review process
play

Review Process A. DAVID MCKINNON, PH.D. Cyber Security Group, - PowerPoint PPT Presentation

Nov 29, 2022 •563 likes •675 views

SGIG Cyber Security Program Review Process A. DAVID MCKINNON, PH.D. Cyber Security Group, National Security Directorate TCIPG Industry Workshop 2014 November 14, 2014 PNNL-SA-106570 1 SGIG Cyber Security Program Overview Smart Grid

  1. SGIG Cyber Security Program Review Process A. DAVID MCKINNON, PH.D. Cyber Security Group, National Security Directorate TCIPG Industry Workshop 2014 November 14, 2014 PNNL-SA-106570 1

  2. SGIG Cyber Security Program Overview Smart Grid Investment Grant (SGIG) was funded by the 2009 ARRA 99 Grants awarded $3.4B of federal funding, matched by $4.4B of private sector funding Cyber security was “built in” FOA required that each proposal address cyber security Each awardee had to submit a cyber security plan (CSP) for review and approval DOE established a cybersecurity subject matter expert (CS-SME) team Team consisted of leading cyber security experts from PNNL, ANL, CMU SEI, and private industry CS-SME team members joined the DOE technical project officer (TPO) on their annual site visits CS-SME team conducted several outreach activities November 14, 2014 2

  3. Cyber Security Requirements (DE-FOA-0000058) Submitted Project Plans are also required to include a section on the technical approach to cyber security. The technical approach to cyber security should include: A summary of the cyber security risks and how they will be mitigated at each stage of the lifecycle (focusing on vulnerabilities and impact). A summary of the cyber security criteria utilized for vendor and device selection. A summary of the relevant cyber security standards and/or best practices that will be followed. A summary of how the project will support emerging smart grid cyber security standards. DOE intends to work with those selected for award but may not make an award to an otherwise meritorious application if that applicant cannot provide reasonable assurance that their cyber security will provide protection against broad based systemic failures in the electric grid in the event of a cyber security breach. November 14, 2014 3

  4. www.ARRASmartGridCyber.net Online information resource for SGIG & SGDP cyber security Overview of baseline cyber security principles Guidance on cyber security plan development and execution References to cyber security standards and regulations Prescriptive “templates” for cyber security plans were not provided 4

  5. 99 Cyber Security Plans Cyber security — one size does *NOT* fit all Grant awards varied from $1M to $200M Technologies varied Electric transmission systems Electric distribution systems Advanced metering infrastructure (AMI) Customer systems Cross-cutting deployments Awardees used their own internal processes and templates DOE technical project officers (TPO) forwarded each project’s cyber security plans to the CS-SME team Each plan was independently reviewed by two CS-SMEs Initial reviews were conducted by all team members Secondary reviews were performed by a “QC” subteam member November 14, 2014 5

  6. Cyber Security Plan Reviews Strong cyber security plans included: Cyber security risks and how they will be mitigated at each stage of the lifecycle (focusing on vulnerabilities and impact) Cyber security criteria utilized for vendor and device selection Relevant cyber security standards and/or best practices to be followed Plans for supporting emerging smart grid cyber security standards Cyber security plans also had to address the adequacy of their technical approach for addressing interoperability and cyber security Ensuring confidentiality, integrity, availability Secure logging, monitoring, alarming, and notification Demonstrable evidence of the effectiveness of cyber security controls Inadequate cyber security plans were revised and resubmitted CS-SME team frequently held project-specific teleconference calls Interactive discussion quickly resolved issues Many awardees did not have prior experience writing cyber security plans November 14, 2014 6

  7. 244 Site Visits SGIG project reviews included cyber security CS-SMEs traveled with the DOE review team Cyber security was a formal topic on the agenda Site visits were conducted 2011-2013 2011-2012: on-site visits 2013: on-site, virtual, or off-line visits at the discretion of the DOE TPOs Guidance was provided to each site prior to the annual site visits Focus on demonstrable evidence Were project-specific risks being identified and addressed? Were implemented cyber security controls adequate? No prescribed format for how “evidence” was to be provided Site assessment visit report 13 requirements derived from FOA were assessed Scale: meets , , & does not meet FOA requirements November 14, 2014 7

  8. Cyber Security Impact Cyber security was a FOA requirement Senior-level management approved cyber security plans Cyber security was a funded requirement Each project was able to focus on their specific risks Awardees and the CS-SMEs built close working relationships Smart grid cyber security information exchanges Chicago (August 2011) & Washington, D.C. (December 2012) Utilities met & exchanged cyber security best practices Many anecdotal stories of utilities implementing new and/or improved cyber security practices Enhanced staffing, training, policies, tools, etc. November 14, 2014 8

  9. Cyber Security Impact, continued CP Normalized Score (%) CS-SME team assessment 100.0 Based upon a weighted scoring of each 80.0 60.0 site assessment report 2012 40.0 20.0 13 questions, Green / / Red 2013 - Projects were grouped by category Cities/Public Utility Districts (CP) RE/COOP Norm. Score (%) Rural Electric Cooperatives (RE/COOP) 100.0 Transmission/Generation (T&G) 80.0 60.0 Compared 2012 and 2013 results 2012 40.0 20.0 2013 CP had the largest score improvement - RE/COOP had the 2 nd best improvement T&G Normalized Score (%) T&G improved the least 100.0 Caveat : T&G projects had the best overall 80.0 60.0 scores 2012 40.0 20.0 2013 - November 14, 2014 9

  10. SGIG Cyber Security Conclusions FOA requirement for cyber security was a key enabler Utilities were able to build-in in cyber security DOE facilitated across-the-board cyber security improvements Project staff, DOE TPOs, and the CS-SME team built strong and trusted working relationships Cyber security plans focused and enhanced cyber security efforts Each project focused on their specific risks Cyber security plans are “living” documents Approval by senior-level management provided accountability November 14, 2014 10

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Virginia Webb, PhD, RD Procurement Review Process First review cycle Review last

Virginia Webb, PhD, RD Procurement Review Process First review cycle Review last

Virginia Webb, PhD, RD Procurement Review Process First review cycle Review last school year 2017-18 SY review 2016-17 SY On-site vs Off-site reviews Consistency Summary of Findings (sof) Procurement Review Process

396 views • 36 slides
New Review Process November 18, 2016 New review process: high-level overview Each semester:

New Review Process November 18, 2016 New review process: high-level overview Each semester:

New Review Process November 18, 2016 New review process: high-level overview Each semester: Each semester post prelim pass: Review of data by Grad Committee Review of data by student committee Failed qualifier: Remediation plan kicks into

206 views • 17 slides
Promotion and Tenure Review Committee Overview of Assignment, Review Process, and

Promotion and Tenure Review Committee Overview of Assignment, Review Process, and

Promotion and Tenure Review Committee Overview of Assignment, Review Process, and Recommendations February 13, 2014 1 Periodic Review of Tenure Policy UNC Code Section 602: The chancellor shall review the constituent institutions

157 views • 14 slides
Peer Review Process Boris Sokolov, PhD Scientific Review Officer Center for Scientific Review

Peer Review Process Boris Sokolov, PhD Scientific Review Officer Center for Scientific Review

Peer Review Process Boris Sokolov, PhD Scientific Review Officer Center for Scientific Review Key Dates for Application Review Application Due July 19, 2017 Scientific Merit Review January, 2018 Advisory Council Review

494 views • 13 slides
Utilization of NTPEP Audit Data INDOT Review Process Review Process Steps Audit Report

Utilization of NTPEP Audit Data INDOT Review Process Review Process Steps Audit Report

Utilization of NTPEP Audit Data INDOT Review Process Review Process Steps Audit Report Comparison Data Corrective Action Report (CAR) Review Discrepancies Determination of Approval Audit Report Summary Section

350 views • 21 slides
Review of Methodology Process started with broad review/ discussion of evaluation criteria:

Review of Methodology Process started with broad review/ discussion of evaluation criteria:

STUDENT ASSIGNMENT REVIEW ADDITIONAL SCENARIOS Newton Public Schools School Committee May 11, 2015 Review of Methodology Process started with broad review/ discussion of evaluation criteria: Enrollment, Family Impact, Community,

318 views • 11 slides
Software Process 1 Software Engineering Layers Tools Methods Process Process: framework

Software Process 1 Software Engineering Layers Tools Methods Process Process: framework

Software Process 1 Software Engineering Layers Tools Methods Process Process: framework of the required tasks e.g., waterfall, extreme programming Methods: technical how to e.g., design review, code review, testing

668 views • 43 slides
UOIT Third Year Review Part 1: The Process Part 2: Documentation 1 3 rd Year Review

UOIT Third Year Review Part 1: The Process Part 2: Documentation 1 3 rd Year Review

UOITFA Third Year Review Workshop 2019-05-21 UOIT Third Year Review Part 1: The Process Part 2: Documentation 1 3 rd Year Review Article 19 of the Collective Agreement Give feedback and advice to tenure- stream Faculty Members at

492 views • 11 slides
10 CFR 2.206 Process Samuel Miranda, PE February 8, 2018 MD 8.11, "Review Process for 10

10 CFR 2.206 Process Samuel Miranda, PE February 8, 2018 MD 8.11, "Review Process for 10

10 CFR 2.206 Process Samuel Miranda, PE February 8, 2018 MD 8.11, "Review Process for 10 CFR 2.206 Petitions Objectives: To ensure the public health and safety, through the prompt and thorough evaluation of any potential problem

196 views • 18 slides
Applying QM Standards: The Process and Product of a Program Review Rae Mancilla, Ed.D. &

Applying QM Standards: The Process and Product of a Program Review Rae Mancilla, Ed.D. &

Applying QM Standards: The Process and Product of a Program Review Rae Mancilla, Ed.D. & Barbara Frey, D.Ed. Agenda Introductions Program background Review process Report critique Discussion Q/A Session Objectives

654 views • 16 slides
UNDERSTANDING UNCAC REVIEW PROCESS MECHANISM TRAINING OF CSOs & JOURNALIST ON UNCAC REVIEW

UNDERSTANDING UNCAC REVIEW PROCESS MECHANISM TRAINING OF CSOs & JOURNALIST ON UNCAC REVIEW

UNDERSTANDING UNCAC REVIEW PROCESS MECHANISM TRAINING OF CSOs & JOURNALIST ON UNCAC REVIEW PROCESS Organised By: Africa Network For Environment & Economic Justice (ANEEJ) With Support From: European Union under the 10th European

587 views • 31 slides
The Literature Review May 23, 2017 The Process of Research Research Involves a Process

The Literature Review May 23, 2017 The Process of Research Research Involves a Process

CPTS Thesis Process The Literature Review May 23, 2017 The Process of Research Research Involves a Process Formulate broad research question Literature review Refine the research question Place question in the context of

280 views • 16 slides
Backbone Procure to Pay Process P2P Process Review Requirement Order Receipt Invoice

Backbone Procure to Pay Process P2P Process Review Requirement Order Receipt Invoice

New P2P Process Backbone Procure to Pay Process P2P Process Review Requirement Order Receipt Invoice Procure-to- Pay (P2P) is a component of BPs Global Backbone program to implement a common process across Upstream. More specifically, P2P

334 views • 15 slides
COUNTY ADMINISTRATION and OPERATIONS REPORT 1 AGENDA Review background and process Review

COUNTY ADMINISTRATION and OPERATIONS REPORT 1 AGENDA Review background and process Review

COUNTY ADMINISTRATION and OPERATIONS REPORT 1 AGENDA Review background and process Review master plan options & recommendations for County Admin & Ops Review estimates of probable cost Update on Criminal Justice

583 views • 27 slides
Dams Safety Review KPMG Review and Public Consultation Process Why Review? The DSC is a

Dams Safety Review KPMG Review and Public Consultation Process Why Review? The DSC is a

Dams Safety Review KPMG Review and Public Consultation Process Why Review? The DSC is a statutory authority constituted under the NSW Dams Safety Act 1978 to ensure the safety of dams in NSW. From the NSW Commission of Audits Final

404 views • 11 slides
REVIEW 2018-2019 Program Review is the process through which constituencies on a campus take

REVIEW 2018-2019 Program Review is the process through which constituencies on a campus take

PROGRAM REVIEW 2018-2019 Program Review is the process through which constituencies on a campus take stock of their successes and shortcomings, and seek to identify ways in which they can meet their goals more efficiently (ASCCC 2009)

305 views • 9 slides
Percolation and Cascading in a Brain Network of Networks Hernn Makse Physics Department City

Percolation and Cascading in a Brain Network of Networks Hernn Makse Physics Department City

Percolation and Cascading in a Brain Network of Networks Hernn Makse Physics Department City College of New York Jose Soares de Andrade (physics) - Brazil Santiago Canals (neuro)- Alicante Mariano Sigman (neuro)- Buenos Aires Flaviano

571 views • 31 slides
Theories and Models of Language Change Exemplary Studies Evolutionary Session 1: Introduction

Theories and Models of Language Change Exemplary Studies Evolutionary Session 1: Introduction

Roland Mhlenbernd Course Information Introduction Fields Methods Theories and Models of Language Change Exemplary Studies Evolutionary Session 1: Introduction Approaches Motivation Early Model Homeworks Roland Mhlenbernd April 20,

232 views • 12 slides
The Small-World Phenomenon History An online Complex Networks, Course 295A, Spring, 2008

The Small-World Phenomenon History An online Complex Networks, Course 295A, Spring, 2008

The Small-World Phenomenon The Small-World Phenomenon History An online Complex Networks, Course 295A, Spring, 2008 experiment Previous theoretical work An improved Prof. Peter Dodds model References Department of Mathematics &

1.48k views • 135 slides
Hiring through Networks: Favors or Information? Yann Bramoull and Kenan Huremovi c

Hiring through Networks: Favors or Information? Yann Bramoull and Kenan Huremovi c

Hiring through Networks: Favors or Information? Yann Bramoull and Kenan Huremovi c Aix-Marseille School of Economics June 2016 Introduction Connections appear to be helpful in many contexts. To get a job at a private firm, Brown,

413 views • 27 slides
Effective Mentorship: Consultant, Counselor, Cheerleader Carey-Ann Burnham Professor of

Effective Mentorship: Consultant, Counselor, Cheerleader Carey-Ann Burnham Professor of

Effective Mentorship: Consultant, Counselor, Cheerleader Carey-Ann Burnham Professor of Pathology & Immunology Vice Chair for Faculty Mentoring & Advancement November 5, 2020 Pathology and Immunology Office of Faculty Development

781 views • 61 slides
MICES 2019 MIX-CAMP E-COMMERCE SEARCH Welcome at myToys! And Thank you! to our sponsors!

MICES 2019 MIX-CAMP E-COMMERCE SEARCH Welcome at myToys! And Thank you! to our sponsors!

MICES 2019 MIX-CAMP E-COMMERCE SEARCH Welcome at myToys! And Thank you! to our sponsors! Schedule 9:30 Sessions 12:45 Lunch 13:45 Sessions 15:40 Open Space Ca. 18:15 Informal get together and drinks Ca. 19:15 MICES 2019 ends

483 views • 14 slides
Town Hall Meeting April 17, 2019 Agenda 1:45 p.m. Guests begin to arrive . Diane McCutcheon

Town Hall Meeting April 17, 2019 Agenda 1:45 p.m. Guests begin to arrive . Diane McCutcheon

Town Hall Meeting April 17, 2019 Agenda 1:45 p.m. Guests begin to arrive . Diane McCutcheon will be at the Pembroke Campus Tracy McDougall will be at the Perth Campus Welcome and Greeting 2:00 p.m. Ron McLester 2:05 p.m. Introduction and

273 views • 25 slides
Twin Valley Roundtable April 9, 2020 Twin Valley Calendar Updated from June on.

Twin Valley Roundtable April 9, 2020 Twin Valley Calendar Updated from June on.

Email for me for a copy of this presentation. Note: Please keep your mic muted unless asking a question. Twin Valley Roundtable April 9, 2020 Twin Valley Calendar Updated from June on. Earlier dates are still being decided on.

533 views • 25 slides

More recommend