SlideShare a Scribd company logo

Tripwire Energy Working Group: Keynote w/Patrick Miller

Tripwire
Tripwire

State of Cybersecurity in the electric

Technology
1 of 20
STATE OF CYBERSECURITY IN THE ELECTRIC UTILITY INDUSTRY Tripwire Energy Working Group – August 10 2021
INTRODUCTION • Former utility staff (telecommunications, water & electric) • First NERC CIP auditor in the US • Drafter of NERC CIP standards and formal interpretations • NERC CIP Supply Chain Working Group contributor • Former Principal Investigator US DOE National Electric Sector Cybersecurity Organization • EnergySec Founder, Director and President Emeritus • Centro de Ciberseguridad Industrial (CCI) US Coordinator • Cybersecurity Advisory Team for State Solar, NARUC/NASEO • Advisor to multiple industrial security product vendors • GCIP, CISA, CRISC, CISSP-ISSAP, SSCP, NSA-IAM, CVI, TCP, SCP 8/16/202 1 pmiller@amperesec.com | @patrickcmiller | +15032721414 | www.amperesec.com 2
GLOBAL SITUATION • Infrastructure is a target • Your adversaries have three things you don’t • Who are you up against? • Organized crime • Nation states • Non-governmental organizations (NGOs) • Competitors • Ourselves (Hanlon’s Razor) • We all buy our gear from the same sources • Attribution is getting better • Cyber warfare, espionage and prosecution norms 8/16/202 1 pmiller@amperesec.com | @patrickcmiller | +15032721414 | www.amperesec.com 3
CRYSTAL BALL • Each “catalytic event” creates a cyber-avalanche • NERC CIP moved the needle for electric sector, everyone noticed • Legislators, regulators and commissions are getting wiser • 18 new cybersecurity bills introduced in just this session • Regulation to the rescue! • Real world examples: • Global trend (NIS, CAF, BSI, 62443, NIST 800-53/82/CSF, NERC CIP) • FERC RFI seeking to align with NIST • 100-day Plan to Address Cybersecurity Risks • ES-C2M2 (new version) & ONG C2-M2 being used by commissions and underwriters • TSA Pipeline Security Guidelines updated, Security Directives (x2); API 1164 • DHS CISA ICS attack history • Recent updates to CFATS • Too many Executive Orders to list • New National Security Memorandum 8/16/202 1 pmiller@amperesec.com | @patrickcmiller | +15032721414 | www.amperesec.com 4
NATIONAL SECURITY MEMORANDUM • Not a law/regulation – voluntary collaborative initiative (for now) • Baseline security controls across all critical infra sectors • Some controls will be common with existing frameworks (CIP) • NIST 800-53/82 are being promoted (expected) to be the set • Measurement (no enforcement) will be DHS CISA and SSA • Unclear how measurement will happen (audit, assessment?) • Will apply first to electricity subsector, then gas, chemical, water • Unclear if “National Security” banner will loop in Distribution • Final framework to be completed by July 28, 2022 • Clear signaling that participation is expected, or else… 8/16/202 1 pmiller@amperesec.com | @patrickcmiller | +15032721414 | www.amperesec.com 5
NSM – WHAT DO I NEED TO DO? • “…deployment of technologies and systems that provide threat [and anomaly] visibility, indications, detection, and warnings…” • “…response capabilities for cybersecurity in essential control system and operational technology networks…” • …” Government and industry to collaborate to take immediate action…” • “…baseline cybersecurity goals that are consistent across all critical infrastructure sectors…” 8/16/202 1 pmiller@amperesec.com | @patrickcmiller | +15032721414 | www.amperesec.com 6
NSM – RECOMMENDED ACTIONS • Gap assessment of current CIP controls against 800-53/82 • CIP has already been mapped, use existing tools • Create action plan to remediate any control gaps • Owners, actions, dates, budget • Begin any architecture/system modifications needed for increased monitoring, detection, response and recovery • Procure and/or tune network anomaly detection software • CRISP, Neighborhood Keeper, Essence or other • Establish trained and resourced security operations function • Can be outsourced or insourced • Process, analyze, respond and tune new tools • Perform REAL incident and recovery response exercises 8/16/202 1 pmiller@amperesec.com | @patrickcmiller | +15032721414 | www.amperesec.com 7
NSA – VOLUNTARY VS. MANDATORY • PR incentives/hit – public perception minimum bar has been set • Cyber insurance impacts can be very real • Business partnerships – upstream/downstream; M&A, contracts • Constrained markets over time • Earlier adopter bonus points with oversight body • Easier to demonstrate proactive continuous improvement vs. late-stage, time-constrained, forced, and reactive efforts • Given the situational gravity, it may be inevitable • If not the NSM, then any one of the other “influences” 8/16/202 1 pmiller@amperesec.com | @patrickcmiller | +15032721414 | www.amperesec.com 8
DIRECT SIGNALING "...defend US critical infrastructure by encouraging & facilitating deployment of tech & systems that provide threat visibility, indications, detection, & warnings, & that facilitate response capabilities for cybersecurity in essential control system & operational tech networks.” "We’re committed to addressing it. We’re starting with voluntary, as much as we can, because we want to do this in full partnership. And — but we’re also pursuing all options we have in order to make the rapid progress we need.” "...multiple administrations have recognized that there are no mandated authorities to mandate cybersecurity requirements for critical infrastructure... in the context of our openly saying that we really are committed to addressing the limited and piecemeal regulation...” "The President is essentially saying, 'We expect responsible owners and operators to meet these performance goals. We will look to you to implement this.’” - National Security Memorandum on Improving Cybersecurity for Critical Infrastructure Control Systems, The White House June 28, 2021 8/16/202 1 pmiller@amperesec.com | @patrickcmiller | +15032721414 | www.amperesec.com 9
COMMON SOLUTION THREADS • For organizations already subject to NERC CIP, much can be borrowed • Other controls frameworks also exist for an “overlay” (mapping) approach to managing compliance risk • Portable skill sets across sector types in OT • IT already has common skill pool • Some Common solutions exist for IT and OT • Hardware • Software 8/16/202 1 pmiller@amperesec.com | @patrickcmiller | +15032721414 | www.amperesec.com 10
“REGULATORY” FORECAST • Whether direct regulation (CIP, TSA, AWWA, CFATS) or indirect “transitive” regulation (NIST, EO, NSM), new normal is: • Buy only “trusted” hardware, software, services • Know all cyber assets in your environment • Know the security posture for all cyber assets • Segment and restrict access (zero trust, MFA) • Monitoring and detection at asset and network level • Strong incident response capability • Strong recovery capability • Less “guessing” - aligns with guidelines, regulation, Executive Orders, National Security Memos, etc. in peer sectors • Get ahead of this before it is mandated 8/16/202 1 pmiller@amperesec.com | @patrickcmiller | +15032721414 | www.amperesec.com 11
ASSETS AND ARCHITECTURE • Do you have an asset inventory? • Not everything, but even just the critical stuff • Back it with change control or expect drift (waste time/money) • Do you have an environment you can defend? • Segmented networks • One-way traffic • MFA and strict remote access controls • Shear-away networks, “crumple zones,” intelligent islanding • Interdependencies can be your Achilles heel • Runs converse to many current approaches 8/16/202 1 pmiller@amperesec.com | @patrickcmiller | +15032721414 | www.amperesec.com 12
IN THE LAND OF THE BLIND • Would you know – with sufficient confidence – if there was (or was not) an adversary in your system? • Monitoring is in every federal conversation now • CRISP, Neighborhood Keeper, Essense… • “Smoke detectors” will be required in the “building code” • Regulation, insurance, diligence, reporting (data breach) • Start where you can, tune, then lather, rinse, repeat • Based on solid asset inventory and feeds response and/or recovery 8/16/202 1 pmiller@amperesec.com | @patrickcmiller | +15032721414 | www.amperesec.com 13
SUPPLY CHAIN RISK MANAGEMENT • NERC CIP-013 is the tip of the iceberg • Adding new asset types and moving to low impact • Multiple Executive Orders, probably more to come • ”No-buy” lists, rip/replace, legacy risk often unaddressed • “Made in” often means “assembled in” • How far do you go? Was it far enough? • HBOM, SBOM, FBOM • CyberStar, transparency centers, certification, validation • Frustration and costs go up for everyone 8/16/202 1 pmiller@amperesec.com | @patrickcmiller | +15032721414 | www.amperesec.com 14
PRACTICE LIKE IT’S GAME DAY • When was the last time you did a real incident response exercise? • Did it include a recovery drill? • Did it include IT impacting OT through business process? • Everything else leads up to this • Asset inventory, supply chain, segmentation, monitoring • Borrow from operations (and safety) • Can you really go to manual? For how long? • Expect “oversight” and media when it happens • Cyber NTSB, CISA, E-ISAC, FBI, Commerce, State… • What happens to one utility will affect all others… 8/16/202 1 pmiller@amperesec.com | @patrickcmiller | +15032721414 | www.amperesec.com 15
NERC CIP HORIZON • Legislators, regulators and agencies are getting wiser • Drifting toward NIST (FERC RFI) • Focus on CIP-007, CIP-008 and CIP-009 • Monitoring, incident response, and recovery • Supply Chain • Coming to a Low Impact asset near you • Cloud (BCSI and BCS) • Virtualization • Biggest shift in CIP since v3 to v5 • Global adoption is picking up steam 8/16/202 1 pmiller@amperesec.com | @patrickcmiller | +15032721414 | www.amperesec.com 16
NON-REGULATORY FORECAST • Innovation is accelerating disruption and disruption • OT looking more like IT, getting closer to just T • Smart everything will be connected to smart everything • Ever increasing dependence on technology and data • Losing touch with manual options • Artificially intelligent systems can still be hacked • Competing forces of unregulated greenfield business in distribution vs. threat of regulation for distribution 8/16/202 1 pmiller@amperesec.com | @patrickcmiller | +15032721414 | www.amperesec.com 17
DATA WILL ALSO BE YOUR BUSINESS • Digital transformation, convergence & other buzzwords • Data is the new oil …and also the new toxic waste • Everything you buy is digital now, with a connection • What happens when everything in your operation generates a data (revenue) stream? • Someone else can do it faster and better than you • You may possibly make more revenue from operational data than the electrons used to create the data 8/16/202 1 pmiller@amperesec.com | @patrickcmiller | +15032721414 | www.amperesec.com 18
EMBRACING THE FUTURE • More regulation is coming – must be “this tall” to ride • Will likely go beyond NERC CIP, but not by much • Wider possible applicability • Regulations and standards will shift with threats and tech • For example, ransomware… • Control norms are emerging for both OT and IT, globally • Technology is transforming how we can do business • Data as a revenue stream will become more common • Regulation is changing to allow new virtualized and cloud models for data, applications and even infrastructure • GoToMySCADA/HMI/DCS/EMS/PLC/DigitalTwin is a thing 8/16/202 1 pmiller@amperesec.com | @patrickcmiller | +15032721414 | www.amperesec.com 19
CONTACT ME 8/16/202 1 pmiller@amperesec.com | @patrickcmiller | +15032721414 | www.amperesec.com 20 @PATRICKCMILLER LINKEDIN.COM/IN/MILLERPATRICKC PMILLER@AMPERESEC.COM WWW.AMPERESEC.COM +1.503.272.1414

Recommended

Key Challenges Facing IT/OT: Hear From The Experts
Key Challenges Facing IT/OT: Hear From The ExpertsKey Challenges Facing IT/OT: Hear From The Experts
Key Challenges Facing IT/OT: Hear From The Experts
Tripwire
 
Time for Your Compliance Check-Up: How Mercy Health Uses Tripwire to Pass Audits
Time for Your Compliance Check-Up: How Mercy Health Uses Tripwire to Pass AuditsTime for Your Compliance Check-Up: How Mercy Health Uses Tripwire to Pass Audits
Time for Your Compliance Check-Up: How Mercy Health Uses Tripwire to Pass Audits
Tripwire
 
Energy Industry Organizational Strategies to Increase Cyber Resiliency
Energy Industry Organizational Strategies to Increase Cyber ResiliencyEnergy Industry Organizational Strategies to Increase Cyber Resiliency
Energy Industry Organizational Strategies to Increase Cyber Resiliency
EnergySec
 
NTXISSACSC2 - Bring Your Own Device: The Great Debate by Brandon Swain
NTXISSACSC2 - Bring Your Own Device: The Great Debate by Brandon SwainNTXISSACSC2 - Bring Your Own Device: The Great Debate by Brandon Swain
NTXISSACSC2 - Bring Your Own Device: The Great Debate by Brandon Swain
North Texas Chapter of the ISSA
 
Gary Leatherman - A Holistic Approach for Reimagining Cyber Defense
Gary Leatherman - A Holistic Approach for Reimagining Cyber DefenseGary Leatherman - A Holistic Approach for Reimagining Cyber Defense
Gary Leatherman - A Holistic Approach for Reimagining Cyber Defense
EnergySec
 
Dynamic Cyber Defense
Dynamic Cyber DefenseDynamic Cyber Defense
Dynamic Cyber Defense
EnergySec
 
Advanced Persistent Threat - Evaluating Effective Responses
Advanced Persistent Threat - Evaluating Effective ResponsesAdvanced Persistent Threat - Evaluating Effective Responses
Advanced Persistent Threat - Evaluating Effective Responses
NetIQ
 
NESCO Town Hall Workforce Development Presentation
NESCO Town Hall Workforce Development PresentationNESCO Town Hall Workforce Development Presentation
NESCO Town Hall Workforce Development Presentation
EnergySec
 

Recommended

Key Challenges Facing IT/OT: Hear From The Experts
Key Challenges Facing IT/OT: Hear From The ExpertsKey Challenges Facing IT/OT: Hear From The Experts
Key Challenges Facing IT/OT: Hear From The Experts
Tripwire
 
Time for Your Compliance Check-Up: How Mercy Health Uses Tripwire to Pass Audits
Time for Your Compliance Check-Up: How Mercy Health Uses Tripwire to Pass AuditsTime for Your Compliance Check-Up: How Mercy Health Uses Tripwire to Pass Audits
Time for Your Compliance Check-Up: How Mercy Health Uses Tripwire to Pass Audits
Tripwire
 
Energy Industry Organizational Strategies to Increase Cyber Resiliency
Energy Industry Organizational Strategies to Increase Cyber ResiliencyEnergy Industry Organizational Strategies to Increase Cyber Resiliency
Energy Industry Organizational Strategies to Increase Cyber Resiliency
EnergySec
 
NTXISSACSC2 - Bring Your Own Device: The Great Debate by Brandon Swain
NTXISSACSC2 - Bring Your Own Device: The Great Debate by Brandon SwainNTXISSACSC2 - Bring Your Own Device: The Great Debate by Brandon Swain
NTXISSACSC2 - Bring Your Own Device: The Great Debate by Brandon Swain
North Texas Chapter of the ISSA
 
Gary Leatherman - A Holistic Approach for Reimagining Cyber Defense
Gary Leatherman - A Holistic Approach for Reimagining Cyber DefenseGary Leatherman - A Holistic Approach for Reimagining Cyber Defense
Gary Leatherman - A Holistic Approach for Reimagining Cyber Defense
EnergySec
 
Dynamic Cyber Defense
Dynamic Cyber DefenseDynamic Cyber Defense
Dynamic Cyber Defense
EnergySec
 
Advanced Persistent Threat - Evaluating Effective Responses
Advanced Persistent Threat - Evaluating Effective ResponsesAdvanced Persistent Threat - Evaluating Effective Responses
Advanced Persistent Threat - Evaluating Effective Responses
NetIQ
 
NESCO Town Hall Workforce Development Presentation
NESCO Town Hall Workforce Development PresentationNESCO Town Hall Workforce Development Presentation
NESCO Town Hall Workforce Development Presentation
EnergySec
 
Cybersecurity for Energy: Moving Beyond Compliance
Cybersecurity for Energy: Moving Beyond ComplianceCybersecurity for Energy: Moving Beyond Compliance
Cybersecurity for Energy: Moving Beyond Compliance
EnergySec
 
SANS Critical Security Controls Summit London 2013
SANS Critical Security Controls Summit London 2013SANS Critical Security Controls Summit London 2013
SANS Critical Security Controls Summit London 2013
Wolfgang Kandek
 
Integrating Cyber Security Alerts into the Operator Display
Integrating Cyber Security Alerts into the Operator DisplayIntegrating Cyber Security Alerts into the Operator Display
Integrating Cyber Security Alerts into the Operator Display
EnergySec
 
NTXISSACSC1 Conference - Cybersecurity 2014 by Andrea Almeida
NTXISSACSC1 Conference - Cybersecurity 2014 by Andrea AlmeidaNTXISSACSC1 Conference - Cybersecurity 2014 by Andrea Almeida
NTXISSACSC1 Conference - Cybersecurity 2014 by Andrea Almeida
North Texas Chapter of the ISSA
 
Integration of Technology & Compliance Presented by John Heintz, CPS Energy
Integration of Technology & Compliance Presented by John Heintz, CPS EnergyIntegration of Technology & Compliance Presented by John Heintz, CPS Energy
Integration of Technology & Compliance Presented by John Heintz, CPS Energy
stacybre
 
Alex Hanway - Securing the Breach: Using a Holistic Data Protection Framework
Alex Hanway - Securing the Breach: Using a Holistic Data Protection FrameworkAlex Hanway - Securing the Breach: Using a Holistic Data Protection Framework
Alex Hanway - Securing the Breach: Using a Holistic Data Protection Framework
centralohioissa
 
Scrubbing Your Active Directory Squeaky Clean
Scrubbing Your Active Directory Squeaky CleanScrubbing Your Active Directory Squeaky Clean
Scrubbing Your Active Directory Squeaky Clean
NetIQ
 
The Future of Technology Operations
The Future of Technology OperationsThe Future of Technology Operations
The Future of Technology Operations
Ivanti
 
Ruben Melendez - Economically Justifying IT Security Initiatives
Ruben Melendez - Economically Justifying IT Security InitiativesRuben Melendez - Economically Justifying IT Security Initiatives
Ruben Melendez - Economically Justifying IT Security Initiatives
centralohioissa
 
Multi-Cloud, Multi-Network Cyber Awareness, Monitoring and Management by Fran...
Multi-Cloud, Multi-Network Cyber Awareness, Monitoring and Management by Fran...Multi-Cloud, Multi-Network Cyber Awareness, Monitoring and Management by Fran...
Multi-Cloud, Multi-Network Cyber Awareness, Monitoring and Management by Fran...
TheAnfieldGroup
 
The Future of Cyber Security - Matthew Rosenquist
The Future of Cyber Security - Matthew RosenquistThe Future of Cyber Security - Matthew Rosenquist
The Future of Cyber Security - Matthew Rosenquist
Matthew Rosenquist
 
A Smarter, More Secure Internet of Things
A Smarter, More Secure Internet of Things A Smarter, More Secure Internet of Things
A Smarter, More Secure Internet of Things
NetIQ
 
Delve Labs - Upcoming Security Challenges for the Internet of Things
Delve Labs - Upcoming Security Challenges for the Internet of ThingsDelve Labs - Upcoming Security Challenges for the Internet of Things
Delve Labs - Upcoming Security Challenges for the Internet of Things
Frederic Roy-Gobeil, CPA, CGA, M.Tax.
 
Cybersercurity Resource Allocation & Efficacy Index: 2020 - 2021 Trends
Cybersercurity Resource Allocation & Efficacy Index: 2020 - 2021 TrendsCybersercurity Resource Allocation & Efficacy Index: 2020 - 2021 Trends
Cybersercurity Resource Allocation & Efficacy Index: 2020 - 2021 Trends
Ivanti
 
IoT and Cybersecurity: What can be done? by Gerald Faulhaber at Inform[ED] Io...
IoT and Cybersecurity: What can be done? by Gerald Faulhaber at Inform[ED] Io...IoT and Cybersecurity: What can be done? by Gerald Faulhaber at Inform[ED] Io...
IoT and Cybersecurity: What can be done? by Gerald Faulhaber at Inform[ED] Io...
CableLabs
 
Advice for CISOs: How to Approach OT Cybersecurity
Advice for CISOs: How to Approach OT CybersecurityAdvice for CISOs: How to Approach OT Cybersecurity
Advice for CISOs: How to Approach OT Cybersecurity
Mighty Guides, Inc.
 
Intel HIMSS WoHIT mhealth
Intel HIMSS WoHIT mhealthIntel HIMSS WoHIT mhealth
Intel HIMSS WoHIT mhealth
rcnossen
 
OT Experts Share Their Strategies - Securing Critical Infrastructure in the P...
OT Experts Share Their Strategies - Securing Critical Infrastructure in the P...OT Experts Share Their Strategies - Securing Critical Infrastructure in the P...
OT Experts Share Their Strategies - Securing Critical Infrastructure in the P...
Mighty Guides, Inc.
 
Collaborative Threat Mitigation or (Collective Self Defense) by Scott Pinkert...
Collaborative Threat Mitigation or (Collective Self Defense) by Scott Pinkert...Collaborative Threat Mitigation or (Collective Self Defense) by Scott Pinkert...
Collaborative Threat Mitigation or (Collective Self Defense) by Scott Pinkert...
TheAnfieldGroup
 
RSA ASIA 2014 - Internet of Things
RSA ASIA 2014 - Internet of Things RSA ASIA 2014 - Internet of Things
RSA ASIA 2014 - Internet of Things
Wolfgang Kandek
 
Regulators’ Role in Smart Grid Security: What They Want to Know by Alan Rival...
Regulators’ Role in Smart Grid Security: What They Want to Know by Alan Rival...Regulators’ Role in Smart Grid Security: What They Want to Know by Alan Rival...
Regulators’ Role in Smart Grid Security: What They Want to Know by Alan Rival...
TheAnfieldGroup
 
Cybersecurity: Challenges, Initiatives, and Best Practices
Cybersecurity: Challenges, Initiatives, and Best PracticesCybersecurity: Challenges, Initiatives, and Best Practices
Cybersecurity: Challenges, Initiatives, and Best Practices
John Gilligan
 

More Related Content

What's hot

Integrating Cyber Security Alerts into the Operator Display
Integrating Cyber Security Alerts into the Operator DisplayIntegrating Cyber Security Alerts into the Operator Display
Integrating Cyber Security Alerts into the Operator Display
EnergySec
 
The Future of Technology Operations
The Future of Technology OperationsThe Future of Technology Operations
The Future of Technology Operations
Ivanti
 
Ruben Melendez - Economically Justifying IT Security Initiatives
Ruben Melendez - Economically Justifying IT Security InitiativesRuben Melendez - Economically Justifying IT Security Initiatives
Ruben Melendez - Economically Justifying IT Security Initiatives
centralohioissa
 
Multi-Cloud, Multi-Network Cyber Awareness, Monitoring and Management by Fran...
Multi-Cloud, Multi-Network Cyber Awareness, Monitoring and Management by Fran...Multi-Cloud, Multi-Network Cyber Awareness, Monitoring and Management by Fran...
Multi-Cloud, Multi-Network Cyber Awareness, Monitoring and Management by Fran...
TheAnfieldGroup
 
Delve Labs - Upcoming Security Challenges for the Internet of Things
Delve Labs - Upcoming Security Challenges for the Internet of ThingsDelve Labs - Upcoming Security Challenges for the Internet of Things
Delve Labs - Upcoming Security Challenges for the Internet of Things
Frederic Roy-Gobeil, CPA, CGA, M.Tax.
 
Intel HIMSS WoHIT mhealth
Intel HIMSS WoHIT mhealthIntel HIMSS WoHIT mhealth
Intel HIMSS WoHIT mhealth
rcnossen
 

What's hot (20)

Cybersecurity for Energy: Moving Beyond Compliance
Cybersecurity for Energy: Moving Beyond ComplianceCybersecurity for Energy: Moving Beyond Compliance
Cybersecurity for Energy: Moving Beyond Compliance
 
SANS Critical Security Controls Summit London 2013
SANS Critical Security Controls Summit London 2013SANS Critical Security Controls Summit London 2013
SANS Critical Security Controls Summit London 2013
 
Integrating Cyber Security Alerts into the Operator Display
Integrating Cyber Security Alerts into the Operator DisplayIntegrating Cyber Security Alerts into the Operator Display
Integrating Cyber Security Alerts into the Operator Display
 
NTXISSACSC1 Conference - Cybersecurity 2014 by Andrea Almeida
NTXISSACSC1 Conference - Cybersecurity 2014 by Andrea AlmeidaNTXISSACSC1 Conference - Cybersecurity 2014 by Andrea Almeida
NTXISSACSC1 Conference - Cybersecurity 2014 by Andrea Almeida
 
Integration of Technology & Compliance Presented by John Heintz, CPS Energy
Integration of Technology & Compliance Presented by John Heintz, CPS EnergyIntegration of Technology & Compliance Presented by John Heintz, CPS Energy
Integration of Technology & Compliance Presented by John Heintz, CPS Energy
 
Alex Hanway - Securing the Breach: Using a Holistic Data Protection Framework
Alex Hanway - Securing the Breach: Using a Holistic Data Protection FrameworkAlex Hanway - Securing the Breach: Using a Holistic Data Protection Framework
Alex Hanway - Securing the Breach: Using a Holistic Data Protection Framework
 
Scrubbing Your Active Directory Squeaky Clean
Scrubbing Your Active Directory Squeaky CleanScrubbing Your Active Directory Squeaky Clean
Scrubbing Your Active Directory Squeaky Clean
 
The Future of Technology Operations
The Future of Technology OperationsThe Future of Technology Operations
The Future of Technology Operations
 
Ruben Melendez - Economically Justifying IT Security Initiatives
Ruben Melendez - Economically Justifying IT Security InitiativesRuben Melendez - Economically Justifying IT Security Initiatives
Ruben Melendez - Economically Justifying IT Security Initiatives
 
Multi-Cloud, Multi-Network Cyber Awareness, Monitoring and Management by Fran...
Multi-Cloud, Multi-Network Cyber Awareness, Monitoring and Management by Fran...Multi-Cloud, Multi-Network Cyber Awareness, Monitoring and Management by Fran...
Multi-Cloud, Multi-Network Cyber Awareness, Monitoring and Management by Fran...
 
The Future of Cyber Security - Matthew Rosenquist
The Future of Cyber Security - Matthew RosenquistThe Future of Cyber Security - Matthew Rosenquist
The Future of Cyber Security - Matthew Rosenquist
 
A Smarter, More Secure Internet of Things
A Smarter, More Secure Internet of Things A Smarter, More Secure Internet of Things
A Smarter, More Secure Internet of Things
 
Delve Labs - Upcoming Security Challenges for the Internet of Things
Delve Labs - Upcoming Security Challenges for the Internet of ThingsDelve Labs - Upcoming Security Challenges for the Internet of Things
Delve Labs - Upcoming Security Challenges for the Internet of Things
 
Cybersercurity Resource Allocation & Efficacy Index: 2020 - 2021 Trends
Cybersercurity Resource Allocation & Efficacy Index: 2020 - 2021 TrendsCybersercurity Resource Allocation & Efficacy Index: 2020 - 2021 Trends
Cybersercurity Resource Allocation & Efficacy Index: 2020 - 2021 Trends
 
IoT and Cybersecurity: What can be done? by Gerald Faulhaber at Inform[ED] Io...
IoT and Cybersecurity: What can be done? by Gerald Faulhaber at Inform[ED] Io...IoT and Cybersecurity: What can be done? by Gerald Faulhaber at Inform[ED] Io...
IoT and Cybersecurity: What can be done? by Gerald Faulhaber at Inform[ED] Io...
 
Advice for CISOs: How to Approach OT Cybersecurity
Advice for CISOs: How to Approach OT CybersecurityAdvice for CISOs: How to Approach OT Cybersecurity
Advice for CISOs: How to Approach OT Cybersecurity
 
Intel HIMSS WoHIT mhealth
Intel HIMSS WoHIT mhealthIntel HIMSS WoHIT mhealth
Intel HIMSS WoHIT mhealth
 
OT Experts Share Their Strategies - Securing Critical Infrastructure in the P...
OT Experts Share Their Strategies - Securing Critical Infrastructure in the P...OT Experts Share Their Strategies - Securing Critical Infrastructure in the P...
OT Experts Share Their Strategies - Securing Critical Infrastructure in the P...
 
Collaborative Threat Mitigation or (Collective Self Defense) by Scott Pinkert...
Collaborative Threat Mitigation or (Collective Self Defense) by Scott Pinkert...Collaborative Threat Mitigation or (Collective Self Defense) by Scott Pinkert...
Collaborative Threat Mitigation or (Collective Self Defense) by Scott Pinkert...
 
RSA ASIA 2014 - Internet of Things
RSA ASIA 2014 - Internet of Things RSA ASIA 2014 - Internet of Things
RSA ASIA 2014 - Internet of Things
 

Similar to Tripwire Energy Working Group: Keynote w/Patrick Miller

Regulators’ Role in Smart Grid Security: What They Want to Know by Alan Rival...
Regulators’ Role in Smart Grid Security: What They Want to Know by Alan Rival...Regulators’ Role in Smart Grid Security: What They Want to Know by Alan Rival...
Regulators’ Role in Smart Grid Security: What They Want to Know by Alan Rival...
TheAnfieldGroup
 
Automotive Cyber-Security Insights learned from IT and ICS/SCADA
Automotive Cyber-Security Insights learned from IT and ICS/SCADAAutomotive Cyber-Security Insights learned from IT and ICS/SCADA
Automotive Cyber-Security Insights learned from IT and ICS/SCADA
Gilad Bandel
 
Current & Emerging Cyber Security Threats
Current & Emerging Cyber Security ThreatsCurrent & Emerging Cyber Security Threats
Current & Emerging Cyber Security Threats
NCC Group
 

Similar to Tripwire Energy Working Group: Keynote w/Patrick Miller (20)

Regulators’ Role in Smart Grid Security: What They Want to Know by Alan Rival...
Regulators’ Role in Smart Grid Security: What They Want to Know by Alan Rival...Regulators’ Role in Smart Grid Security: What They Want to Know by Alan Rival...
Regulators’ Role in Smart Grid Security: What They Want to Know by Alan Rival...
 
Cybersecurity: Challenges, Initiatives, and Best Practices
Cybersecurity: Challenges, Initiatives, and Best PracticesCybersecurity: Challenges, Initiatives, and Best Practices
Cybersecurity: Challenges, Initiatives, and Best Practices
 
Supply Chain Threats to the US Energy Sector
Supply Chain Threats to the US Energy SectorSupply Chain Threats to the US Energy Sector
Supply Chain Threats to the US Energy Sector
 
Rothke - A Pragmatic Approach To Purchasing Information Security Products
Rothke - A Pragmatic Approach To Purchasing Information Security ProductsRothke - A Pragmatic Approach To Purchasing Information Security Products
Rothke - A Pragmatic Approach To Purchasing Information Security Products
 
CLASS 2022 - Marty Edwards (Tenable) - O perigo crescente de ransomware crimi...
CLASS 2022 - Marty Edwards (Tenable) - O perigo crescente de ransomware crimi...CLASS 2022 - Marty Edwards (Tenable) - O perigo crescente de ransomware crimi...
CLASS 2022 - Marty Edwards (Tenable) - O perigo crescente de ransomware crimi...
 
Spirent: The Internet of Things: The Expanded Security Perimeter
Spirent: The Internet of Things: The Expanded Security Perimeter Spirent: The Internet of Things: The Expanded Security Perimeter
Spirent: The Internet of Things: The Expanded Security Perimeter
 
Automotive Cyber-Security Insights learned from IT and ICS/SCADA
Automotive Cyber-Security Insights learned from IT and ICS/SCADAAutomotive Cyber-Security Insights learned from IT and ICS/SCADA
Automotive Cyber-Security Insights learned from IT and ICS/SCADA
 
2-25-2014 Part 1 - NRECA Kickoff Meeting v2
2-25-2014 Part 1 - NRECA Kickoff Meeting v22-25-2014 Part 1 - NRECA Kickoff Meeting v2
2-25-2014 Part 1 - NRECA Kickoff Meeting v2
 
Nreca kickoff meeting
Nreca kickoff meetingNreca kickoff meeting
Nreca kickoff meeting
 
Current & Emerging Cyber Security Threats
Current & Emerging Cyber Security ThreatsCurrent & Emerging Cyber Security Threats
Current & Emerging Cyber Security Threats
 
Tyler Technology Expo
Tyler Technology ExpoTyler Technology Expo
Tyler Technology Expo
 
Unshakeably Secure, Impeccably Responsible With Taxpayer Dollars: How Knight ...
Unshakeably Secure, Impeccably Responsible With Taxpayer Dollars: How Knight ...Unshakeably Secure, Impeccably Responsible With Taxpayer Dollars: How Knight ...
Unshakeably Secure, Impeccably Responsible With Taxpayer Dollars: How Knight ...
 
Institute of Internal Auditors Presentation 2014
Institute of Internal Auditors Presentation 2014Institute of Internal Auditors Presentation 2014
Institute of Internal Auditors Presentation 2014
 
Don’t Just Trust Cloud Providers - How To Audit Cloud Providers
Don’t Just Trust Cloud Providers - How To Audit Cloud ProvidersDon’t Just Trust Cloud Providers - How To Audit Cloud Providers
Don’t Just Trust Cloud Providers - How To Audit Cloud Providers
 
MYTHBUSTERS: Can You Secure Payments in the Cloud?
MYTHBUSTERS: Can You Secure Payments in the Cloud?MYTHBUSTERS: Can You Secure Payments in the Cloud?
MYTHBUSTERS: Can You Secure Payments in the Cloud?
 
Have the Bad Guys Won the Cyber security War...
Have the Bad Guys Won the Cyber security War...Have the Bad Guys Won the Cyber security War...
Have the Bad Guys Won the Cyber security War...
 
Quant & Crypto Gold
Quant & Crypto GoldQuant & Crypto Gold
Quant & Crypto Gold
 
CSO CXO Series Breakfast
CSO CXO Series BreakfastCSO CXO Series Breakfast
CSO CXO Series Breakfast
 
Final 5_4(10-37PM)
Final 5_4(10-37PM)Final 5_4(10-37PM)
Final 5_4(10-37PM)
 
CLASS 2018 - Palestra de Edgard Capdevielle (Presidente e CEO – Nozomi)
CLASS 2018 - Palestra de Edgard Capdevielle (Presidente e CEO – Nozomi)CLASS 2018 - Palestra de Edgard Capdevielle (Presidente e CEO – Nozomi)
CLASS 2018 - Palestra de Edgard Capdevielle (Presidente e CEO – Nozomi)
 

More from Tripwire

Defend Your Data Now with the MITRE ATT&CK Framework
Defend Your Data Now with the MITRE ATT&CK FrameworkDefend Your Data Now with the MITRE ATT&CK Framework
Defend Your Data Now with the MITRE ATT&CK Framework
Tripwire
 
Jumpstarting Your Cyberdefense Machine with the CIS Controls V7
Jumpstarting Your Cyberdefense Machine with the CIS Controls V7 Jumpstarting Your Cyberdefense Machine with the CIS Controls V7
Jumpstarting Your Cyberdefense Machine with the CIS Controls V7
Tripwire
 

More from Tripwire (20)

Mind the Cybersecurity Gap - Why Compliance Isn't Enough
Mind the Cybersecurity Gap - Why Compliance Isn't EnoughMind the Cybersecurity Gap - Why Compliance Isn't Enough
Mind the Cybersecurity Gap - Why Compliance Isn't Enough
 
Data Privacy Day 2022: Tips to Ensure Data Privacy
Data Privacy Day 2022: Tips to Ensure Data PrivacyData Privacy Day 2022: Tips to Ensure Data Privacy
Data Privacy Day 2022: Tips to Ensure Data Privacy
 
Tripwire Energy Working Group: TIV Demo
Tripwire Energy Working Group: TIV Demo Tripwire Energy Working Group: TIV Demo
Tripwire Energy Working Group: TIV Demo
 
Tripwire Energy Working Group Session w/Dale Peterson
Tripwire Energy Working Group Session w/Dale PetersonTripwire Energy Working Group Session w/Dale Peterson
Tripwire Energy Working Group Session w/Dale Peterson
 
Tripwire Energy Working Group: CIP Solutions and Baseline Walk-Through
Tripwire Energy Working Group: CIP Solutions and Baseline Walk-Through Tripwire Energy Working Group: CIP Solutions and Baseline Walk-Through
Tripwire Energy Working Group: CIP Solutions and Baseline Walk-Through
 
Tripwire Energy Working Group: Customer Session with Chase Cole
Tripwire Energy Working Group: Customer Session with Chase ColeTripwire Energy Working Group: Customer Session with Chase Cole
Tripwire Energy Working Group: Customer Session with Chase Cole
 
World Book Day: Cybersecurity’s Quietest Celebration
World Book Day: Cybersecurity’s Quietest CelebrationWorld Book Day: Cybersecurity’s Quietest Celebration
World Book Day: Cybersecurity’s Quietest Celebration
 
Tripwire Retail Security 2020 Survey: Key Findings
Tripwire Retail Security 2020 Survey: Key FindingsTripwire Retail Security 2020 Survey: Key Findings
Tripwire Retail Security 2020 Survey: Key Findings
 
Key Findings: Tripwire COVID-19 Cybersecurity Impact Report
Key Findings: Tripwire COVID-19 Cybersecurity Impact ReportKey Findings: Tripwire COVID-19 Cybersecurity Impact Report
Key Findings: Tripwire COVID-19 Cybersecurity Impact Report
 
The Adventures of Captain Tripwire: Coloring Book!
The Adventures of Captain Tripwire: Coloring Book!The Adventures of Captain Tripwire: Coloring Book!
The Adventures of Captain Tripwire: Coloring Book!
 
Industrial Cybersecurity: Practical Tips for IT & OT Collaboration
Industrial Cybersecurity: Practical Tips for IT & OT CollaborationIndustrial Cybersecurity: Practical Tips for IT & OT Collaboration
Industrial Cybersecurity: Practical Tips for IT & OT Collaboration
 
The Adventures of Captain Tripwire #1: Captain Tripwire Faces the Indefensibl...
The Adventures of Captain Tripwire #1: Captain Tripwire Faces the Indefensibl...The Adventures of Captain Tripwire #1: Captain Tripwire Faces the Indefensibl...
The Adventures of Captain Tripwire #1: Captain Tripwire Faces the Indefensibl...
 
Tripwire 2019 Skills Gap Survey: Key Findings
Tripwire 2019 Skills Gap Survey: Key FindingsTripwire 2019 Skills Gap Survey: Key Findings
Tripwire 2019 Skills Gap Survey: Key Findings
 
A Look Back at 2018: The Most Memorable Cyber Moments
A Look Back at 2018: The Most Memorable Cyber MomentsA Look Back at 2018: The Most Memorable Cyber Moments
A Look Back at 2018: The Most Memorable Cyber Moments
 
Tripwire State of Cyber Hygiene 2018 Report: Key Findings
Tripwire State of Cyber Hygiene 2018 Report: Key FindingsTripwire State of Cyber Hygiene 2018 Report: Key Findings
Tripwire State of Cyber Hygiene 2018 Report: Key Findings
 
Defend Your Data Now with the MITRE ATT&CK Framework
Defend Your Data Now with the MITRE ATT&CK FrameworkDefend Your Data Now with the MITRE ATT&CK Framework
Defend Your Data Now with the MITRE ATT&CK Framework
 
Defending Critical Infrastructure Against Cyber Attacks
Defending Critical Infrastructure Against Cyber AttacksDefending Critical Infrastructure Against Cyber Attacks
Defending Critical Infrastructure Against Cyber Attacks
 
Jumpstarting Your Cyberdefense Machine with the CIS Controls V7
Jumpstarting Your Cyberdefense Machine with the CIS Controls V7 Jumpstarting Your Cyberdefense Machine with the CIS Controls V7
Jumpstarting Your Cyberdefense Machine with the CIS Controls V7
 
Hunting for Cyber Threats Using Threat Modeling & Frameworks
Hunting for Cyber Threats Using Threat Modeling & Frameworks Hunting for Cyber Threats Using Threat Modeling & Frameworks
Hunting for Cyber Threats Using Threat Modeling & Frameworks
 
Most RSAC Attendees Favor Shorter Vulnerability Disclosure Timelines
Most RSAC Attendees Favor Shorter Vulnerability Disclosure TimelinesMost RSAC Attendees Favor Shorter Vulnerability Disclosure Timelines
Most RSAC Attendees Favor Shorter Vulnerability Disclosure Timelines
 

Recently uploaded

Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Igalia
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
Delhi Call girls
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
giselly40
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
vu2urc
 

Recently uploaded (20)

Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Evaluating the top large language models.pdf
Evaluating the top large language models.pdfEvaluating the top large language models.pdf
Evaluating the top large language models.pdf
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 

Tripwire Energy Working Group: Keynote w/Patrick Miller

  • 1. STATE OF CYBERSECURITY IN THE ELECTRIC UTILITY INDUSTRY Tripwire Energy Working Group – August 10 2021
  • 2. INTRODUCTION • Former utility staff (telecommunications, water & electric) • First NERC CIP auditor in the US • Drafter of NERC CIP standards and formal interpretations • NERC CIP Supply Chain Working Group contributor • Former Principal Investigator US DOE National Electric Sector Cybersecurity Organization • EnergySec Founder, Director and President Emeritus • Centro de Ciberseguridad Industrial (CCI) US Coordinator • Cybersecurity Advisory Team for State Solar, NARUC/NASEO • Advisor to multiple industrial security product vendors • GCIP, CISA, CRISC, CISSP-ISSAP, SSCP, NSA-IAM, CVI, TCP, SCP 8/16/202 1 pmiller@amperesec.com | @patrickcmiller | +15032721414 | www.amperesec.com 2
  • 3. GLOBAL SITUATION • Infrastructure is a target • Your adversaries have three things you don’t • Who are you up against? • Organized crime • Nation states • Non-governmental organizations (NGOs) • Competitors • Ourselves (Hanlon’s Razor) • We all buy our gear from the same sources • Attribution is getting better • Cyber warfare, espionage and prosecution norms 8/16/202 1 pmiller@amperesec.com | @patrickcmiller | +15032721414 | www.amperesec.com 3
  • 4. CRYSTAL BALL • Each “catalytic event” creates a cyber-avalanche • NERC CIP moved the needle for electric sector, everyone noticed • Legislators, regulators and commissions are getting wiser • 18 new cybersecurity bills introduced in just this session • Regulation to the rescue! • Real world examples: • Global trend (NIS, CAF, BSI, 62443, NIST 800-53/82/CSF, NERC CIP) • FERC RFI seeking to align with NIST • 100-day Plan to Address Cybersecurity Risks • ES-C2M2 (new version) & ONG C2-M2 being used by commissions and underwriters • TSA Pipeline Security Guidelines updated, Security Directives (x2); API 1164 • DHS CISA ICS attack history • Recent updates to CFATS • Too many Executive Orders to list • New National Security Memorandum 8/16/202 1 pmiller@amperesec.com | @patrickcmiller | +15032721414 | www.amperesec.com 4
  • 5. NATIONAL SECURITY MEMORANDUM • Not a law/regulation – voluntary collaborative initiative (for now) • Baseline security controls across all critical infra sectors • Some controls will be common with existing frameworks (CIP) • NIST 800-53/82 are being promoted (expected) to be the set • Measurement (no enforcement) will be DHS CISA and SSA • Unclear how measurement will happen (audit, assessment?) • Will apply first to electricity subsector, then gas, chemical, water • Unclear if “National Security” banner will loop in Distribution • Final framework to be completed by July 28, 2022 • Clear signaling that participation is expected, or else… 8/16/202 1 pmiller@amperesec.com | @patrickcmiller | +15032721414 | www.amperesec.com 5
  • 6. NSM – WHAT DO I NEED TO DO? • “…deployment of technologies and systems that provide threat [and anomaly] visibility, indications, detection, and warnings…” • “…response capabilities for cybersecurity in essential control system and operational technology networks…” • …” Government and industry to collaborate to take immediate action…” • “…baseline cybersecurity goals that are consistent across all critical infrastructure sectors…” 8/16/202 1 pmiller@amperesec.com | @patrickcmiller | +15032721414 | www.amperesec.com 6
  • 7. NSM – RECOMMENDED ACTIONS • Gap assessment of current CIP controls against 800-53/82 • CIP has already been mapped, use existing tools • Create action plan to remediate any control gaps • Owners, actions, dates, budget • Begin any architecture/system modifications needed for increased monitoring, detection, response and recovery • Procure and/or tune network anomaly detection software • CRISP, Neighborhood Keeper, Essence or other • Establish trained and resourced security operations function • Can be outsourced or insourced • Process, analyze, respond and tune new tools • Perform REAL incident and recovery response exercises 8/16/202 1 pmiller@amperesec.com | @patrickcmiller | +15032721414 | www.amperesec.com 7
  • 8. NSA – VOLUNTARY VS. MANDATORY • PR incentives/hit – public perception minimum bar has been set • Cyber insurance impacts can be very real • Business partnerships – upstream/downstream; M&A, contracts • Constrained markets over time • Earlier adopter bonus points with oversight body • Easier to demonstrate proactive continuous improvement vs. late-stage, time-constrained, forced, and reactive efforts • Given the situational gravity, it may be inevitable • If not the NSM, then any one of the other “influences” 8/16/202 1 pmiller@amperesec.com | @patrickcmiller | +15032721414 | www.amperesec.com 8
  • 9. DIRECT SIGNALING "...defend US critical infrastructure by encouraging & facilitating deployment of tech & systems that provide threat visibility, indications, detection, & warnings, & that facilitate response capabilities for cybersecurity in essential control system & operational tech networks.” "We’re committed to addressing it. We’re starting with voluntary, as much as we can, because we want to do this in full partnership. And — but we’re also pursuing all options we have in order to make the rapid progress we need.” "...multiple administrations have recognized that there are no mandated authorities to mandate cybersecurity requirements for critical infrastructure... in the context of our openly saying that we really are committed to addressing the limited and piecemeal regulation...” "The President is essentially saying, 'We expect responsible owners and operators to meet these performance goals. We will look to you to implement this.’” - National Security Memorandum on Improving Cybersecurity for Critical Infrastructure Control Systems, The White House June 28, 2021 8/16/202 1 pmiller@amperesec.com | @patrickcmiller | +15032721414 | www.amperesec.com 9
  • 10. COMMON SOLUTION THREADS • For organizations already subject to NERC CIP, much can be borrowed • Other controls frameworks also exist for an “overlay” (mapping) approach to managing compliance risk • Portable skill sets across sector types in OT • IT already has common skill pool • Some Common solutions exist for IT and OT • Hardware • Software 8/16/202 1 pmiller@amperesec.com | @patrickcmiller | +15032721414 | www.amperesec.com 10
  • 11. “REGULATORY” FORECAST • Whether direct regulation (CIP, TSA, AWWA, CFATS) or indirect “transitive” regulation (NIST, EO, NSM), new normal is: • Buy only “trusted” hardware, software, services • Know all cyber assets in your environment • Know the security posture for all cyber assets • Segment and restrict access (zero trust, MFA) • Monitoring and detection at asset and network level • Strong incident response capability • Strong recovery capability • Less “guessing” - aligns with guidelines, regulation, Executive Orders, National Security Memos, etc. in peer sectors • Get ahead of this before it is mandated 8/16/202 1 pmiller@amperesec.com | @patrickcmiller | +15032721414 | www.amperesec.com 11
  • 12. ASSETS AND ARCHITECTURE • Do you have an asset inventory? • Not everything, but even just the critical stuff • Back it with change control or expect drift (waste time/money) • Do you have an environment you can defend? • Segmented networks • One-way traffic • MFA and strict remote access controls • Shear-away networks, “crumple zones,” intelligent islanding • Interdependencies can be your Achilles heel • Runs converse to many current approaches 8/16/202 1 pmiller@amperesec.com | @patrickcmiller | +15032721414 | www.amperesec.com 12
  • 13. IN THE LAND OF THE BLIND • Would you know – with sufficient confidence – if there was (or was not) an adversary in your system? • Monitoring is in every federal conversation now • CRISP, Neighborhood Keeper, Essense… • “Smoke detectors” will be required in the “building code” • Regulation, insurance, diligence, reporting (data breach) • Start where you can, tune, then lather, rinse, repeat • Based on solid asset inventory and feeds response and/or recovery 8/16/202 1 pmiller@amperesec.com | @patrickcmiller | +15032721414 | www.amperesec.com 13
  • 14. SUPPLY CHAIN RISK MANAGEMENT • NERC CIP-013 is the tip of the iceberg • Adding new asset types and moving to low impact • Multiple Executive Orders, probably more to come • ”No-buy” lists, rip/replace, legacy risk often unaddressed • “Made in” often means “assembled in” • How far do you go? Was it far enough? • HBOM, SBOM, FBOM • CyberStar, transparency centers, certification, validation • Frustration and costs go up for everyone 8/16/202 1 pmiller@amperesec.com | @patrickcmiller | +15032721414 | www.amperesec.com 14
  • 15. PRACTICE LIKE IT’S GAME DAY • When was the last time you did a real incident response exercise? • Did it include a recovery drill? • Did it include IT impacting OT through business process? • Everything else leads up to this • Asset inventory, supply chain, segmentation, monitoring • Borrow from operations (and safety) • Can you really go to manual? For how long? • Expect “oversight” and media when it happens • Cyber NTSB, CISA, E-ISAC, FBI, Commerce, State… • What happens to one utility will affect all others… 8/16/202 1 pmiller@amperesec.com | @patrickcmiller | +15032721414 | www.amperesec.com 15
  • 16. NERC CIP HORIZON • Legislators, regulators and agencies are getting wiser • Drifting toward NIST (FERC RFI) • Focus on CIP-007, CIP-008 and CIP-009 • Monitoring, incident response, and recovery • Supply Chain • Coming to a Low Impact asset near you • Cloud (BCSI and BCS) • Virtualization • Biggest shift in CIP since v3 to v5 • Global adoption is picking up steam 8/16/202 1 pmiller@amperesec.com | @patrickcmiller | +15032721414 | www.amperesec.com 16
  • 17. NON-REGULATORY FORECAST • Innovation is accelerating disruption and disruption • OT looking more like IT, getting closer to just T • Smart everything will be connected to smart everything • Ever increasing dependence on technology and data • Losing touch with manual options • Artificially intelligent systems can still be hacked • Competing forces of unregulated greenfield business in distribution vs. threat of regulation for distribution 8/16/202 1 pmiller@amperesec.com | @patrickcmiller | +15032721414 | www.amperesec.com 17
  • 18. DATA WILL ALSO BE YOUR BUSINESS • Digital transformation, convergence & other buzzwords • Data is the new oil …and also the new toxic waste • Everything you buy is digital now, with a connection • What happens when everything in your operation generates a data (revenue) stream? • Someone else can do it faster and better than you • You may possibly make more revenue from operational data than the electrons used to create the data 8/16/202 1 pmiller@amperesec.com | @patrickcmiller | +15032721414 | www.amperesec.com 18
  • 19. EMBRACING THE FUTURE • More regulation is coming – must be “this tall” to ride • Will likely go beyond NERC CIP, but not by much • Wider possible applicability • Regulations and standards will shift with threats and tech • For example, ransomware… • Control norms are emerging for both OT and IT, globally • Technology is transforming how we can do business • Data as a revenue stream will become more common • Regulation is changing to allow new virtualized and cloud models for data, applications and even infrastructure • GoToMySCADA/HMI/DCS/EMS/PLC/DigitalTwin is a thing 8/16/202 1 pmiller@amperesec.com | @patrickcmiller | +15032721414 | www.amperesec.com 19
  • 20. CONTACT ME 8/16/202 1 pmiller@amperesec.com | @patrickcmiller | +15032721414 | www.amperesec.com 20 @PATRICKCMILLER LINKEDIN.COM/IN/MILLERPATRICKC PMILLER@AMPERESEC.COM WWW.AMPERESEC.COM +1.503.272.1414