SlideShare ist ein Scribd-Unternehmen logo

EnergySec and the NESCO overview

Als KEY, PDF herunterladen
EnergySec
EnergySec

This presentation provided an overview of the EnergySec and the NESCO program in the first few months of operations at an EPRI Weekly Meeting.

TechnologieBusiness
1 von 22
EnergySec and the NESCO Steven Parker The National Electric Sector Cybersecurity Organization EPRI/NESCOR Weekly Meeting a DOE-funded EnergySec program TM 2 December 2010
EnergySec Overview • Started in 2005 as ESEC-NW • Received SANS Information Sharing award, 2008 • Over 350 members from 104 organizations • 67% of US electric distribution • 55% of US electric generation • Goals: • Information sharing • Security analysis and best practices • Rapid, informal dissemination of relevant information The National Electric Sector Cybersecurity Organization a DOE-funded EnergySec program TM
We’ve Been Busy 2010 • Dec 2008: Incorporation • Oct 2009: 501(c)(3) determination • April 2010: NESCO FOA submission • July 2010: NESCO Award! 2009 2008 2007 EnergySec membership growth The National Electric Sector Cybersecurity Organization a DOE-funded EnergySec program TM
National Electric Sector Cybersecurity Organization • R. 3183 “...the Secretary shall establish an independent national energy sector cyber security organization...” • Department Of Energy issued FOA on March 31, 2010 • Two organizations received awards: • EnergySec was selected to form the National Electric Sector CyberSecurity Organization (NESCO) • The Electric Power Research Institute (EPRI) was selected as a research and analysis resource to this organization (NESCOR) The National Electric Sector Cybersecurity Organization a DOE-funded EnergySec program TM
National Electric Sector Cybersecurity Organization • Purpose is to “establish a National Electric Sector Cyber Security Organization that has the knowledge, capabilities, and experience to protect the electric grid and enhance integration of smart grid technologies that are adequately protected against cyber attacks.” • “This organization will serve as a focal point to bring together domestic and international experts, developers, and users who will assess and test the security of novel technology, architectures, and applications.” The National Electric Sector Cybersecurity Organization a DOE-funded EnergySec program TM
National Electric Sector Cybersecurity Organization • Mission: Lead a broad-based, public-private partnership to improve electric sector energy systems cyber security; become the security voice of the industry • Vision: An industry owned and operated group that supports electric sector response efforts to address cyber events • Goals: • Identify and disseminate common, effective cyber security practices to the sector • Analyze, monitor and relay infrastructure weakness The National Electric Sector Cybersecurity Organization a DOE-funded EnergySec program TM
Key Differentiators • What is the difference between EnergySec and NESCO? • NESCO is a DOE-funded program under the EnergySec non-profit umbrella • What is the difference between NESCO and NESCOR? • NESCO is the primary role, NESCOR is the resource • Is EnergySec/NESCO a product or service vendor? • No; EnergySec is a non-profit 501(c)(3) organization The National Electric Sector Cybersecurity Organization a DOE-funded EnergySec program TM
Key Differentiators • Is EnergySec or NESCO a government agency? • No; EnergySec is a non-profit 501(c)(3) organization • Is EnergySec/NESCO involved in regulation? • No; EnergySec/NESCO has no regulatory authority The National Electric Sector Cybersecurity Organization a DOE-funded EnergySec program TM
Key Differentiators • What is the difference between EnergySec/NESCO and the NERC ES-ISAC? • EnergySec/NESCO: Non-regulatory; participation and reporting are not required (voluntary); industry funded; supports ISAC • NERC ES-ISAC: Regulatory, participation and reporting is mandatory; statutorily funded The National Electric Sector Cybersecurity Organization a DOE-funded EnergySec program TM
Key Differentiators • What is the difference between EnergySec/NESCO and the DHS ICS-CERT? • EnergySec/NESCO: Energy sector focus; discretionary classification of information; near real-time; informal • DHS ICS-CERT: Control systems focus (all sectors); extended duration before information is classified and released; formal The National Electric Sector Cybersecurity Organization a DOE-funded EnergySec program TM
Conflicting Goals • US Government • Industry • Reliability, survivability • Reliability and and resiliency availability • National and economic • Compliance security • Cost savings • Public order; confidence The National Electric Sector Cybersecurity Organization a DOE-funded EnergySec program TM
Information Sharing Characteristics • US Government • Industry • Deliberate and • Often more ad hoc and authoritative much more agile • Often highly • 100% accuracy isn’t compartmentalized and always required classified • Difficult to handle • Over-classifies threats classified information and incidents for CI/KR • Can share more freely • Holds only some of the without needing relevant information authorization The National Electric Sector Cybersecurity Organization a DOE-funded EnergySec program TM
Public-Private Environment Perceptions • Government cannot provide information to the private sector fast enough or broadly enough to be useful because of concerns about information sensitivity and control • Industry cannot protect the information that is shared, except under contracts or special legal situations (e.g. Defense Industrial Base) • Lack of parity in degree/quality of information shared • Differing goals and motivation between Government and Industry The National Electric Sector Cybersecurity Organization a DOE-funded EnergySec program TM
Collaborative Focus Areas • Industry-specific Problems • Smart Grid • Situational Awareness, Data Analysis • Threats and Vulnerabilities • Security Solutions R&D • Incident Response, Forensics The National Electric Sector Cybersecurity Organization a DOE-funded EnergySec program TM
Building Relationships • Building relationships is our purpose • Annual Summit • Semi-annual town hall meetings • Regional meetings • Collaborative projects • Workgroups • Webinars The National Electric Sector Cybersecurity Organization a DOE-funded EnergySec program TM
Programs • Solutions development • Working groups • Forensics • Data analysis The National Electric Sector Cybersecurity Organization a DOE-funded EnergySec program TM
Technology • Portal • WebEx • Instant messaging • Email; listserv • Code repository • Rapid notification system The National Electric Sector Cybersecurity Organization a DOE-funded EnergySec program TM
portal.energysec.org • In use since 2008 • Secure communications portal • ICSJWG • HYDRA • Critical Intelligence • Version 3 with new functionality in 2011 The National Electric Sector Cybersecurity Organization a DOE-funded EnergySec program TM
portal.energysec.org The National Electric Sector Cybersecurity Organization a DOE-funded EnergySec program TM
share.energysec.org • Currently in concept stage • Source code repository • System configurations • Reference architectures • Attack signatures • Whatever else the community dreams up • Beta in 1h11; go live 2h11 The National Electric Sector Cybersecurity Organization a DOE-funded EnergySec program TM
Rapid Notification System • Concept stage: Technology to be determined • Targeted at security operations staff • The goal is rapid dissemination of alerts • Multiple notification vehicles: • SMS • Phone • Email • XMPP (Instant Messaging) • Other The National Electric Sector Cybersecurity Organization a DOE-funded EnergySec program TM
Putting The Pieces Together • Government • Asset Owners • Vendors and Suppliers • Academia • Researchers • Security Groups Steve Parker Vice President, EnergySec The National Electric Sector Cybersecurity Organization steve@energysec.org a DOE-funded EnergySec program TM 503.446.1214

Empfohlen

Next Generation Information Sharing For The Electric Sector
Next Generation Information Sharing For The Electric SectorNext Generation Information Sharing For The Electric Sector
Next Generation Information Sharing For The Electric SectorEnergySec
 
NESCO: A Closer Look
NESCO: A Closer LookNESCO: A Closer Look
NESCO: A Closer LookEnergySec
 
Emerson Ovation User Group BOD Meeting
Emerson Ovation User Group BOD MeetingEmerson Ovation User Group BOD Meeting
Emerson Ovation User Group BOD MeetingEnergySec
 
EISS Cybersecurity Briefing
EISS Cybersecurity BriefingEISS Cybersecurity Briefing
EISS Cybersecurity BriefingEnergySec
 
The Expanding Web of Cybersecurity Requirements
The Expanding Web of Cybersecurity RequirementsThe Expanding Web of Cybersecurity Requirements
The Expanding Web of Cybersecurity RequirementsEnergySec
 
NESCO Year 2 Overview
NESCO Year 2 OverviewNESCO Year 2 Overview
NESCO Year 2 OverviewEnergySec
 
Don't Get Hacked! Cybersecurity Boot Camp
Don't Get Hacked! Cybersecurity Boot CampDon't Get Hacked! Cybersecurity Boot Camp
Don't Get Hacked! Cybersecurity Boot CampEnergySec
 
Using the power of data by David Wollman
Using the power of data by David WollmanUsing the power of data by David Wollman
Using the power of data by David WollmanMaRS Discovery District
 

Empfohlen

Next Generation Information Sharing For The Electric Sector
Next Generation Information Sharing For The Electric SectorNext Generation Information Sharing For The Electric Sector
Next Generation Information Sharing For The Electric SectorEnergySec
 
NESCO: A Closer Look
NESCO: A Closer LookNESCO: A Closer Look
NESCO: A Closer LookEnergySec
 
Emerson Ovation User Group BOD Meeting
Emerson Ovation User Group BOD MeetingEmerson Ovation User Group BOD Meeting
Emerson Ovation User Group BOD MeetingEnergySec
 
EISS Cybersecurity Briefing
EISS Cybersecurity BriefingEISS Cybersecurity Briefing
EISS Cybersecurity BriefingEnergySec
 
The Expanding Web of Cybersecurity Requirements
The Expanding Web of Cybersecurity RequirementsThe Expanding Web of Cybersecurity Requirements
The Expanding Web of Cybersecurity RequirementsEnergySec
 
NESCO Year 2 Overview
NESCO Year 2 OverviewNESCO Year 2 Overview
NESCO Year 2 OverviewEnergySec
 
Don't Get Hacked! Cybersecurity Boot Camp
Don't Get Hacked! Cybersecurity Boot CampDon't Get Hacked! Cybersecurity Boot Camp
Don't Get Hacked! Cybersecurity Boot CampEnergySec
 
Using the power of data by David Wollman
Using the power of data by David WollmanUsing the power of data by David Wollman
Using the power of data by David WollmanMaRS Discovery District
 
TAC Subscription Webinar
TAC Subscription WebinarTAC Subscription Webinar
TAC Subscription WebinarEnergySec
 
Introduction by ann cavoukian
Introduction by ann cavoukianIntroduction by ann cavoukian
Introduction by ann cavoukianMaRS Discovery District
 
Hype, Hope and Happenstance: Cyber Threats and Opportunities in an Age of Aut...
Hype, Hope and Happenstance: Cyber Threats and Opportunities in an Age of Aut...Hype, Hope and Happenstance: Cyber Threats and Opportunities in an Age of Aut...
Hype, Hope and Happenstance: Cyber Threats and Opportunities in an Age of Aut...EnergySec
 
The climate impact of ICT: A review of estimates, trends and regulations (ISM...
The climate impact of ICT: A review of estimates, trends and regulations (ISM...The climate impact of ICT: A review of estimates, trends and regulations (ISM...
The climate impact of ICT: A review of estimates, trends and regulations (ISM...Adrian Friday
 
Tegg Services
Tegg ServicesTegg Services
Tegg Servicestomsullivan007
 
One Security Device to Rule Them All
One Security Device to Rule Them AllOne Security Device to Rule Them All
One Security Device to Rule Them AllInnoTech
 
Next Generation Information Sharing for the Electric Sector
Next Generation Information Sharing for the Electric SectorNext Generation Information Sharing for the Electric Sector
Next Generation Information Sharing for the Electric SectorEnergySec
 
NESCO Overview: Emerson Ovation User Group BOD Meeting
NESCO Overview: Emerson Ovation User Group BOD MeetingNESCO Overview: Emerson Ovation User Group BOD Meeting
NESCO Overview: Emerson Ovation User Group BOD MeetingEnergySec
 
Interoperability, Standards and Cybersecurity: A Business Perspective
Interoperability, Standards and Cybersecurity: A Business PerspectiveInteroperability, Standards and Cybersecurity: A Business Perspective
Interoperability, Standards and Cybersecurity: A Business PerspectiveEnergySec
 
Security From the Ground Up
Security From the Ground UpSecurity From the Ground Up
Security From the Ground UpEnergySec
 
Security From the Ground Up
Security From the Ground UpSecurity From the Ground Up
Security From the Ground UpEnergySec
 
EnergySec & NESCO Overview
EnergySec & NESCO OverviewEnergySec & NESCO Overview
EnergySec & NESCO OverviewEnergySec
 
Bridging the Gap: Between Operations and IT
Bridging the Gap: Between Operations and ITBridging the Gap: Between Operations and IT
Bridging the Gap: Between Operations and ITEnergySec
 
Security of the Electric Grid: It's more than just NERC CIP
Security of the Electric Grid: It's more than just NERC CIPSecurity of the Electric Grid: It's more than just NERC CIP
Security of the Electric Grid: It's more than just NERC CIPEnergySec
 
EnergySec & National Electric Cyber Security Organization (NESCO) Overview by...
EnergySec & National Electric Cyber Security Organization (NESCO) Overview by...EnergySec & National Electric Cyber Security Organization (NESCO) Overview by...
EnergySec & National Electric Cyber Security Organization (NESCO) Overview by...TheAnfieldGroup
 
Nicce, Inc. National Institute for the Commercialization of Clean Energy
Nicce, Inc. National Institute for the Commercialization of Clean EnergyNicce, Inc. National Institute for the Commercialization of Clean Energy
Nicce, Inc. National Institute for the Commercialization of Clean EnergyCarole Inge
 
2012 Reenergize the Americas 3B: Ralph Martinez
2012 Reenergize the Americas 3B: Ralph Martinez2012 Reenergize the Americas 3B: Ralph Martinez
2012 Reenergize the Americas 3B: Ralph MartinezReenergize
 
What's "Smart" Got to Do With It?: A technical overview of Advanced Metering ...
What's "Smart" Got to Do With It?: A technical overview of Advanced Metering ...What's "Smart" Got to Do With It?: A technical overview of Advanced Metering ...
What's "Smart" Got to Do With It?: A technical overview of Advanced Metering ...EnergySec
 
Session 4B - Marty Howell
Session 4B - Marty HowellSession 4B - Marty Howell
Session 4B - Marty HowellReenergize
 
Power Outages and Our Vulnerable Grid
Power Outages and Our Vulnerable GridPower Outages and Our Vulnerable Grid
Power Outages and Our Vulnerable GridSocial Media Today
 
2-25-2014 Part 1 - NRECA Kickoff Meeting v2
2-25-2014 Part 1 - NRECA Kickoff Meeting v22-25-2014 Part 1 - NRECA Kickoff Meeting v2
2-25-2014 Part 1 - NRECA Kickoff Meeting v2Charles "Chuck" Speicher Jr.
 
Nreca kickoff meeting
Nreca kickoff meetingNreca kickoff meeting
Nreca kickoff meetingCharles "Chuck" Speicher Jr.
 

Weitere ähnliche Inhalte

Was ist angesagt?

TAC Subscription Webinar
TAC Subscription WebinarTAC Subscription Webinar
TAC Subscription WebinarEnergySec
 
Hype, Hope and Happenstance: Cyber Threats and Opportunities in an Age of Aut...
Hype, Hope and Happenstance: Cyber Threats and Opportunities in an Age of Aut...Hype, Hope and Happenstance: Cyber Threats and Opportunities in an Age of Aut...
Hype, Hope and Happenstance: Cyber Threats and Opportunities in an Age of Aut...EnergySec
 
The climate impact of ICT: A review of estimates, trends and regulations (ISM...
The climate impact of ICT: A review of estimates, trends and regulations (ISM...The climate impact of ICT: A review of estimates, trends and regulations (ISM...
The climate impact of ICT: A review of estimates, trends and regulations (ISM...Adrian Friday
 
One Security Device to Rule Them All
One Security Device to Rule Them AllOne Security Device to Rule Them All
One Security Device to Rule Them AllInnoTech
 

Was ist angesagt? (6)

TAC Subscription Webinar
TAC Subscription WebinarTAC Subscription Webinar
TAC Subscription Webinar
 
Introduction by ann cavoukian
Introduction by ann cavoukianIntroduction by ann cavoukian
Introduction by ann cavoukian
 
Hype, Hope and Happenstance: Cyber Threats and Opportunities in an Age of Aut...
Hype, Hope and Happenstance: Cyber Threats and Opportunities in an Age of Aut...Hype, Hope and Happenstance: Cyber Threats and Opportunities in an Age of Aut...
Hype, Hope and Happenstance: Cyber Threats and Opportunities in an Age of Aut...
 
The climate impact of ICT: A review of estimates, trends and regulations (ISM...
The climate impact of ICT: A review of estimates, trends and regulations (ISM...The climate impact of ICT: A review of estimates, trends and regulations (ISM...
The climate impact of ICT: A review of estimates, trends and regulations (ISM...
 
Tegg Services
Tegg ServicesTegg Services
Tegg Services
 
One Security Device to Rule Them All
One Security Device to Rule Them AllOne Security Device to Rule Them All
One Security Device to Rule Them All
 

Ähnlich wie EnergySec and the NESCO overview

Next Generation Information Sharing for the Electric Sector
Next Generation Information Sharing for the Electric SectorNext Generation Information Sharing for the Electric Sector
Next Generation Information Sharing for the Electric SectorEnergySec
 
NESCO Overview: Emerson Ovation User Group BOD Meeting
NESCO Overview: Emerson Ovation User Group BOD MeetingNESCO Overview: Emerson Ovation User Group BOD Meeting
NESCO Overview: Emerson Ovation User Group BOD MeetingEnergySec
 
Interoperability, Standards and Cybersecurity: A Business Perspective
Interoperability, Standards and Cybersecurity: A Business PerspectiveInteroperability, Standards and Cybersecurity: A Business Perspective
Interoperability, Standards and Cybersecurity: A Business PerspectiveEnergySec
 
Security From the Ground Up
Security From the Ground UpSecurity From the Ground Up
Security From the Ground UpEnergySec
 
Security From the Ground Up
Security From the Ground UpSecurity From the Ground Up
Security From the Ground UpEnergySec
 
EnergySec & NESCO Overview
EnergySec & NESCO OverviewEnergySec & NESCO Overview
EnergySec & NESCO OverviewEnergySec
 
Bridging the Gap: Between Operations and IT
Bridging the Gap: Between Operations and ITBridging the Gap: Between Operations and IT
Bridging the Gap: Between Operations and ITEnergySec
 
Security of the Electric Grid: It's more than just NERC CIP
Security of the Electric Grid: It's more than just NERC CIPSecurity of the Electric Grid: It's more than just NERC CIP
Security of the Electric Grid: It's more than just NERC CIPEnergySec
 
EnergySec & National Electric Cyber Security Organization (NESCO) Overview by...
EnergySec & National Electric Cyber Security Organization (NESCO) Overview by...EnergySec & National Electric Cyber Security Organization (NESCO) Overview by...
EnergySec & National Electric Cyber Security Organization (NESCO) Overview by...TheAnfieldGroup
 
Nicce, Inc. National Institute for the Commercialization of Clean Energy
Nicce, Inc. National Institute for the Commercialization of Clean EnergyNicce, Inc. National Institute for the Commercialization of Clean Energy
Nicce, Inc. National Institute for the Commercialization of Clean EnergyCarole Inge
 
2012 Reenergize the Americas 3B: Ralph Martinez
2012 Reenergize the Americas 3B: Ralph Martinez2012 Reenergize the Americas 3B: Ralph Martinez
2012 Reenergize the Americas 3B: Ralph MartinezReenergize
 
What's "Smart" Got to Do With It?: A technical overview of Advanced Metering ...
What's "Smart" Got to Do With It?: A technical overview of Advanced Metering ...What's "Smart" Got to Do With It?: A technical overview of Advanced Metering ...
What's "Smart" Got to Do With It?: A technical overview of Advanced Metering ...EnergySec
 
Session 4B - Marty Howell
Session 4B - Marty HowellSession 4B - Marty Howell
Session 4B - Marty HowellReenergize
 
Power Outages and Our Vulnerable Grid
Power Outages and Our Vulnerable GridPower Outages and Our Vulnerable Grid
Power Outages and Our Vulnerable GridSocial Media Today
 
1. Electrical Safety Services Value Proposition - CPG Customer presentation.pptx
1. Electrical Safety Services Value Proposition - CPG Customer presentation.pptx1. Electrical Safety Services Value Proposition - CPG Customer presentation.pptx
1. Electrical Safety Services Value Proposition - CPG Customer presentation.pptxUpendraSingh965717
 
BUILDING SMART, RESILIENT CYBER-SECURE MICROGRIDS
BUILDING SMART, RESILIENT CYBER-SECURE MICROGRIDSBUILDING SMART, RESILIENT CYBER-SECURE MICROGRIDS
BUILDING SMART, RESILIENT CYBER-SECURE MICROGRIDSiQHub
 
Distributed Energy Storage conference
Distributed Energy Storage conferenceDistributed Energy Storage conference
Distributed Energy Storage conferenceDale Butler
 

Ähnlich wie EnergySec and the NESCO overview (20)

Next Generation Information Sharing for the Electric Sector
Next Generation Information Sharing for the Electric SectorNext Generation Information Sharing for the Electric Sector
Next Generation Information Sharing for the Electric Sector
 
NESCO Overview: Emerson Ovation User Group BOD Meeting
NESCO Overview: Emerson Ovation User Group BOD MeetingNESCO Overview: Emerson Ovation User Group BOD Meeting
NESCO Overview: Emerson Ovation User Group BOD Meeting
 
Interoperability, Standards and Cybersecurity: A Business Perspective
Interoperability, Standards and Cybersecurity: A Business PerspectiveInteroperability, Standards and Cybersecurity: A Business Perspective
Interoperability, Standards and Cybersecurity: A Business Perspective
 
Security From the Ground Up
Security From the Ground UpSecurity From the Ground Up
Security From the Ground Up
 
Security From the Ground Up
Security From the Ground UpSecurity From the Ground Up
Security From the Ground Up
 
EnergySec & NESCO Overview
EnergySec & NESCO OverviewEnergySec & NESCO Overview
EnergySec & NESCO Overview
 
Bridging the Gap: Between Operations and IT
Bridging the Gap: Between Operations and ITBridging the Gap: Between Operations and IT
Bridging the Gap: Between Operations and IT
 
Security of the Electric Grid: It's more than just NERC CIP
Security of the Electric Grid: It's more than just NERC CIPSecurity of the Electric Grid: It's more than just NERC CIP
Security of the Electric Grid: It's more than just NERC CIP
 
EnergySec & National Electric Cyber Security Organization (NESCO) Overview by...
EnergySec & National Electric Cyber Security Organization (NESCO) Overview by...EnergySec & National Electric Cyber Security Organization (NESCO) Overview by...
EnergySec & National Electric Cyber Security Organization (NESCO) Overview by...
 
Nicce, Inc. National Institute for the Commercialization of Clean Energy
Nicce, Inc. National Institute for the Commercialization of Clean EnergyNicce, Inc. National Institute for the Commercialization of Clean Energy
Nicce, Inc. National Institute for the Commercialization of Clean Energy
 
2012 Reenergize the Americas 3B: Ralph Martinez
2012 Reenergize the Americas 3B: Ralph Martinez2012 Reenergize the Americas 3B: Ralph Martinez
2012 Reenergize the Americas 3B: Ralph Martinez
 
What's "Smart" Got to Do With It?: A technical overview of Advanced Metering ...
What's "Smart" Got to Do With It?: A technical overview of Advanced Metering ...What's "Smart" Got to Do With It?: A technical overview of Advanced Metering ...
What's "Smart" Got to Do With It?: A technical overview of Advanced Metering ...
 
Session 4B - Marty Howell
Session 4B - Marty HowellSession 4B - Marty Howell
Session 4B - Marty Howell
 
Power Outages and Our Vulnerable Grid
Power Outages and Our Vulnerable GridPower Outages and Our Vulnerable Grid
Power Outages and Our Vulnerable Grid
 
2-25-2014 Part 1 - NRECA Kickoff Meeting v2
2-25-2014 Part 1 - NRECA Kickoff Meeting v22-25-2014 Part 1 - NRECA Kickoff Meeting v2
2-25-2014 Part 1 - NRECA Kickoff Meeting v2
 
Nreca kickoff meeting
Nreca kickoff meetingNreca kickoff meeting
Nreca kickoff meeting
 
EITAC-030121-G
EITAC-030121-GEITAC-030121-G
EITAC-030121-G
 
1. Electrical Safety Services Value Proposition - CPG Customer presentation.pptx
1. Electrical Safety Services Value Proposition - CPG Customer presentation.pptx1. Electrical Safety Services Value Proposition - CPG Customer presentation.pptx
1. Electrical Safety Services Value Proposition - CPG Customer presentation.pptx
 
BUILDING SMART, RESILIENT CYBER-SECURE MICROGRIDS
BUILDING SMART, RESILIENT CYBER-SECURE MICROGRIDSBUILDING SMART, RESILIENT CYBER-SECURE MICROGRIDS
BUILDING SMART, RESILIENT CYBER-SECURE MICROGRIDS
 
Distributed Energy Storage conference
Distributed Energy Storage conferenceDistributed Energy Storage conference
Distributed Energy Storage conference
 

Mehr von EnergySec

Gary Leatherman - A Holistic Approach for Reimagining Cyber Defense
Gary Leatherman - A Holistic Approach for Reimagining Cyber DefenseGary Leatherman - A Holistic Approach for Reimagining Cyber Defense
Gary Leatherman - A Holistic Approach for Reimagining Cyber DefenseEnergySec
 
Slide Griffin - Practical Attacks and Mitigations
Slide Griffin - Practical Attacks and MitigationsSlide Griffin - Practical Attacks and Mitigations
Slide Griffin - Practical Attacks and MitigationsEnergySec
 
Patrick Miller - Tackling Tomorrow's Biggest Cybersecurity Problems with Real...
Patrick Miller - Tackling Tomorrow's Biggest Cybersecurity Problems with Real...Patrick Miller - Tackling Tomorrow's Biggest Cybersecurity Problems with Real...
Patrick Miller - Tackling Tomorrow's Biggest Cybersecurity Problems with Real...EnergySec
 
Jack Whitsitt - Yours, Anecdotally
Jack Whitsitt - Yours, AnecdotallyJack Whitsitt - Yours, Anecdotally
Jack Whitsitt - Yours, AnecdotallyEnergySec
 
Steve Parker - The Internet of Everything: Cyber-defense in an Age of Ubiquit...
Steve Parker - The Internet of Everything: Cyber-defense in an Age of Ubiquit...Steve Parker - The Internet of Everything: Cyber-defense in an Age of Ubiquit...
Steve Parker - The Internet of Everything: Cyber-defense in an Age of Ubiquit...EnergySec
 
Daniel Lance - What "You've Got Mail" Taught Me About Cyber Security
Daniel Lance - What "You've Got Mail" Taught Me About Cyber SecurityDaniel Lance - What "You've Got Mail" Taught Me About Cyber Security
Daniel Lance - What "You've Got Mail" Taught Me About Cyber SecurityEnergySec
 
Lessons Learned For NERC CIPv5 Compliance & Configuration Change Management
Lessons Learned For NERC CIPv5 Compliance & Configuration Change ManagementLessons Learned For NERC CIPv5 Compliance & Configuration Change Management
Lessons Learned For NERC CIPv5 Compliance & Configuration Change ManagementEnergySec
 
Explore the Implicit Requirements of the NERC CIP RSAWs
Explore the Implicit Requirements of the NERC CIP RSAWsExplore the Implicit Requirements of the NERC CIP RSAWs
Explore the Implicit Requirements of the NERC CIP RSAWsEnergySec
 
Wireless Sensor Networks: Nothing is Out of Reach
Wireless Sensor Networks: Nothing is Out of ReachWireless Sensor Networks: Nothing is Out of Reach
Wireless Sensor Networks: Nothing is Out of ReachEnergySec
 
Please, Come and Hack my SCADA System!
Please, Come and Hack my SCADA System!Please, Come and Hack my SCADA System!
Please, Come and Hack my SCADA System!EnergySec
 
Unidirectional Network Architectures
Unidirectional Network ArchitecturesUnidirectional Network Architectures
Unidirectional Network ArchitecturesEnergySec
 
NERC CIP Version 5 and Beyond – Compliance and the Vendor’s Role
NERC CIP Version 5 and Beyond – Compliance and the Vendor’s RoleNERC CIP Version 5 and Beyond – Compliance and the Vendor’s Role
NERC CIP Version 5 and Beyond – Compliance and the Vendor’s RoleEnergySec
 
Industrial Technology Trajectory: Running With Scissors
Industrial Technology Trajectory: Running With ScissorsIndustrial Technology Trajectory: Running With Scissors
Industrial Technology Trajectory: Running With ScissorsEnergySec
 
The Path to Confident Compliance and the Transition to NERC CIP Version 5 – A...
The Path to Confident Compliance and the Transition to NERC CIP Version 5 – A...The Path to Confident Compliance and the Transition to NERC CIP Version 5 – A...
The Path to Confident Compliance and the Transition to NERC CIP Version 5 – A...EnergySec
 
ICS Cybersecurity: How to Protect the Proprietary Cyber Assets That Hackers C...
ICS Cybersecurity: How to Protect the Proprietary Cyber Assets That Hackers C...ICS Cybersecurity: How to Protect the Proprietary Cyber Assets That Hackers C...
ICS Cybersecurity: How to Protect the Proprietary Cyber Assets That Hackers C...EnergySec
 
Where Cyber Security Meets Operational Value
Where Cyber Security Meets Operational ValueWhere Cyber Security Meets Operational Value
Where Cyber Security Meets Operational ValueEnergySec
 
Where Are All The ICS Attacks?
Where Are All The ICS Attacks?Where Are All The ICS Attacks?
Where Are All The ICS Attacks?EnergySec
 
SAP’s Utilities Roadmap Overview, The Evolution of Regulatory Compliance and ...
SAP’s Utilities Roadmap Overview, The Evolution of Regulatory Compliance and ...SAP’s Utilities Roadmap Overview, The Evolution of Regulatory Compliance and ...
SAP’s Utilities Roadmap Overview, The Evolution of Regulatory Compliance and ...EnergySec
 
Industry Reliability and Security Standards Working Together
Industry Reliability and Security Standards Working TogetherIndustry Reliability and Security Standards Working Together
Industry Reliability and Security Standards Working TogetherEnergySec
 
What the Department of Defense and Energy Sector Can Learn from Each Other
What the Department of Defense and Energy Sector Can Learn from Each OtherWhat the Department of Defense and Energy Sector Can Learn from Each Other
What the Department of Defense and Energy Sector Can Learn from Each OtherEnergySec
 

Mehr von EnergySec (20)

Gary Leatherman - A Holistic Approach for Reimagining Cyber Defense
Gary Leatherman - A Holistic Approach for Reimagining Cyber DefenseGary Leatherman - A Holistic Approach for Reimagining Cyber Defense
Gary Leatherman - A Holistic Approach for Reimagining Cyber Defense
 
Slide Griffin - Practical Attacks and Mitigations
Slide Griffin - Practical Attacks and MitigationsSlide Griffin - Practical Attacks and Mitigations
Slide Griffin - Practical Attacks and Mitigations
 
Patrick Miller - Tackling Tomorrow's Biggest Cybersecurity Problems with Real...
Patrick Miller - Tackling Tomorrow's Biggest Cybersecurity Problems with Real...Patrick Miller - Tackling Tomorrow's Biggest Cybersecurity Problems with Real...
Patrick Miller - Tackling Tomorrow's Biggest Cybersecurity Problems with Real...
 
Jack Whitsitt - Yours, Anecdotally
Jack Whitsitt - Yours, AnecdotallyJack Whitsitt - Yours, Anecdotally
Jack Whitsitt - Yours, Anecdotally
 
Steve Parker - The Internet of Everything: Cyber-defense in an Age of Ubiquit...
Steve Parker - The Internet of Everything: Cyber-defense in an Age of Ubiquit...Steve Parker - The Internet of Everything: Cyber-defense in an Age of Ubiquit...
Steve Parker - The Internet of Everything: Cyber-defense in an Age of Ubiquit...
 
Daniel Lance - What "You've Got Mail" Taught Me About Cyber Security
Daniel Lance - What "You've Got Mail" Taught Me About Cyber SecurityDaniel Lance - What "You've Got Mail" Taught Me About Cyber Security
Daniel Lance - What "You've Got Mail" Taught Me About Cyber Security
 
Lessons Learned For NERC CIPv5 Compliance & Configuration Change Management
Lessons Learned For NERC CIPv5 Compliance & Configuration Change ManagementLessons Learned For NERC CIPv5 Compliance & Configuration Change Management
Lessons Learned For NERC CIPv5 Compliance & Configuration Change Management
 
Explore the Implicit Requirements of the NERC CIP RSAWs
Explore the Implicit Requirements of the NERC CIP RSAWsExplore the Implicit Requirements of the NERC CIP RSAWs
Explore the Implicit Requirements of the NERC CIP RSAWs
 
Wireless Sensor Networks: Nothing is Out of Reach
Wireless Sensor Networks: Nothing is Out of ReachWireless Sensor Networks: Nothing is Out of Reach
Wireless Sensor Networks: Nothing is Out of Reach
 
Please, Come and Hack my SCADA System!
Please, Come and Hack my SCADA System!Please, Come and Hack my SCADA System!
Please, Come and Hack my SCADA System!
 
Unidirectional Network Architectures
Unidirectional Network ArchitecturesUnidirectional Network Architectures
Unidirectional Network Architectures
 
NERC CIP Version 5 and Beyond – Compliance and the Vendor’s Role
NERC CIP Version 5 and Beyond – Compliance and the Vendor’s RoleNERC CIP Version 5 and Beyond – Compliance and the Vendor’s Role
NERC CIP Version 5 and Beyond – Compliance and the Vendor’s Role
 
Industrial Technology Trajectory: Running With Scissors
Industrial Technology Trajectory: Running With ScissorsIndustrial Technology Trajectory: Running With Scissors
Industrial Technology Trajectory: Running With Scissors
 
The Path to Confident Compliance and the Transition to NERC CIP Version 5 – A...
The Path to Confident Compliance and the Transition to NERC CIP Version 5 – A...The Path to Confident Compliance and the Transition to NERC CIP Version 5 – A...
The Path to Confident Compliance and the Transition to NERC CIP Version 5 – A...
 
ICS Cybersecurity: How to Protect the Proprietary Cyber Assets That Hackers C...
ICS Cybersecurity: How to Protect the Proprietary Cyber Assets That Hackers C...ICS Cybersecurity: How to Protect the Proprietary Cyber Assets That Hackers C...
ICS Cybersecurity: How to Protect the Proprietary Cyber Assets That Hackers C...
 
Where Cyber Security Meets Operational Value
Where Cyber Security Meets Operational ValueWhere Cyber Security Meets Operational Value
Where Cyber Security Meets Operational Value
 
Where Are All The ICS Attacks?
Where Are All The ICS Attacks?Where Are All The ICS Attacks?
Where Are All The ICS Attacks?
 
SAP’s Utilities Roadmap Overview, The Evolution of Regulatory Compliance and ...
SAP’s Utilities Roadmap Overview, The Evolution of Regulatory Compliance and ...SAP’s Utilities Roadmap Overview, The Evolution of Regulatory Compliance and ...
SAP’s Utilities Roadmap Overview, The Evolution of Regulatory Compliance and ...
 
Industry Reliability and Security Standards Working Together
Industry Reliability and Security Standards Working TogetherIndustry Reliability and Security Standards Working Together
Industry Reliability and Security Standards Working Together
 
What the Department of Defense and Energy Sector Can Learn from Each Other
What the Department of Defense and Energy Sector Can Learn from Each OtherWhat the Department of Defense and Energy Sector Can Learn from Each Other
What the Department of Defense and Energy Sector Can Learn from Each Other
 

Kürzlich hochgeladen

Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Hiroshi SHIBATA
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...itnewsafrica
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfNeo4j
 
Zeshan Sattar- Assessing the skill requirements and industry expectations for...
Zeshan Sattar- Assessing the skill requirements and industry expectations for...Zeshan Sattar- Assessing the skill requirements and industry expectations for...
Zeshan Sattar- Assessing the skill requirements and industry expectations for...itnewsafrica
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityIES VE
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Farhan Tariq
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch TuesdayIvanti
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Strongerpanagenda
 
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...Nikki Chapple
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterMydbops
 
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security ObservabilityGlenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security Observabilityitnewsafrica
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesThousandEyes
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality AssuranceInflectra
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsRavi Sanghani
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Alkin Tezuysal
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 

Kürzlich hochgeladen (20)

Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdf
 
Zeshan Sattar- Assessing the skill requirements and industry expectations for...
Zeshan Sattar- Assessing the skill requirements and industry expectations for...Zeshan Sattar- Assessing the skill requirements and industry expectations for...
Zeshan Sattar- Assessing the skill requirements and industry expectations for...
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a reality
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch Tuesday
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
 
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL Router
 
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security ObservabilityGlenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and Insights
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 

EnergySec and the NESCO overview

  • 1. EnergySec and the NESCO Steven Parker The National Electric Sector Cybersecurity Organization EPRI/NESCOR Weekly Meeting a DOE-funded EnergySec program TM 2 December 2010
  • 2. EnergySec Overview • Started in 2005 as ESEC-NW • Received SANS Information Sharing award, 2008 • Over 350 members from 104 organizations • 67% of US electric distribution • 55% of US electric generation • Goals: • Information sharing • Security analysis and best practices • Rapid, informal dissemination of relevant information The National Electric Sector Cybersecurity Organization a DOE-funded EnergySec program TM
  • 3. We’ve Been Busy 2010 • Dec 2008: Incorporation • Oct 2009: 501(c)(3) determination • April 2010: NESCO FOA submission • July 2010: NESCO Award! 2009 2008 2007 EnergySec membership growth The National Electric Sector Cybersecurity Organization a DOE-funded EnergySec program TM
  • 4. National Electric Sector Cybersecurity Organization • R. 3183 “...the Secretary shall establish an independent national energy sector cyber security organization...” • Department Of Energy issued FOA on March 31, 2010 • Two organizations received awards: • EnergySec was selected to form the National Electric Sector CyberSecurity Organization (NESCO) • The Electric Power Research Institute (EPRI) was selected as a research and analysis resource to this organization (NESCOR) The National Electric Sector Cybersecurity Organization a DOE-funded EnergySec program TM
  • 5. National Electric Sector Cybersecurity Organization • Purpose is to “establish a National Electric Sector Cyber Security Organization that has the knowledge, capabilities, and experience to protect the electric grid and enhance integration of smart grid technologies that are adequately protected against cyber attacks.” • “This organization will serve as a focal point to bring together domestic and international experts, developers, and users who will assess and test the security of novel technology, architectures, and applications.” The National Electric Sector Cybersecurity Organization a DOE-funded EnergySec program TM
  • 6. National Electric Sector Cybersecurity Organization • Mission: Lead a broad-based, public-private partnership to improve electric sector energy systems cyber security; become the security voice of the industry • Vision: An industry owned and operated group that supports electric sector response efforts to address cyber events • Goals: • Identify and disseminate common, effective cyber security practices to the sector • Analyze, monitor and relay infrastructure weakness The National Electric Sector Cybersecurity Organization a DOE-funded EnergySec program TM
  • 7. Key Differentiators • What is the difference between EnergySec and NESCO? • NESCO is a DOE-funded program under the EnergySec non-profit umbrella • What is the difference between NESCO and NESCOR? • NESCO is the primary role, NESCOR is the resource • Is EnergySec/NESCO a product or service vendor? • No; EnergySec is a non-profit 501(c)(3) organization The National Electric Sector Cybersecurity Organization a DOE-funded EnergySec program TM
  • 8. Key Differentiators • Is EnergySec or NESCO a government agency? • No; EnergySec is a non-profit 501(c)(3) organization • Is EnergySec/NESCO involved in regulation? • No; EnergySec/NESCO has no regulatory authority The National Electric Sector Cybersecurity Organization a DOE-funded EnergySec program TM
  • 9. Key Differentiators • What is the difference between EnergySec/NESCO and the NERC ES-ISAC? • EnergySec/NESCO: Non-regulatory; participation and reporting are not required (voluntary); industry funded; supports ISAC • NERC ES-ISAC: Regulatory, participation and reporting is mandatory; statutorily funded The National Electric Sector Cybersecurity Organization a DOE-funded EnergySec program TM
  • 10. Key Differentiators • What is the difference between EnergySec/NESCO and the DHS ICS-CERT? • EnergySec/NESCO: Energy sector focus; discretionary classification of information; near real-time; informal • DHS ICS-CERT: Control systems focus (all sectors); extended duration before information is classified and released; formal The National Electric Sector Cybersecurity Organization a DOE-funded EnergySec program TM
  • 11. Conflicting Goals • US Government • Industry • Reliability, survivability • Reliability and and resiliency availability • National and economic • Compliance security • Cost savings • Public order; confidence The National Electric Sector Cybersecurity Organization a DOE-funded EnergySec program TM
  • 12. Information Sharing Characteristics • US Government • Industry • Deliberate and • Often more ad hoc and authoritative much more agile • Often highly • 100% accuracy isn’t compartmentalized and always required classified • Difficult to handle • Over-classifies threats classified information and incidents for CI/KR • Can share more freely • Holds only some of the without needing relevant information authorization The National Electric Sector Cybersecurity Organization a DOE-funded EnergySec program TM
  • 13. Public-Private Environment Perceptions • Government cannot provide information to the private sector fast enough or broadly enough to be useful because of concerns about information sensitivity and control • Industry cannot protect the information that is shared, except under contracts or special legal situations (e.g. Defense Industrial Base) • Lack of parity in degree/quality of information shared • Differing goals and motivation between Government and Industry The National Electric Sector Cybersecurity Organization a DOE-funded EnergySec program TM
  • 14. Collaborative Focus Areas • Industry-specific Problems • Smart Grid • Situational Awareness, Data Analysis • Threats and Vulnerabilities • Security Solutions R&D • Incident Response, Forensics The National Electric Sector Cybersecurity Organization a DOE-funded EnergySec program TM
  • 15. Building Relationships • Building relationships is our purpose • Annual Summit • Semi-annual town hall meetings • Regional meetings • Collaborative projects • Workgroups • Webinars The National Electric Sector Cybersecurity Organization a DOE-funded EnergySec program TM
  • 16. Programs • Solutions development • Working groups • Forensics • Data analysis The National Electric Sector Cybersecurity Organization a DOE-funded EnergySec program TM
  • 17. Technology • Portal • WebEx • Instant messaging • Email; listserv • Code repository • Rapid notification system The National Electric Sector Cybersecurity Organization a DOE-funded EnergySec program TM
  • 18. portal.energysec.org • In use since 2008 • Secure communications portal • ICSJWG • HYDRA • Critical Intelligence • Version 3 with new functionality in 2011 The National Electric Sector Cybersecurity Organization a DOE-funded EnergySec program TM
  • 19. portal.energysec.org The National Electric Sector Cybersecurity Organization a DOE-funded EnergySec program TM
  • 20. share.energysec.org • Currently in concept stage • Source code repository • System configurations • Reference architectures • Attack signatures • Whatever else the community dreams up • Beta in 1h11; go live 2h11 The National Electric Sector Cybersecurity Organization a DOE-funded EnergySec program TM
  • 21. Rapid Notification System • Concept stage: Technology to be determined • Targeted at security operations staff • The goal is rapid dissemination of alerts • Multiple notification vehicles: • SMS • Phone • Email • XMPP (Instant Messaging) • Other The National Electric Sector Cybersecurity Organization a DOE-funded EnergySec program TM
  • 22. Putting The Pieces Together • Government • Asset Owners • Vendors and Suppliers • Academia • Researchers • Security Groups Steve Parker Vice President, EnergySec The National Electric Sector Cybersecurity Organization steve@energysec.org a DOE-funded EnergySec program TM 503.446.1214

Hinweis der Redaktion

  1. \n
  2. \n
  3. Place holder for bibliographic information\n\n
  4. \n
  5. We’re flattered to be the group that DOE has chosen to lead cybersecurity efforts for the electric industry.\n
  6. \n
  7. \n
  8. \n
  9. \n
  10. \n
  11. \n
  12. \n
  13. \n
  14. So if we are going to work together, what are some of the key areas we can collaborate in?\n\n
  15. Highlights of how EnergySec build relationships\n\n
  16. Coordinate “end user” testing opportunities for projects and research requiring broad industry adoption for success\n Create working groups to evaluate incidents and best practices.\n Establish trusted partner relationships with organizations who lead the forensics space.\n Design and implement effective data analysis program.\n
  17. close: I want to touch on a couple of innovative collaboration methods we’ve developed for the industry.\n
  18. \n
  19. \n
  20. Platform for community projects\nCurrently in concept stage.\n\n
  21. This is intended to provide near real-time notifications for cyber security events.\n\n
  22. We’re announcing a formal sponsorship program this week.\nIncludes academia\n