters Source: Tobey, D. H. et. al. (2011) Predictive Performance Modeling: An innovative approach to defining critical competencies that distinguish levels of performance," National Board of Information Security Examiners, Idaho Falls, ID, OST Working Group Report NBISE-OST-11-01 Apprentices Journeymen

  18. Self-Assessment Instrument Knowledge (Understanding) • Learning Modes/Hours • Degree of understanding • Degree of difficulty Skill (Consistency) • Self-efficacy scale • Frequency scale • Performance scale Ability • Planning and Monitoring • Problem Solving

  19. Individual Competency Profile: Radial Chart Views by Composite, Knowledge, Skill, and Ability Mitigate Vulnerabilities 10 8 6 4 Exploit Penetrate Targets vulnerabilities 2 0 Identify Vulnerabilities Performance Levels • Red: Low performance • Yellow : Borderline performance • Green : High performance

  20. Individual Competency Profile: Drill-down (Penetrate targets) Foundational Tasks Composite Comparative score score Identify ownership of gateway devices (16.77) 83.8 Average Identify recon that is within project scope (15.63) 46.8 Low Search online sources for useful information about a target (15.45) 53.5 Average Differentiating Tasks (with weights) Analyze data found on compromised machines to enable exploitation Average 36.0 deeper into the network (24.02) Identify major assets subject to attacks (23.67) 87.2 High Identify targets for potential exploitation (23.67) 56.0 High Analyze data found on compromised machines for strategic value as 26.2 Low seen by a worst case attacker (23.60) Overall Score My Score 54.9 Average Knowledge Skill Ability Identify recon that is within project scope 86.5 27.4 47.3

  21. Workforce Planning Source: International Center for Leadership in Education (ICLE) Rigor/Relevance Framework ( Daggett, 2000)

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

GRID PHD GRID, PHD The Smart Grid Cyber Security and the Future of Keeping the Lights On The

GRID PHD GRID, PHD The Smart Grid Cyber Security and the Future of Keeping the Lights On The

GRID PHD GRID, PHD The Smart Grid Cyber Security and the Future of Keeping the Lights On The Smart Grid, Cyber Security, and the Future of Keeping the Lights On Kelly Ziegler Chi f O Chief Operating Officer ti Offi National Board of

1.01k views • 48 slides
Smart Grid Cyber Security Deakin University, La Trobe University, RMIT and The University of

Smart Grid Cyber Security Deakin University, La Trobe University, RMIT and The University of

Smart Grid Cyber Security Deakin University, La Trobe University, RMIT and The University of Melbourne Smart Grid Cyber Security The smart power grid is transforming towards a large cyber- physical system. The increased reliance of

397 views • 22 slides
NIST and the Smart Grid Annabelle Lee Senior Cyber Security Strategist National Institute of

NIST and the Smart Grid Annabelle Lee Senior Cyber Security Strategist National Institute of

NIST and the Smart Grid Annabelle Lee Senior Cyber Security Strategist National Institute of Standards and Technology U.S. Department of Commerce 11 January 2010 Why Do We Need Smart Grids? Fundamental Drivers Smart Grid goals Reduce

711 views • 34 slides
Smart Grid Increasing the IQ of the Smart Grid Unclear exactly what the smart grid is, but

Smart Grid Increasing the IQ of the Smart Grid Unclear exactly what the smart grid is, but

Smart Grid Increasing the IQ of the Smart Grid Unclear exactly what the smart grid is, but Through Active Customer it does include Participation in Wholesale Electricity Interval meters Markets Storage and load flexibility

465 views • 15 slides
Cyber Security for Smart Grid Devices Annarita Giani Electrical Engineering & Computer

Cyber Security for Smart Grid Devices Annarita Giani Electrical Engineering & Computer

Cyber Security for Smart Grid Devices Annarita Giani Electrical Engineering & Computer Sciences University of California at Berkeley agiani@eecs.berkeley.edu Trustworthy Cyber Infrastructure for the Power Grid center here at Illinois

630 views • 44 slides
Smart and Adaptive Cyber-Physical Systems Chapters 1,2 Cyber-Physical Systems Smart mobility

Smart and Adaptive Cyber-Physical Systems Chapters 1,2 Cyber-Physical Systems Smart mobility

Smart and Adaptive Cyber-Physical Systems Chapters 1,2 Cyber-Physical Systems Smart mobility Smart factory Smart grid Smart XX Smart health care Smart city But what does it mean to be smart ?

1.79k views • 102 slides
The Intersection of Smart Grid Technology and Intellectual Property Issues Finding the Keys to

The Intersection of Smart Grid Technology and Intellectual Property Issues Finding the Keys to

The Intersection of Smart Grid Technology and Intellectual Property Issues Finding the Keys to the Smart Grid Ken Van Meter Principal, Energy and Cyber Services Lockheed Martin The Smart Grid is, and must be, a national priority Security

333 views • 9 slides
Cyber-Physical Security for the Smart Grid Deepa Kundur Texas A&M University (Joint work

Cyber-Physical Security for the Smart Grid Deepa Kundur Texas A&M University (Joint work

Cyber-Physical Security for the Smart Grid Deepa Kundur Texas A&M University (Joint work with Shan Liu, Takis Zourntos and Karen Butler-Purry) CYBER SECURITY POWER SYSTEMS DYNAMICAL SYSTEMS 2 A Smarter Grid MARRIAGE OF INFORMATION

1.86k views • 46 slides
Ground-Truth Driven Cyber Security Research: Some Examples Mustaque Ahamad, Georgia Tech, NYU Abu

Ground-Truth Driven Cyber Security Research: Some Examples Mustaque Ahamad, Georgia Tech, NYU Abu

Ground-Truth Driven Cyber Security Research: Some Examples Mustaque Ahamad, Georgia Tech, NYU Abu Dhabi and Pindrop Paul Royal, Georgia Tech Terry Nelms, Georgia Tech & Damballa Roberto Perdisci, University of Georgia Page 1 Background

554 views • 42 slides
Sustainability and Smart Grid Implementing a Non residential Smart Metering System PaperCon

Sustainability and Smart Grid Implementing a Non residential Smart Metering System PaperCon

Sustainability and Smart Grid Implementing a Non residential Smart Metering System PaperCon 2011 Page 195 Smart Grid Popular Topics in the News Smart Grid Smart Meter Smart Meter Micro Grid Distributive Generation Most talk is

427 views • 39 slides
Modernizing T&D on the Electric Grid 11/29/2011 Mark Nealon System Meter & Smart Grid

Modernizing T&D on the Electric Grid 11/29/2011 Mark Nealon System Meter & Smart Grid

Modernizing T&D on the Electric Grid 11/29/2011 Mark Nealon System Meter & Smart Grid Ameren Missouri PSC Smart Grid Technical Conference 1 What is the Smart Grid? What Smart Grid means to Ameren Transform Amerens grid to

341 views • 7 slides
Smart Grid Smart Grid Our Mission Our Mission Seattle City Light is dedicated to exceeding our

Smart Grid Smart Grid Our Mission Our Mission Seattle City Light is dedicated to exceeding our

Smart Grid Smart Grid Our Mission Our Mission Seattle City Light is dedicated to exceeding our customers expectations in producing and delivering environmentally responsible, safe, low cost and reliable power. The Smart Grid Definition

222 views • 19 slides
Analyzing Resiliency of Smart Grid Communication Architectures under Cyber Attacks Anas Al

Analyzing Resiliency of Smart Grid Communication Architectures under Cyber Attacks Anas Al

Analyzing Resiliency of Smart Grid Communication Architectures under Cyber Attacks Anas Al Majali, Arun Viswanathan and Clifford Neuman USC/Information Sciences Institute 1 Information Sciences Institute Part I Quick Overview 2

761 views • 42 slides
Smart Grid As Smart as the Quality of its Measurements by Linoh Magagula, PhD, MIEEE,

Smart Grid As Smart as the Quality of its Measurements by Linoh Magagula, PhD, MIEEE,

Smart Grid As Smart as the Quality of its Measurements by Linoh Magagula, PhD, MIEEE, National Metrology Institute of South Africa (NMISA) Smart: communication; sensing; control Smart grid intelligently integrated electricity

397 views • 18 slides
Technologies for the Smart Grid Smart Power Grid Technology Conference Dr. William Kao May 12,

Technologies for the Smart Grid Smart Power Grid Technology Conference Dr. William Kao May 12,

Technologies for the Smart Grid Smart Power Grid Technology Conference Dr. William Kao May 12, 2011 Agenda Smart Grid : what is it? Three important elements towards achieving SM: Architecture, Communications, Technology Five key SG

161 views • 15 slides
3. Overall vision of smart grid The so called smart grid should be Intelligent - capable of

3. Overall vision of smart grid The so called smart grid should be Intelligent - capable of

3. Overall vision of smart grid The so called smart grid should be Intelligent - capable of sensing, rerouting power, and minimizing a potential outage - work autonomously and respond faster than humans Efficient - capable of meeting

278 views • 11 slides
Homeland Security Exercise Evaluation Program (HSEEP) Pat Anders Manager, Health Emergency

Homeland Security Exercise Evaluation Program (HSEEP) Pat Anders Manager, Health Emergency

Homeland Security Exercise Evaluation Program (HSEEP) Pat Anders Manager, Health Emergency Preparedness Exercises Office of Health Emergency Preparedness 2 Target Audience The target audience for HSEEP training includes: Exercise Planning

1.5k views • 96 slides
Upgrading Distribution Resilience: A DOE-OE Solicitation Tuesday, April 7, 2015 Hosted by Todd

Upgrading Distribution Resilience: A DOE-OE Solicitation Tuesday, April 7, 2015 Hosted by Todd

Energy Storage Technology Advancement Partnership (ESTAP) Webinar: Upgrading Distribution Resilience: A DOE-OE Solicitation Tuesday, April 7, 2015 Hosted by Todd Olinsky-Paul ESTAP Project Director, CESA Housekeeping State & Federal

828 views • 58 slides
Use Case Analysis for Smart Cities and Communities Gyu Myoung Lee ITU-T Chair of FG-DPM, WP3/13

Use Case Analysis for Smart Cities and Communities Gyu Myoung Lee ITU-T Chair of FG-DPM, WP3/13

Workshop on Smart Sustainable Cities Samarkand, Uzbekistan, 1-2 June 2017 Use Case Analysis for Smart Cities and Communities Gyu Myoung Lee ITU-T Chair of FG-DPM, WP3/13 Co-chair, Q16/13 and Q4/20 Rapporteur LJMU UK/ KAIST Korea

829 views • 26 slides
Infrastructure-Industry Working Group Quarterly Meeting July 31, 2019 3:00-4:30 pm (Eastern)

Infrastructure-Industry Working Group Quarterly Meeting July 31, 2019 3:00-4:30 pm (Eastern)

CAT Coalition Infrastructure-Industry Working Group Quarterly Meeting July 31, 2019 3:00-4:30 pm (Eastern) Agenda Welcome and Introductions Co- Chairs Remarks Overview of Phase 2 Year 2 Work plan FHWA Updates Guest

1.12k views • 86 slides
Tripwire Inferring Internet Site Compromise Joe DeBlasio Stefan Savage UC San Diego Geoffrey

Tripwire Inferring Internet Site Compromise Joe DeBlasio Stefan Savage UC San Diego Geoffrey

Tripwire Inferring Internet Site Compromise Joe DeBlasio Stefan Savage UC San Diego Geoffrey M. Voelker Alex C. Snoeren On account compromise Compromise of email/social network/etc is devastating Personal/professional reputational, financial

798 views • 49 slides
Forward Error Correction using Erasure Codes using Erasure Codes Reference : L. Rizzo,

Forward Error Correction using Erasure Codes using Erasure Codes Reference : L. Rizzo,

Forward Error Correction using Erasure Codes using Erasure Codes Reference : L. Rizzo, Effective Erasure Codes for Reliable Computer Communication Protocols, ACM p SIGCOMM Computer Communication Review , April 1997 Erasure codes (Simon

705 views • 25 slides
Generic RTP Payload Format for Forward Error Correction in Video Applications

Generic RTP Payload Format for Forward Error Correction in Video Applications

Generic RTP Payload Format for Forward Error Correction in Video Applications draft-bsong-avt-rtp-gfec-00.txt Hao Qin hqin@mail.xidian.edu.cn Summary Aim: To reduce the impact of packet loss to a video receiver. Solution:

328 views • 8 slides
Reducing the Latency-Tail of Short-Lived Flows: Adding Forward Error Correction in Data Centers

Reducing the Latency-Tail of Short-Lived Flows: Adding Forward Error Correction in Data Centers

ATP TCP Reducing the Latency-Tail of Short-Lived Flows: Adding Forward Error Correction in Data Centers Klaus-Tycho Foerster Demian Jaeger David Stolz Roger Wattenhofer ETH Zurich 1 Time is Money 2 Datacenter Traffic S. Kandula et al.,

138 views • 10 slides

More recommend