Parsons: Design – Build - Protect Securing Critical Infrastructure Phil Lacombe.

Slides:

Advertisements

Similar presentations

Rick Sergel President & CEO July 16, 2009

Advertisements

FIA Prague Preparation February 6, Scenario planning approach We cannot predict the future We cannot predict the future We do understand the drivers.

Challenges in Protecting Critical National Infrastructure from Cyber Attacks Singapore University of Technology and Design Aditya P Mathur September 27,

Ilias Chantzos Senior Director, Government Affairs - EMEA Symantec Cyber-security & cyber-resilience: Policy implications in smart cities.

Sponsored by Lumension Ponemon Institute© Private & Confidential Document Page Security Mega Trends Survey Independently conducted by Ponemon Institute.

Cyber Security and the Smart Grid Eric Lipinski Energy Law Fall 2010 Chicago-Kent College of Law.

Recognising the Risks of Cyber Threats Across the Organisation John Thornton Secretary to the Digital Government Security Forum.

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Critical Infrastructure Protection (and Policy) H. Scott Matthews March 5, 2003.

Nick Wainwright HP Labs / Effectsplus project. The report of a consultation of the Future Internet Assembly – a cross disciplinary assembly of researchers.

Network Access Management Trends in IT Applications for Management Prepared by: Ahmed Ibrahim S

(Geneva, Switzerland, September 2014)

Security Offering. Cyber Security Solutions 2 Assessment Analysis & Planning Design & Architecture Development & Implementation O&M Critical Infrastructure.

Comptroller of the Currency Administrator of National Banks E- Security Risk Mitigation: A Supervisor’s Perspective Global Dialogue World Bank Group September.

K E M A, I N C. Current Status of Cyber Security Issues 2004 Keynote Address Joe Weiss January 20, 2004.

Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec

Critical Information Infrastructure Protection: Urgent vs. Important Miguel Correia 2012 Workshop on Cyber Security and Global Affairs and Global Security.

Cyber Security for Smart Grid George Gamble Cyber Security Architect Black & Veatch.

Resiliency Rules: 7 Steps for Critical Infrastructure Protection.

NHTSA Cyber Security Best Practices Study Tim Weisenberger December 7, 2011.

ELECTRICAL CRITICAL INFRASTRUCTURE SECURITY Charles Hookham, P.E., M.ASCE, VP, Utility Projects HDR Engineering 1.

UNDERSTANDING THE RISKS & CHALLENGES OF Cyber Security DAVID NIMMO InDepth IT Solutions DAVID HIGGINS WatchGuard NEIL PARKER BridgePoint Group A BridgePoint.

Lessons Learned in Smart Grid Cyber Security

Overview of NIPP 2013: Partnering for Critical Infrastructure Security and Resilience October 2013 DRAFT.

Seán Paul McGurk National Cybersecurity and Communications

Emerging Technologies and DOE Recommended investment areas.

Assessment Presentation Philip Robbins - July 14, 2012 University of Phoenix Hawaii Campus Fundamentals of Information Systems Security.

Secure Connections for a Smarter World Dr. Shuyuan Mary Ho Assistant Professor School of Information Florida State University.

Jerry Cochran Principal Security Strategist Trustworthy Computing Group Microsoft Corporation.

Internet Banking Key Issues Internet Banking Working Group May 14, 1998.

Maritime Cyber Vulnerabilities in the Energy Sector Center for Joint Operations of the Sea ODU Maritime Institute Students Crow, Fresco, Lee.

Project co-funded by the European Commission within the 7th Framework Program (Grant Agreement No ) Business Convergence WS#2 Smart Grid Technologies.

Settling the Frontier: The Convergence and Impact of Privacy and Security Practices Chris Israel Deputy Assistant Secretary for Technology Policy U.S.

The Canada Border Services Agency and Coordinated Border Management Regional Conference of Customs Directors General, April 22-25, 2012.

Frankfurt (Germany), 6-9 June 2011 Iiro Rinta-Jouppi – Sweden – RT 3c – Paper 0210 COMMUNICATION & DATA SECURITY.

ENISA efforts for securing European Internet Infrastructure

Cyber Insecurity Under Attack Cyber Security Past, present and future Patricia Titus Chief Information Security Officer Unisys Corporation.

Introduction: Information security services. We adhere to the strictest and most respected standards in the industry, including: -The National Institute.

Governor’s Office of Homeland Security & Emergency Preparedness LOUISIANA BANKERS ASSOCIATION 2010 Louisiana Emergency Preparedness Coalition Meetings.

Cyber Attacks Threaten: privacy reliability safety resiliency 2.

Enterprise Cybersecurity Strategy

DRAFT 1 Belfast th World Cyber Security Technology Research Summit Suren Gupta Allstate Corporation Executive Vice President Allstate Technology.

North American Energy Infrastructure Policy Philip Gonda Steven Mays Robert Floyd Josh Kapp.

1 1 Cybersecurity : Optimal Approach for PSAPs FCC Task Force on Optimal PSAP Architecture Working Group 1 Final Report December 10 th, 2015.

Introduction and Overview of Information Security and Policy By: Hashem Alaidaros 4/10/2015 Lecture 1 IS 332.

1 Thoughts on ERCOT-Wide Critical Infrastructure Protection Committee Bill Muston October 31, 2006.

Security Mindset Lesson Introduction Why is cyber security important?

US CYBER COMMAND The overall classification of this brief is: UNCLASSIFIED 1 Perspectives from the Command to APEX LtGen Robert E. Schmidle USMC Deputy.

TÜBİTAK – BİLGEM – SGE Cyber Security Institute Asım Gençer Gökce TÜBİTAK BİLGEM Cyber Security Institute (SGE) Role: Cyber.

Computer Security Mike Asoodeh & Ray Dejean Office of Technology Southeastern Louisiana University.

Security Systems | ST/SRM3-NA | 4/6/2016 © 2016 Robert Bosch LLC and affiliates. All rights reserved. 1 Ensure data security in a hyper-connected world.

Protection of Transportation Infrastructure from Cyber Attacks EXECUTIVE BRIEFING.

Critical Infrastructure Protection and the Role of the Next Generation Firewall Blaž Ivanc.

Current / Emerging Cyber Threats & Leadership Considerations June 2016

How Secure Is Our Power Grid?

Governance and Oversight

ALEX RUNNER Jason Rosselot Sedar labarre Will Farrell Johnson Controls

Cybersecurity, competence and preparedness

Cybersecurity - What’s Next? June 2017

Enterprise risk management

Information Technology Sector

BUILDING A PRIVACY AND SECURITY PROGRAM FOR YOUR NON-PROFIT

UTSA's New Center Center for Security and Privacy Enhanced Cloud Computing (C-SPECC) Ravi Sandhu Executive Director of ICS and C-SPECC Professor.

Advanced Services Cyber Security 101 © ABB February, | Slide 1.

An Urgent National Imperative

Securing the Threats of Tomorrow, Today.

National Information Assurance (NIA) Policy

THE CYBER LANDSCAPE UNCLASSIFIED CROSS DOMAIN NETWORK & INFO SHARING

NDIA DoD CIO Vision.

Presentation transcript:

Parsons: Design – Build - Protect Securing Critical Infrastructure Phil Lacombe

Why Cyber Security of Critical Infrastructure

Change the way we think about security 3

Defining Security  Ensuring the enterprise can do what it is supposed to do  And not do what it is not supposed to do  Mission performance  Interdependent  Privacy Risk Management

The Security Imperative Responsibility Risk Environment Today Threats have increased – as have the consequences of inaction Vulnerabilities have increased – no longer geographically constrained Demands for responsibility and accountability (Public and Private Sectors) have increased Threat Executives & Boards Time High Low Government Business Cost Availability

Threats to Critical Infrastructure 6 HP Cyber Risk Report 2013

For Example... 7

Internet Facing Control Systems 8 DHS – ICS CERT – 7,200 Internet facing control systems

Attack Vectors  Network Access Internet accessible systems being mapped – SHODAN Malware spread by trusted system to system connection Ease of maneuver  Interconnects Exploit applications that communicate through network segmentation Connections to other plants, systems, organizations  Dial up Many ICS assets remotely accessible through traditional  System Management Patching/upgrade delays, no or outdated anti-virus/signatures Default usernames and passwords  Supply Chain  ICS not considered  Physical Security 9

DHS ICS-CERT reported that the 1 st half of 2013 had more attacks than all of 2012 Critical Infrastructure Attacks on the Rise 10 ITAR CM  CSX Corporation (2003)  Tehama Colusa Canal Authority (2007)  Stuxnet (2010)  Duqu (2011)  Flame (2012)  Shamoon (2012)  Carmel Tunnel (2013)  Monju Japan Nuclear Plant (2014)  Havex (2014) *

Attacks on Critical Infrastructure 11

Emerging Understanding  Long anticipated convergence of physical and cyber security domains is upon us  Confluence of forces Policy environment Executive Orders – recognizes cyber requirement for CI NIST – framework/standards for cyber-physical systems security Governance Board responsibility and liability Shareholder concern Threat environment Recent attacks provide irrefutable evidence Technology SMART Grid – enabling two way communication Cloud – enabling economies of operation Big Data – enabling efficiencies in operation IPv6 enabling Internet of Things 12