Cybersecurity Framework For Cooperative Utilities NCEMC Technology Conference 2018 Erfan Ibrahim, PhD Founder & CEO The Bit Bazaar LLC August 17th, 2018

Agenda Background of speaker The building blocks of the coop cybersecurity framework Best practices for IoT security Four functional layers of IT/OT cybersecurity architecture Cyber governance assessment deep dive TBB SAFETM methodology for full life cycle protection of digital technology TBB cyber awareness training overview Call to action The Bit Bazaar LLC

Background of speaker PhD in Nuclear Engineering (UC Berkeley - 1987) 4 years in post doctoral fusion energy R&D (LLNL, UCLA) 4 years in academia (high school and college in CA) 12 years in IT, Telecom, networking, network management, cybersecurity 11 years in electric sector (smart metering, cybersecurity, IT/OT networks, renewable energy, SCADA, Smart Grid) Managed the cybersecurity and smart meter programs at EPRI 2008 - 2011 Organized the first set of workshops for Smart Grid for NIST in 2009 Led the DoE funded NESCOR cybersecurity project in 2010 – 2011 Created and led the cybersecurity program at National Renewable Energy Lab between 2015 – 2018 Hosting monthly Smart Grid webinars for industry since 2008 (5000+ community) The Bit Bazaar LLC

Cybersecurity framework building blocks Cyber governance assessment (NIST CSF, DoE C2 M2, ISO/IEC 27001) Documentation of business use cases (actors, transaction frequency, type and duration of data exchange, data storage requirements) Network architecture development to support use cases Cybersecurity architecture development to secure use cases Technology procurement requirements development (functional, networking, cyber) to align with use cases, network/cybersecurity architecture Hardening of systems (patching, scanning source code and binaries with vulnerability mitigation) Cyber penetration testing, data fuzz testing and failure scenarios/mitigation of critical applications Cyber security awareness training for IT, OT and corporate staff The Bit Bazaar LLC

Best practices for IoT security The “S” in IoT stands for security  Appreciate Flavor Flav quote for vendor IoT security propaganda (“Don’t believe the hype!”) IoT security begins at the network layer Don’t rely solely on IT centric security controls of IoT protocols (insider threat) Install hypervisor on IoT device (if possible) for added layer of security and resilience use .252 mask on each IoT device to create 2-host subnets set granular ACLs on gateway switches to block cross IoT device connectivity unless use case justifies it Implement IDS/IPS on the uplink of IoT gateway switch (block anomalous traffic) Create a 2-tier system of switches for all IoT devices (never connect IoT devices directly to primary Ethernet network in substation) Establish a separate VLAN for syslog alarms from IoT devices to Syslog server Visualize syslog alarms from IoT devices on Splunk > like tool in control center The Bit Bazaar LLC

Four functional layers for IT/OT cybersecurity architecture Authentication, authorization, stateful inspection, network segmentation Username, password, digital certificates, 2-factor authentication, access control lists, firewall policies, single sign on, TCP layer filters Signature based intrusion detection and prevention & anti-virus server Context based intrusion detection and prevention (protocol specific) End point security (hypervisor, OS firewall, tamper resistant software, resilient microprocessors) The manifestation of vendor agnostic zero trust network  The Bit Bazaar LLC

Cyber governance assessment deep dive Assessment of 386 business process security controls across 10 DoE C2 M2 domains (RM, ACM, SA, IR, ISC, WM, TVM, IAM, EDM, CPM) 4 levels of implementation (NIST CSF levels) 0 - not implemented 1 – partially implemented 2 – informed 3 – repeatable 4 – adaptive A subset of DoE C2 M2 controls across 5 categories of NIST CSF (identify, protect, monitor, respond, recover) Assessment of business process security controls from ISO/IEC 27001 The Bit Bazaar LLC

Cybernance CMOM automated software tool The Bit Bazaar LLC

CMOM automated software (contd.) The Bit Bazaar LLC

CMOM automated software (contd.) The Bit Bazaar LLC

TBB SAFETM methodology for digital technology protection The Bit Bazaar LLC

TBB cybersecurity awareness training overview Custom tailored for each cooperative utility based on business processes and organizational policies (1 month onsite prep) Onsite classroom style delivery 2.5 days (plenary and breakout sessions) Breakout sessions focused on IT, OT and corporate staff needs Interactive (workshop style paper exercises) Red-team, blue team exercises for IT/OT staff (trainers have top security clearances and background from defense and intelligence community) Continuing education credits with certificate of completion Annual refresher course available The Bit Bazaar LLC

Call to action Be active in your state wide initiative for cybersecurity Consider adopting TBB recommended cybersecurity framework at the state level for all cooperatives for effective and consistent protection of your data assets from insider and external cyber threats Decide what tasks you wish to perform internally or outsource to third parties to realize the framework Perform cyber governance assessment rapidly and cost effectively with TBB using CMOM software (possibility of partial funding assistance from NRECA) Reduce cyber insurance premiums with the implementation of the cybersecurity framework Don’t hesitate – the time to act is now before a data breach makes you incur high cost to recover (> $3.5 million per incident) The Bit Bazaar LLC

Grab the cyber bison by its horns – take charge! Contact Info Erfan Ibrahim 925-785-5967 erfan@tbbllc.com www.tbbllc.com