Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cyber Security Best Practices

Published byBertram Park Modified over 5 years ago

Similar presentations

Presentation on theme: "Cyber Security Best Practices"— Presentation transcript:

1 Cyber Security Best Practices
Eric Weston Senior Auditor Cyber Security WECC Reliability and Security Workshop San Diego CA – October 23-24, 2018 Western Electricity Coordinating Council

2 Western Electricity Coordinating Council
Cyber Risks “One of the main cyber-risks is to think they don’t exist. The other is to try to treat all potential risks. Fix the basics, protect first what matters for your business and be ready to react properly to pertinent threats.” Stephane Nappo: GCISO Société Générale Western Electricity Coordinating Council

3 Western Electricity Coordinating Council
Agenda Prevent What You Can Detect What You Can’t Prevent Be Prepared to Recover Western Electricity Coordinating Council

4 Putting Things in Perspective
What are your risks and challenges What is important with different systems Confidentiality Integrity Availability Western Electricity Coordinating Council

5 Jess Smith, Nathan Kipp, Dennis Gammel, Tim Watkins: EEA Conference June 2016

6 Preventative Measures
Tightening down perimeter protections Perform regular reviews of firewall configurations Remove/Disable outdated and unneeded rules and objects Be cautions with “maintenance” rules Review rules which generate few if any hits Ensure all rules have detailed descriptions Rules should be as specific as possible Commit to continual improvements Review access rules holistically Western Electricity Coordinating Council

7 Preventative Measures
Reviewing Access Rules Holistically access-list esp_in extended permit tcp ems dmzwks2 eq ssh access-list esp_in extended permit ip host1 host2 range 0 512 access-list esp_in extended permit tcp ems subwks1 eq 2000 access-list esp_in extended permit ip host1 host2 range access-list esp_in extended permit udp eq 2355 access-list esp_in extended permit ip host1 host2 range access-list esp_in extended permit ip eq dns access-list esp_in extended permit ip host1 host2 eq any Western Electricity Coordinating Council

8 Preventative Measures
Utilize the tools you have Host based firewalls/iptables System hardening Windows Security Templates Vendor Specific Recommendations Don’t reinvent the wheel Other methods, tools, etc. Western Electricity Coordinating Council

9 Prevention/Detection
Active Defense Passive Defense Firewalls Traditional Anti-Virus Systems Other measures Active Defense2 Threat and Environment Manipulation Threat Intelligence Consumption Network Security Monitoring Incident Response 2https://digital-forensics.sans.org/media/Poster_DFIR_Threat-Intel_2017.pdf Western Electricity Coordinating Council

10 Detecting Abnormalities
Leveraging your environment The glass is half full Operational technology (OT) environments change infrequently Users and systems should only be performing specific tasks on OT networks Traffic should be relatively predictable Western Electricity Coordinating Council

11 Detecting Abnormalities
Establishing normal Identifying Assets and Communications Paths Physical Inspection Router/Firewall configurations Network Traffic Analysis Identifying and Validating Network Traffic Firewall/Router Logs Western Electricity Coordinating Council

12 Detecting Abnormalities
Becoming more situationally aware Are monitoring systems tailored to your environment? Western Electricity Coordinating Council

13 Be Prepared for the When
Western Electricity Coordinating Council

14 Western Electricity Coordinating Council
Recovery 2018 Atlanta SamSam Ransomware Attack One third of the cities 424 software programs affected Potential Cost of $9.5 Million Some data will never be recovered Western Electricity Coordinating Council

15 Western Electricity Coordinating Council
Recovery Regularly back up data and verify the integrity of those backups Secure backups Ensure backups are not connected to the computers and networks they are backing up Western Electricity Coordinating Council

16 Western Electricity Coordinating Council
Recovery Practice, Practice, Practice During an event is not the first time a recovery processes should be performed Be creative during recovery exercises Ensure everyone knows their part and has the needed tools and knowledge Continually learn and improve processes Western Electricity Coordinating Council

17 Western Electricity Coordinating Council
Cybersecurity is a shared responsibility, and it boils down to this: In Cybersecurity, the more systems we secure, the more secure we all are. Jeh Johnson: Secretary of Homeland Security Western Electricity Coordinating Council

Download ppt "Cyber Security Best Practices"

Similar presentations

Firewalls By Tahaei Fall 2012. What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.

Firewalls By Tahaei Fall What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.
Firewall Simulation Teaching Information Security Using: Visualization Tools, Case Studies, and Hands-on Exercises May 23, 2012.

Firewall Simulation Teaching Information Security Using: Visualization Tools, Case Studies, and Hands-on Exercises May 23, 2012.
David A. Brown Chief Information Security Officer State of Ohio

David A. Brown Chief Information Security Officer State of Ohio
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
System and Network Security Practices COEN 351 E-Commerce Security.

System and Network Security Practices COEN 351 E-Commerce Security.
Trusted Internet Connections. Background Pervasive and sustained cyber attacks against the United States continue to pose a potentially devastating impact.

Trusted Internet Connections. Background Pervasive and sustained cyber attacks against the United States continue to pose a potentially devastating impact.
Security Awareness: Applying Practical Security in Your World Chapter 6: Total Security.

Security Awareness: Applying Practical Security in Your World Chapter 6: Total Security.
Stephen S. Yau CSE 465-591, Fall 2006 1 Security Strategies.

Stephen S. Yau CSE , Fall Security Strategies.
Chapter 8 Information Systems Controls for System Reliability— Part 1: Information Security Copyright © 2012 Pearson Education, Inc. publishing as Prentice.

Chapter 8 Information Systems Controls for System Reliability— Part 1: Information Security Copyright © 2012 Pearson Education, Inc. publishing as Prentice.
Network and Systems Security Security Awareness, Risk Management, Policies and Network Architecture.

Network and Systems Security Security Awareness, Risk Management, Policies and Network Architecture.
VULNERABILITY MANAGEMENT Moving Away from the Compliance Checkbox Towards Continuous Discovery.

VULNERABILITY MANAGEMENT Moving Away from the Compliance Checkbox Towards Continuous Discovery.
A project under the 7th Framework Programme CPS Workshop Stockholm 12/04/2010 Gunnar Björkman Project Coordinator A Security Project for the Protection.

A project under the 7th Framework Programme CPS Workshop Stockholm 12/04/2010 Gunnar Björkman Project Coordinator A Security Project for the Protection.
Www.skyboxsecurity.com Skybox® Security Solutions for Symantec CCS Comprehensive IT Governance Risk and Access Compliance Management Skybox Security's.

Skybox® Security Solutions for Symantec CCS Comprehensive IT Governance Risk and Access Compliance Management Skybox Security's.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.
What is Next-Generation Disaster Recovery and Service Availability? Why do We Need it? Dan Smith Senior Manager, Solution Consulting and Engineering, GTSI.

What is Next-Generation Disaster Recovery and Service Availability? Why do We Need it? Dan Smith Senior Manager, Solution Consulting and Engineering, GTSI.
Thursday, January 23, 2014 10:00 am – 11:30 am. Agenda  Cyber Security Center of Excellence  Project Phase  Implementation  Next Steps 2.

Thursday, January 23, :00 am – 11:30 am. Agenda  Cyber Security Center of Excellence  Project Phase  Implementation  Next Steps 2.
Describe How Software and Network Security Can Keep Systems and Data Secure P3. M2 and D1 Unit 7.

Describe How Software and Network Security Can Keep Systems and Data Secure P3. M2 and D1 Unit 7.
Thomas Levy. Agenda 1.Aims: Reducing Cyber Risk 2.Information Risk Management 3.Secure Configuration 4.Network Security 5.Managing User Access 6.Education.

Thomas Levy. Agenda 1.Aims: Reducing Cyber Risk 2.Information Risk Management 3.Secure Configuration 4.Network Security 5.Managing User Access 6.Education.
Summer, 2015 1.

Summer,
© 2014 PayPal Inc. All rights reserved. Confidential and proprietary. Leveraging Information to Detect and Prevent Insider Attacks Phoram Mehta Senior.

© 2014 PayPal Inc. All rights reserved. Confidential and proprietary. Leveraging Information to Detect and Prevent Insider Attacks Phoram Mehta Senior.

Similar presentations

Ads by Google