1. Cybersecurity Framework For Cooperative Utilities
NCEMC Technology Conference 2018
Erfan Ibrahim, PhD
Founder & CEO
The Bit Bazaar LLC
August 17th, 2018

2. Agenda Background of speaker
The building blocks of the coop cybersecurity framework
Best practices for IoT security
Four functional layers of IT/OT cybersecurity architecture
Cyber governance assessment deep dive
TBB SAFETM methodology for full life cycle protection of digital technology
TBB cyber awareness training overview
Call to action
The Bit Bazaar LLC

3. Background of speaker PhD in Nuclear Engineering (UC Berkeley - 1987)
4 years in post doctoral fusion energy R&D (LLNL, UCLA)
4 years in academia (high school and college in CA)
12 years in IT, Telecom, networking, network management, cybersecurity
11 years in electric sector (smart metering, cybersecurity, IT/OT networks, renewable energy, SCADA, Smart Grid)
Managed the cybersecurity and smart meter programs at EPRI
Organized the first set of workshops for Smart Grid for NIST in 2009
Led the DoE funded NESCOR cybersecurity project in 2010 – 2011
Created and led the cybersecurity program at National Renewable Energy Lab between 2015 – 2018
Hosting monthly Smart Grid webinars for industry since 2008 (5000+ community)
The Bit Bazaar LLC

4. Cybersecurity framework building blocks
Cyber governance assessment (NIST CSF, DoE C2 M2, ISO/IEC 27001)
Documentation of business use cases (actors, transaction frequency, type and duration of data exchange, data storage requirements)
Network architecture development to support use cases
Cybersecurity architecture development to secure use cases
Technology procurement requirements development (functional, networking, cyber) to align with use cases, network/cybersecurity architecture
Hardening of systems (patching, scanning source code and binaries with vulnerability mitigation)
Cyber penetration testing, data fuzz testing and failure scenarios/mitigation of critical applications
Cyber security awareness training for IT, OT and corporate staff
The Bit Bazaar LLC

5. Best practices for IoT security
The “S” in IoT stands for security 
Appreciate Flavor Flav quote for vendor IoT security propaganda (“Don’t believe the hype!”)
IoT security begins at the network layer
Don’t rely solely on IT centric security controls of IoT protocols (insider threat)
Install hypervisor on IoT device (if possible) for added layer of security and resilience
use .252 mask on each IoT device to create 2-host subnets
set granular ACLs on gateway switches to block cross IoT device connectivity unless use case justifies it
Implement IDS/IPS on the uplink of IoT gateway switch (block anomalous traffic)
Create a 2-tier system of switches for all IoT devices (never connect IoT devices directly to primary Ethernet network in substation)
Establish a separate VLAN for syslog alarms from IoT devices to Syslog server
Visualize syslog alarms from IoT devices on Splunk > like tool in control center
The Bit Bazaar LLC

6. Four functional layers for IT/OT cybersecurity architecture
Authentication, authorization, stateful inspection, network segmentation
Username, password, digital certificates, 2-factor authentication, access control lists, firewall policies, single sign on, TCP layer filters
Signature based intrusion detection and prevention & anti-virus server
Context based intrusion detection and prevention (protocol specific)
End point security (hypervisor, OS firewall, tamper resistant software, resilient microprocessors)
The manifestation of vendor agnostic zero trust network 
The Bit Bazaar LLC

7. Cyber governance assessment deep dive
Assessment of 386 business process security controls across 10 DoE C2 M2 domains (RM, ACM, SA, IR, ISC, WM, TVM, IAM, EDM, CPM)
4 levels of implementation (NIST CSF levels)
0 - not implemented
1 – partially implemented
2 – informed
3 – repeatable
4 – adaptive
A subset of DoE C2 M2 controls across 5 categories of NIST CSF (identify, protect, monitor, respond, recover)
Assessment of business process security controls from ISO/IEC 27001
The Bit Bazaar LLC

8. Cybernance CMOM automated software tool
The Bit Bazaar LLC

9. CMOM automated software (contd.)
The Bit Bazaar LLC

10. CMOM automated software (contd.)
The Bit Bazaar LLC

11. TBB SAFETM methodology for digital technology protection
The Bit Bazaar LLC

12. TBB cybersecurity awareness training overview
Custom tailored for each cooperative utility based on business processes and organizational policies (1 month onsite prep)
Onsite classroom style delivery
2.5 days (plenary and breakout sessions)
Breakout sessions focused on IT, OT and corporate staff needs
Interactive (workshop style paper exercises)
Red-team, blue team exercises for IT/OT staff (trainers have top security clearances and background from defense and intelligence community)
Continuing education credits with certificate of completion
Annual refresher course available
The Bit Bazaar LLC

13. Call to action
Be active in your state wide initiative for cybersecurity
Consider adopting TBB recommended cybersecurity framework at the state level for all cooperatives for effective and consistent protection of your data assets from insider and external cyber threats
Decide what tasks you wish to perform internally or outsource to third parties to realize the framework
Perform cyber governance assessment rapidly and cost effectively with TBB using CMOM software (possibility of partial funding assistance from NRECA)
Reduce cyber insurance premiums with the implementation of the cybersecurity framework
Don’t hesitate – the time to act is now before a data breach makes you incur high cost to recover (> $3.5 million per incident)
The Bit Bazaar LLC

14. Grab the cyber bison by its horns – take charge!
Contact Info
Erfan Ibrahim