Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cybersecurity at PJM Jonathon Monken

Published byErika Pohl Modified over 6 years ago

Similar presentations

Presentation on theme: "Cybersecurity at PJM Jonathon Monken"— Presentation transcript:

1 Cybersecurity at PJM Jonathon Monken
Senior Director, System Resilience and Strategic Coordination

2 Un-attributable threat actors Additional man-made or natural events
Threat Environment Nation state threats Un-attributable threat actors Insider threats Threats to PJM’s overall security and resilience are always developing. Using threat intelligence and analysis, PJM continuously evaluates potential attacks, including: Threats from nation-states, due to their increased capability and intent to perform cyberattacks Examples: North Korea, Iran, China and Russia Potential threats from people inside PJM – a complex and dynamic attack vector Threats from actors that cannot be specifically identified (cyber criminal or “hacktavist” organizations) High impact but low frequency events including severe weather events, geomagnetic disturbances, electromagnetic pulses and terrorism Additional man-made or natural events

3 PJM’s Five Strategic Objectives to Manage Threats
Risk Management Defense Response Education PJM’s security and resilience program consists of five strategic objectives that work to improve resilience in the face of a wide spectrum of threats and hazards. Risk Management: Driving investment and resources to the highest risk areas of PJM’s security and resilience program. Defense: Fortifying systems, information, and facilities by slowing down and stopping threats. Response: Enabling early detection of and responding effectively to attacks to minimize operational impacts and to speed recovery of systems. Education: Training the PJM workforce and a team of highly competent security professionals to spot threats, report anomalies and drive vigilance. Partnership: Collaborating and leveraging the capabilities and expertise of key partners across government, industry and other critical infrastructures. These objectives also allow for feedback that helps PJM continuously improve its security posture. Partnership

4 Vulnerability Management
Defense Information Sharing Data Management Vulnerability Management Defense Predictive Analytics Impact Analysis Technology Lifecycle PJM’s defense strategy includes: Information Sharing – sharing best practices and known threats to avoid vulnerabilities internally and with the appropriate external partners Vulnerability Management – is integral to cybersecurity and is the practice of identifying, classifying, remediating or mitigating vulnerabilities Impact Analysis – knowing the impacts that can be created by change or disruption downstream. It helps to forecast consequences of business function disruptions and a step to develop incident or disaster recovery strategies. Technology Lifecycle Management – practice of managing technology from initial use to retirement Predictive Analytics – uses data mining to extract information from data and uses it to predict trends and behavior patterns Data Management – ensuring CIP information remains confidential and restricting access for both physical and cyber to make sure the right people have the right access to the right assets

5 Phases of the Cyber Kill Chain®
The delivery of a weaponized package. This may be via a phishing , a compromised website (watering hole attack), or a USB stick. Installing an attack toolkit on the exploited system in order to gain persistent access to the system. Completing the original mission of the attack. Includes data exfiltration, denial of service and sabotage. Reconnaissance activity to discover characteristics of PJM systems and personnel with a goal of weaponizing malware or a customized cyberattack. Running the weaponized package to take temporary control of a computer system by taking advantage of a vulnerability. Connecting to a command and control server to pick up instructions or additional attack tools. Cyber Kill Chain is a registered trademark of Lockheed-Martin (Weaponization phase excluded).

6 Response Coordination
Government Sources Situational Awareness Industry Sources Commercial Sources PJM relies on intelligence from government, industry partners, commercial sources, and our own security events. This intelligence is a vital part of our cyber and physical monitoring processes and tools, and enhances our abilities to respond to events. Sources: Government sources: Congressional Research Institute for Social Work & Policy, Federal Bureau of Investigation, National Cybersecurity & Communications Integration Center Industry sources: AEP’s Cyber Security Operations Center, Electricity Information Sharing and Analysis Center (E-ISAC), Electricity Subsector Coordinating Council (ESCC) Situational awareness: PJM security events (what are they? Should this be included?), PJM as a regional coordinator, public/private partnership Commercial sources: Patch management updates, Technology vendors, interdependent infrastructure industry—coordinating with natural gas industry, communications, etc.

7 Education Training and Exercise Activities Corporate-wide Training
Comprehensive Exercises GridEx and EarthEx NERC CIP Training and Assessment Cybersecurity Education Professional Certifications Certificate Programs Advanced Degrees Proposed PJM Security and Resilience Committee PJM educates our employees to ensure our ability to react to events. This includes PJM’s participation in GridEx, which is a North American-wide simulation of a coordinated cyber and physical attack against multiple asset owners. PJM has consistently participated as a full participant, and for GridEx III, PJM is helping to lead the development of the scenario and coordination between Reliability Coordinators and asset owners. PJM is regularly assessed by the North American Electric Reliability Corporation to ensure we meet or exceed critical information protection standards. PJM encourages its staff tasked with protecting its critical information and infrastructure to pursue continuing education opportunities, including through professional certifications and advanced degrees. PJM has proposed a Security and Resilience Committee that is designed to take a proactive approach to discussing a broad range of security- and resilience-related topics with PJM stakeholders. It will replace the current Security and Resilience Subcommittee.

8 Cybersecurity Partnerships

9 Where is this road taking us?
Machine-speed information sharing Larger attacks surface area IoT Devices Distributed Energy Resources Evolving threat actors

Download ppt "Cybersecurity at PJM Jonathon Monken"

Similar presentations

FMS. 2 Fires Terrorism Internal Sabotage Natural Disasters System Failures Power Outages Pandemic Influenza COOP/ Disaster Recovery/ Emergency Preparedness.

FMS. 2 Fires Terrorism Internal Sabotage Natural Disasters System Failures Power Outages Pandemic Influenza COOP/ Disaster Recovery/ Emergency Preparedness.
1© Copyright 2011 EMC Corporation. All rights reserved. Anatomy of an Attack.

1© Copyright 2011 EMC Corporation. All rights reserved. Anatomy of an Attack.
© 2013 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.

© 2013 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.
National Infrastructure Protection Plan

National Infrastructure Protection Plan
The U.S. Coast Guard’s Role in Cybersecurity

The U.S. Coast Guard’s Role in Cybersecurity
DHS, National Cyber Security Division Overview

DHS, National Cyber Security Division Overview
Jeffery J. Gust IOWA INDUSTRIAL ENERGY GROUP FALL CONFERENCE Tuesday, October 14, 2014 MidAmerican Energy Company.

Jeffery J. Gust IOWA INDUSTRIAL ENERGY GROUP FALL CONFERENCE Tuesday, October 14, 2014 MidAmerican Energy Company.
Security Offering. Cyber Security Solutions 2 Assessment Analysis & Planning Design & Architecture Development & Implementation O&M Critical Infrastructure.

Security Offering. Cyber Security Solutions 2 Assessment Analysis & Planning Design & Architecture Development & Implementation O&M Critical Infrastructure.
Resiliency Rules: 7 Steps for Critical Infrastructure Protection.

Resiliency Rules: 7 Steps for Critical Infrastructure Protection.
EASTERN MICHIGAN UNIVERSITY Continuity of Operations Planning (COOP)

EASTERN MICHIGAN UNIVERSITY Continuity of Operations Planning (COOP)
Don Von Dollen Senior Program Manager, Data Integration & Communications Grid Interop December 4, 2012 A Utility Standards and Technology Adoption Framework.

Don Von Dollen Senior Program Manager, Data Integration & Communications Grid Interop December 4, 2012 A Utility Standards and Technology Adoption Framework.
Staying Ahead of the Curve in Cyber Security Bill Chang CEO, SingTel Group Enterprise.

Staying Ahead of the Curve in Cyber Security Bill Chang CEO, SingTel Group Enterprise.
Overview of NIPP 2013: Partnering for Critical Infrastructure Security and Resilience October 2013 DRAFT.

Overview of NIPP 2013: Partnering for Critical Infrastructure Security and Resilience October 2013 DRAFT.
Seán Paul McGurk National Cybersecurity and Communications

Seán Paul McGurk National Cybersecurity and Communications
Dell Connected Security Solutions Simplify & unify.

Dell Connected Security Solutions Simplify & unify.
Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.

Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.
1 Smart Grid Cyber Security Annabelle Lee Senior Cyber Security Strategist Computer Security Division National Institute of Standards and Technology June.

1 Smart Grid Cyber Security Annabelle Lee Senior Cyber Security Strategist Computer Security Division National Institute of Standards and Technology June.
Phoenix Convention Center Phoenix, Arizona When Prevention and Preparation May Not be Enough: Resilience and Recovery for the Electricity Sub-Sector Operational.

Phoenix Convention Center Phoenix, Arizona When Prevention and Preparation May Not be Enough: Resilience and Recovery for the Electricity Sub-Sector Operational.
Cyber Insecurity Under Attack Cyber Security Past, present and future Patricia Titus Chief Information Security Officer Unisys Corporation.

Cyber Insecurity Under Attack Cyber Security Past, present and future Patricia Titus Chief Information Security Officer Unisys Corporation.
The Challenging Landscape of Critical Information Infrastructure: Are We Ready? Leonard Bailey Senior Counsel Computer Crime & Intellectual Property Section.

The Challenging Landscape of Critical Information Infrastructure: Are We Ready? Leonard Bailey Senior Counsel Computer Crime & Intellectual Property Section.

Similar presentations

Ads by Google