Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cybersecurity in the Electric Sector: Update on Threats and Defenses

Published byEzra Gilbert Modified over 6 years ago

Similar presentations

Presentation on theme: "Cybersecurity in the Electric Sector: Update on Threats and Defenses"— Presentation transcript:

1 Cybersecurity in the Electric Sector: Update on Threats and Defenses
Presented to: Oregon Public Utilities Commission June 28, 2018

2 Presenter Background 17 years in cybersecurity related roles in the sector PacifiCorp | Senior Cybersecurity Consultant | WECC | Senior CIP Compliance Auditor | EnergySec | Vice-President | EnergySec | President | 2013 – Present Industry Consulting | 2012 – Present CISSP, CISA

3 Overview Source of threats has not changed significantly in recent years Nation States Terrorists Financially motivated attackers Capabilities of attackers continues to increase Industry defenses continue to mature Likelihood of attack remains an unknown

4 NERC State of Reliability Report
Released June 21, Reviewed previous year No Reportable Cybersecurity Incidents in Phishing is largest attack vector (June 2017) Advisory on APT targeting sector (Sep 2017) Dragonfly APT - report from Dragos (Nov 2017) Safety Systems attacked in Middle East 2018 Outlook: More phishing. Targeting of Trusted Business Partners. Crypto Mining.

5 Recent News Dragos Blog: XENOTIME
Described as most dangerous group currently known. No attribution of group affiliation Responsible for TRISYS attack against safety system Active since 2014 and involved globally Believed to be seeking to do harm

6 Recent News Electrum – Group responsible for Ukraine attacks may be expanding to other regions VPNFilter – Broad attack against consumer-class network routers. Malware had Modbus related capabilities Hidden Cobra – Threat group believed to be associated with North Korea. New malware families associated with this group

7 What is Industry Doing? ESCC E-ISAC CRISP Cyber Mutual Aid GridEX
NRECA/APPA capacity building for small utilities Supply Chain security whitepapers

8 What is Government Doing?
DOE CESER – New centralized office for cybersecurity efforts CEDS – Government funded security research ESCC – CEO level industry/government collaboration DOE Security Strategy NERC CIP Core standards stabilizing New Supply Chain standards expected soon Possible new standards on incident reporting

9 Trends Increasing focus on control system security
Many new vendors in the marketplace Early stage adoption in industry Security staff sizes are increasing 24x7 operations more common for large utilities Shortage of skilled workers is a challenge Moving beyond compliance… CIP standards still a driver, but security is greater focus

10 Trends Information Sharing
Improving, but still lacking E-ISAC growing budget request $27.3 million Zero Reportable Cybersecurity Incidents Increasing reporting of below-threshold events FERC may order stronger reporting requirements Increasing focus on small utilities/distribution DOE grants to APPA and NRECA ($2.5MM/year) Possible collaboration with National Guard

11 Summary There are still many unknowns regarding grid security
Motivations and likelihood of attack Overall state of security across thousands of organizations is impossible to measure Industry readiness is difficult to assess in the absence of experienced attacks There are ALWAYS unknown vulnerabilities Industry continues to mature and is putting significant effort into improving security posture

12 Questions

13 Thank You Steven H Parker President, EnergySec steve@energysec.org
(desk) @es_shp (twitter)

Download ppt "Cybersecurity in the Electric Sector: Update on Threats and Defenses"

Similar presentations

NERC Critical Infrastructure Protection Advisory Group (CIP AG) Electric Industry Initiatives Reducing Vulnerability To Terrorism.

NERC Critical Infrastructure Protection Advisory Group (CIP AG) Electric Industry Initiatives Reducing Vulnerability To Terrorism.
David A. Brown Chief Information Security Officer State of Ohio

David A. Brown Chief Information Security Officer State of Ohio
29 May 2006RNSA Workshop 1 Social Implication of National Security RNSA Workshop The risk of public data availability on critical infrastructure protection.

29 May 2006RNSA Workshop 1 Social Implication of National Security RNSA Workshop The risk of public data availability on critical infrastructure protection.
(ISC) 2 2015 Global Information Security Workforce Study (GISWS) Results U.S. Federal Government.

(ISC) Global Information Security Workforce Study (GISWS) Results U.S. Federal Government.
Employment Service Reform Plan in Korea Presenter: Jung, Tai-Myun, Director of Employment Policy Division Ministry of Labor, ROK.

Employment Service Reform Plan in Korea Presenter: Jung, Tai-Myun, Director of Employment Policy Division Ministry of Labor, ROK.
Providing Practical Solutions Winning the Talent Wars for Recruiting and Retaining 21 st Century Cyber Engineers Jeff Kubik, PMP, CISSP Sr PM, Praxis Engineering.

Providing Practical Solutions Winning the Talent Wars for Recruiting and Retaining 21 st Century Cyber Engineers Jeff Kubik, PMP, CISSP Sr PM, Praxis Engineering.
Resiliency Rules: 7 Steps for Critical Infrastructure Protection.

Resiliency Rules: 7 Steps for Critical Infrastructure Protection.
Strengthening General Aviation Security November 2011.

Strengthening General Aviation Security November 2011.
Lessons Learned in Smart Grid Cyber Security

Lessons Learned in Smart Grid Cyber Security
The U. S. National Strategy for Global Supply Chain Security Neema Khatri Office of International Affairs U.S. Department of Homeland Security.

The U. S. National Strategy for Global Supply Chain Security Neema Khatri Office of International Affairs U.S. Department of Homeland Security.
Seán Paul McGurk National Cybersecurity and Communications

Seán Paul McGurk National Cybersecurity and Communications
Study Results Advanced Persistent Threat Awareness.

Study Results Advanced Persistent Threat Awareness.
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Cyber Security: Now and.

© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Cyber Security: Now and.
SANDLER AND TRAVIS TRADE ADVISORY SERVICES, INC. © Sandler & Travis Trade Advisory Services, Inc. All Rights Reserved WWW.STRTRADE.COM Trade Facilitation.

SANDLER AND TRAVIS TRADE ADVISORY SERVICES, INC. © Sandler & Travis Trade Advisory Services, Inc. All Rights Reserved Trade Facilitation.
BOTSWANA NATIONAL CYBER SECURITY STRATEGY PROJECT

BOTSWANA NATIONAL CYBER SECURITY STRATEGY PROJECT
FERC’s New Reliability Initiatives Kevin Kelly Director, Policy Analysis, OMTR Federal Energy Regulatory Commission NARUC Annual Meeting Nashville, TN.

FERC’s New Reliability Initiatives Kevin Kelly Director, Policy Analysis, OMTR Federal Energy Regulatory Commission NARUC Annual Meeting Nashville, TN.
Clean, Green, and on the Same Team! How Economic and Workforce Development are Partnering to Serve an Emerging Regional Industry.

Clean, Green, and on the Same Team! How Economic and Workforce Development are Partnering to Serve an Emerging Regional Industry.
Global Automotive Tooling Trends Laurie Harbour, President and CEO Harbour Results Inc. November 22, 2011.

Global Automotive Tooling Trends Laurie Harbour, President and CEO Harbour Results Inc. November 22, 2011.
Homeland Security UNCLASSIFIED United States Coast Guard Office of Port and Facility Compliance (CG-FAC) Cyber Security and the Marine Transportation System.

Homeland Security UNCLASSIFIED United States Coast Guard Office of Port and Facility Compliance (CG-FAC) Cyber Security and the Marine Transportation System.
According to the reporters’ research, the logistics industry is currently facing some problems such as capacity, infrastructure, security, rising truck.

According to the reporters’ research, the logistics industry is currently facing some problems such as capacity, infrastructure, security, rising truck.

Similar presentations

Ads by Google