Panel Session: Best Practices in Cybersecurity TCIPG Industry - - PowerPoint PPT Presentation

panel session best practices in cybersecurity
SMART_READER_LITE
LIVE PREVIEW

Panel Session: Best Practices in Cybersecurity TCIPG Industry - - PowerPoint PPT Presentation

Jan 02, 2024 325 likes •413 views

Panel Session: Best Practices in Cybersecurity TCIPG Industry Workshop October 31, 2012 Paul Skare Chief Cyber Security Program Manager Advanced Power and Energy Systems Pacific Northwest National Laboratory (509) 372-4210

slide-1
SLIDE 1

PNNL-SA-91586 1

Panel Session: Best Practices in Cybersecurity

TCIPG Industry Workshop October 31, 2012

Paul Skare Chief Cyber Security Program Manager Advanced Power and Energy Systems Pacific Northwest National Laboratory (509) 372-4210 paul.skare@pnnl.gov

October 31, 2012

slide-2
SLIDE 2

Outline

Best practices from:

  • The U.S. Department of Energy’s (DOE) Cybersecurity for Energy

Delivery Systems (CEDS) / National SCADA Test Bed (NSTB) projects at PNNL

  • The Electric Sector Cybersecurity Capability Maturity Model (ES-C2M2)

The work is defined to follow:

  • National Infrastructure Protection Plan (NIPP)
  • Sector-Specific Plans (SSP)
  • Roadmap to Achieve Cybersecurity for Energy Delivery Systems

2 October 31, 2012

slide-3
SLIDE 3

CEDS Research Project Examples at PNNL

slide-4
SLIDE 4

Other CEDS Activities

IEC 61850 Cybersecurity Acceleration

Purpose: Work with vendors to accelerate IEC 61850 cyber security solutions to market. Broadcast GOOSE messaging has not been secured due to issues with the IEC 62351 approach. Technical Approach: Work with vendors to create holistic IEC 61850 security approach with network design and configuration management; support cybersecurity interoperability tests with tools.

Secure Coding for the Energy Sector

Purpose: Work with vendors to promote uniform support of secure coding techniques across electric infrastructure. Numerous computer technologies and vendors with differing strategies. Approach: Work with market leaders to leverage Carnegie Mellon University secure coding practices in the energy arena, help strengthen supply chain support.

4 October 31, 2012 PNNL-SA-91586

slide-5
SLIDE 5

Alignment with emerging Smart Grid Architecture Modeling

NIST / SGIP Smart Grid Architecture Council (SGAC) European Union M/490 Smart Grid Mandate Reference Architecture Working Group (RAWG) IEC TC57 WG19 Reference Architecture

5 October 31, 2012

Combines SGAC TOGAF approach with RAWG 3-D model of IEC TC57 Smart Grid standards – allows cybersecurity review

  • f architecture

PNNL-SA-91586

slide-6
SLIDE 6

Sponsored by: Participating Organizations:

Electricity Subsector Cybersecurity Capability Maturity Model ( ES- C2 M2 )

PNNL-SA-91586

slide-7
SLIDE 7

The Model at a Glance

8

X 3 2 1

ASSET

10 Domains: Logical groupings of cybersecurity practices

RISK ACCESS WORKFORCE DEPENDENCIES THREAT RESPONSE SITUATION SHARING CYBER

4 Maturity Indicator Levels: Defined progressions of practices Each cell contains the defining practices for the domain at that maturity indicator level 1 Maturity Indicator Level that is reserved for future use

October 31, 2012 PNNL-SA-91586

slide-8
SLIDE 8

Concluding Remarks

The DOE is supporting the creation of a rich suite of research and reference materials for electric utilities and their supply chain to leverage when building and enhancing their own best practices.

October 31, 2012 PNNL-SA-91586 9