SlideShare una empresa de Scribd logo

Interoperability, Standards and Cybersecurity: A Business Perspective

EnergySec
EnergySec
TecnologíaEmpresariales
1 de 10
Interoperability, Standards and Cyber-Security: A Business Perspective Patrick C Miller, President and CEO April 21 2011 Innotech Smart Grid Oregon Pacific NW Smart Grid Trade Show and Conference
Interoperability • Goal: “electron flocking” (e-flocking) • Current approach may be too prescriptive • $10K per seat may be a barrier • No real consensus at this time • Potentially unbalanced voting process • EEI feels the industry is being “marginalized” • Not ready for adoption at this time; but when? The National Electric Sector Cybersecurity Organization (NESCO) is a DOE-funded EnergySec Program 1
Standards • FERC/PUC lines are not clear • NARUC wants backward compatibility • Many state commissions do not have expertise or sufficient staff to deal with the smart grid wave • California PUC is not waiting for Federal standards • Utilities are moving forward, but inconsistently • Suffering from standard fatigue The National Electric Sector Cybersecurity Organization (NESCO) is a DOE-funded EnergySec Program 2
Cybersecurity Landscape • Security approaches favor new installations, legacy environments are still vulnerable • Very difficult to replace/patch in-service devices • Isolation has diminishing security value • Security products vs. buying secure products • Engineering (N-1) and Security are different – Nature may be sophisticated, but it isn’t malicious • Hackers don’t use a compliance checklist – Following a compliance checklist won’t make you secure The National Electric Sector Cybersecurity Organization (NESCO) is a DOE-funded EnergySec Program 3
Cybersecurity Landscape • Mixing legacy and bleeding edge tech is difficult • Logical distance between kinetic endpoint and HMI is exponentially increasing; “hyperembeddedness” • Many vendors are forced to put features ahead of security due to market conditions • Privacy and security will be dominant forces in the smart grid market • Sufficient motive, means and opportunity exist to take the threat seriously The National Electric Sector Cybersecurity Organization (NESCO) is a DOE-funded EnergySec Program 4
TwitBookBlogosphere The National Electric Sector Cybersecurity Organization (NESCO) is a DOE-funded EnergySec Program 5
Research and Disclosure 46 zero-day SCADA vulnerabilities issued a two-week span The National Electric Sector Cybersecurity Organization (NESCO) is a DOE-funded EnergySec Program 6
Smart Grid Development • Security Considerations – Get off of the innovation treadmill (see: Apple) – Code review: meters, aggregators, upstream – Crypto: transit, rest, key management – Message authentication: learn from EAI models – Patching – Supply chain: hardware, software, people – Physical access – Vulnerability management The National Electric Sector Cybersecurity Organization (NESCO) is a DOE-funded EnergySec Program 7
Smart Grid Development • Privacy Considerations – Legal implications – Tin foil hat club – Must have vs. nice to have – Opt in vs. opt out vs. no option – Information is a commodity; ethics matter The National Electric Sector Cybersecurity Organization (NESCO) is a DOE-funded EnergySec Program 8
Questions? Non-profit. Independent. Trusted. Patrick C Miller, President and CEO patrick@energysec.org 503-446-1212 The National Electric Sector Cybersecurity Organization (NESCO) is a DOE-funded EnergySec Program 9

Recomendados

Emerson Ovation User Group BOD Meeting
Emerson Ovation User Group BOD MeetingEmerson Ovation User Group BOD Meeting
Emerson Ovation User Group BOD Meeting
EnergySec
 
Managing Complexity in a World of Surprise David L. Alderson, PhD
Managing Complexity in a World of Surprise David L. Alderson, PhDManaging Complexity in a World of Surprise David L. Alderson, PhD
Managing Complexity in a World of Surprise David L. Alderson, PhD
PacificResearchPlatform
 
TIPPSS for Enabling & Securing our Increasingly Connected World – Trust, Iden...
TIPPSS for Enabling & Securing our Increasingly Connected World – Trust, Iden...TIPPSS for Enabling & Securing our Increasingly Connected World – Trust, Iden...
TIPPSS for Enabling & Securing our Increasingly Connected World – Trust, Iden...
PacificResearchPlatform
 
Securing Research Data: A Workshop on Emerging Practices in Computation and S...
Securing Research Data: A Workshop on Emerging Practices in Computation and S...Securing Research Data: A Workshop on Emerging Practices in Computation and S...
Securing Research Data: A Workshop on Emerging Practices in Computation and S...
PacificResearchPlatform
 
The Internet of Things (IoT)
The Internet of Things (IoT)The Internet of Things (IoT)
The Internet of Things (IoT)
Dadhaniya Renish
 
Security and Privacy in IoT and Cyber-physical Systems
Security and Privacy in IoT and Cyber-physical SystemsSecurity and Privacy in IoT and Cyber-physical Systems
Security and Privacy in IoT and Cyber-physical Systems
Bob Marcus
 
Panel 3: Security and Privacy in Practice
Panel 3: Security and Privacy in PracticePanel 3: Security and Privacy in Practice
Panel 3: Security and Privacy in Practice
PacificResearchPlatform
 
Different applications and security concerns in Iot by Jatin Akad
Different applications and security concerns in Iot by Jatin AkadDifferent applications and security concerns in Iot by Jatin Akad
Different applications and security concerns in Iot by Jatin Akad
Jatin Akar
 

Recomendados

Emerson Ovation User Group BOD Meeting
Emerson Ovation User Group BOD MeetingEmerson Ovation User Group BOD Meeting
Emerson Ovation User Group BOD Meeting
EnergySec
 
Managing Complexity in a World of Surprise David L. Alderson, PhD
Managing Complexity in a World of Surprise David L. Alderson, PhDManaging Complexity in a World of Surprise David L. Alderson, PhD
Managing Complexity in a World of Surprise David L. Alderson, PhD
PacificResearchPlatform
 
TIPPSS for Enabling & Securing our Increasingly Connected World – Trust, Iden...
TIPPSS for Enabling & Securing our Increasingly Connected World – Trust, Iden...TIPPSS for Enabling & Securing our Increasingly Connected World – Trust, Iden...
TIPPSS for Enabling & Securing our Increasingly Connected World – Trust, Iden...
PacificResearchPlatform
 
Securing Research Data: A Workshop on Emerging Practices in Computation and S...
Securing Research Data: A Workshop on Emerging Practices in Computation and S...Securing Research Data: A Workshop on Emerging Practices in Computation and S...
Securing Research Data: A Workshop on Emerging Practices in Computation and S...
PacificResearchPlatform
 
The Internet of Things (IoT)
The Internet of Things (IoT)The Internet of Things (IoT)
The Internet of Things (IoT)
Dadhaniya Renish
 
Security and Privacy in IoT and Cyber-physical Systems
Security and Privacy in IoT and Cyber-physical SystemsSecurity and Privacy in IoT and Cyber-physical Systems
Security and Privacy in IoT and Cyber-physical Systems
Bob Marcus
 
Panel 3: Security and Privacy in Practice
Panel 3: Security and Privacy in PracticePanel 3: Security and Privacy in Practice
Panel 3: Security and Privacy in Practice
PacificResearchPlatform
 
Different applications and security concerns in Iot by Jatin Akad
Different applications and security concerns in Iot by Jatin AkadDifferent applications and security concerns in Iot by Jatin Akad
Different applications and security concerns in Iot by Jatin Akad
Jatin Akar
 
Presentasi ftii intlcyberlaw
Presentasi ftii intlcyberlawPresentasi ftii intlcyberlaw
Presentasi ftii intlcyberlaw
Rizkiawan Achadi
 
Scrubbing Your Active Directory Squeaky Clean
Scrubbing Your Active Directory Squeaky CleanScrubbing Your Active Directory Squeaky Clean
Scrubbing Your Active Directory Squeaky Clean
NetIQ
 
TAC Subscription Webinar
TAC Subscription WebinarTAC Subscription Webinar
TAC Subscription Webinar
EnergySec
 
Ann ackaert - handle with ecare: 5 years of ict research in the homecare envi...
Ann ackaert - handle with ecare: 5 years of ict research in the homecare envi...Ann ackaert - handle with ecare: 5 years of ict research in the homecare envi...
Ann ackaert - handle with ecare: 5 years of ict research in the homecare envi...
imec.archive
 
Building A Cloud-Ready Security Program
Building A Cloud-Ready Security ProgramBuilding A Cloud-Ready Security Program
Building A Cloud-Ready Security Program
NetIQ
 
Closing the Loop - From Citizen Sensing to Citizen Actuation
Closing the Loop - From Citizen Sensing to Citizen ActuationClosing the Loop - From Citizen Sensing to Citizen Actuation
Closing the Loop - From Citizen Sensing to Citizen Actuation
David Crowley
 
ARC's Bob Mick Cyber Security Presentation @ ARC Industry Forum 2010
ARC's Bob Mick Cyber Security Presentation @ ARC Industry Forum 2010ARC's Bob Mick Cyber Security Presentation @ ARC Industry Forum 2010
ARC's Bob Mick Cyber Security Presentation @ ARC Industry Forum 2010
ARC Advisory Group
 
ARI2132 lecture1
ARI2132 lecture1ARI2132 lecture1
ARI2132 lecture1
Vanessa Camilleri
 
Internet of Everything
Internet of EverythingInternet of Everything
Internet of Everything
Shubham Vyas
 
The Internet Of Things
The Internet Of ThingsThe Internet Of Things
The Internet Of Things
Shivangi Dubey
 
IoTA : Where IoT Meets Social Network
IoTA : Where IoT Meets Social NetworkIoTA : Where IoT Meets Social Network
IoTA : Where IoT Meets Social Network
Setareh Sarachi, MSc.
 
Security and Privacy Challenges for IoT
Security and Privacy Challenges for IoTSecurity and Privacy Challenges for IoT
Security and Privacy Challenges for IoT
Jason Hong
 
How We Will Fail in Privacy and Ethics for the Emerging Internet of Things
How We Will Fail in Privacy and Ethics for the Emerging Internet of ThingsHow We Will Fail in Privacy and Ethics for the Emerging Internet of Things
How We Will Fail in Privacy and Ethics for the Emerging Internet of Things
Jason Hong
 
Advanced threat protection and big data
Advanced threat protection and big dataAdvanced threat protection and big data
Advanced threat protection and big data
Peter Wood
 
Dr Dev Kambhampati | Strategic Principles for Securing the Internet of Things...
Dr Dev Kambhampati | Strategic Principles for Securing the Internet of Things...Dr Dev Kambhampati | Strategic Principles for Securing the Internet of Things...
Dr Dev Kambhampati | Strategic Principles for Securing the Internet of Things...
Dr Dev Kambhampati
 
An IOT Based Low Power Health Monitoring with Active Personal Assistance
An IOT Based Low Power Health Monitoring with Active Personal AssistanceAn IOT Based Low Power Health Monitoring with Active Personal Assistance
An IOT Based Low Power Health Monitoring with Active Personal Assistance
ijtsrd
 
Presentasi ftii intlcyberlaw
Presentasi ftii intlcyberlawPresentasi ftii intlcyberlaw
Presentasi ftii intlcyberlaw
ftii
 
Starting From Scratch - the ELN Reality
Starting From Scratch - the ELN RealityStarting From Scratch - the ELN Reality
Starting From Scratch - the ELN Reality
John Trigg
 
PEoPLe@DEIB + Sport && Wellness Hackathon @ ACSO
PEoPLe@DEIB + Sport && Wellness Hackathon @ ACSOPEoPLe@DEIB + Sport && Wellness Hackathon @ ACSO
PEoPLe@DEIB + Sport && Wellness Hackathon @ ACSO
NECST Lab @ Politecnico di Milano
 
Project center in trichy @ieee 2016 17 titles for java and dotnet
Project center in trichy @ieee 2016 17 titles for java and dotnetProject center in trichy @ieee 2016 17 titles for java and dotnet
Project center in trichy @ieee 2016 17 titles for java and dotnet
TripleN Infotech
 
Fösica andalucöa 1
Fösica andalucöa 1Fösica andalucöa 1
Fösica andalucöa 1
ivaanmd98
 
Unit 4
Unit 4Unit 4
Unit 4
Mayra Alejandra Banda Lozano
 

Más contenido relacionado

La actualidad más candente

Presentasi ftii intlcyberlaw
Presentasi ftii intlcyberlawPresentasi ftii intlcyberlaw
Presentasi ftii intlcyberlaw
Rizkiawan Achadi
 
TAC Subscription Webinar
TAC Subscription WebinarTAC Subscription Webinar
TAC Subscription Webinar
EnergySec
 
Ann ackaert - handle with ecare: 5 years of ict research in the homecare envi...
Ann ackaert - handle with ecare: 5 years of ict research in the homecare envi...Ann ackaert - handle with ecare: 5 years of ict research in the homecare envi...
Ann ackaert - handle with ecare: 5 years of ict research in the homecare envi...
imec.archive
 
How We Will Fail in Privacy and Ethics for the Emerging Internet of Things
How We Will Fail in Privacy and Ethics for the Emerging Internet of ThingsHow We Will Fail in Privacy and Ethics for the Emerging Internet of Things
How We Will Fail in Privacy and Ethics for the Emerging Internet of Things
Jason Hong
 
An IOT Based Low Power Health Monitoring with Active Personal Assistance
An IOT Based Low Power Health Monitoring with Active Personal AssistanceAn IOT Based Low Power Health Monitoring with Active Personal Assistance
An IOT Based Low Power Health Monitoring with Active Personal Assistance
ijtsrd
 
Presentasi ftii intlcyberlaw
Presentasi ftii intlcyberlawPresentasi ftii intlcyberlaw
Presentasi ftii intlcyberlaw
ftii
 

La actualidad más candente (19)

Presentasi ftii intlcyberlaw
Presentasi ftii intlcyberlawPresentasi ftii intlcyberlaw
Presentasi ftii intlcyberlaw
 
Scrubbing Your Active Directory Squeaky Clean
Scrubbing Your Active Directory Squeaky CleanScrubbing Your Active Directory Squeaky Clean
Scrubbing Your Active Directory Squeaky Clean
 
TAC Subscription Webinar
TAC Subscription WebinarTAC Subscription Webinar
TAC Subscription Webinar
 
Ann ackaert - handle with ecare: 5 years of ict research in the homecare envi...
Ann ackaert - handle with ecare: 5 years of ict research in the homecare envi...Ann ackaert - handle with ecare: 5 years of ict research in the homecare envi...
Ann ackaert - handle with ecare: 5 years of ict research in the homecare envi...
 
Building A Cloud-Ready Security Program
Building A Cloud-Ready Security ProgramBuilding A Cloud-Ready Security Program
Building A Cloud-Ready Security Program
 
Closing the Loop - From Citizen Sensing to Citizen Actuation
Closing the Loop - From Citizen Sensing to Citizen ActuationClosing the Loop - From Citizen Sensing to Citizen Actuation
Closing the Loop - From Citizen Sensing to Citizen Actuation
 
ARC's Bob Mick Cyber Security Presentation @ ARC Industry Forum 2010
ARC's Bob Mick Cyber Security Presentation @ ARC Industry Forum 2010ARC's Bob Mick Cyber Security Presentation @ ARC Industry Forum 2010
ARC's Bob Mick Cyber Security Presentation @ ARC Industry Forum 2010
 
ARI2132 lecture1
ARI2132 lecture1ARI2132 lecture1
ARI2132 lecture1
 
Internet of Everything
Internet of EverythingInternet of Everything
Internet of Everything
 
The Internet Of Things
The Internet Of ThingsThe Internet Of Things
The Internet Of Things
 
IoTA : Where IoT Meets Social Network
IoTA : Where IoT Meets Social NetworkIoTA : Where IoT Meets Social Network
IoTA : Where IoT Meets Social Network
 
Security and Privacy Challenges for IoT
Security and Privacy Challenges for IoTSecurity and Privacy Challenges for IoT
Security and Privacy Challenges for IoT
 
How We Will Fail in Privacy and Ethics for the Emerging Internet of Things
How We Will Fail in Privacy and Ethics for the Emerging Internet of ThingsHow We Will Fail in Privacy and Ethics for the Emerging Internet of Things
How We Will Fail in Privacy and Ethics for the Emerging Internet of Things
 
Advanced threat protection and big data
Advanced threat protection and big dataAdvanced threat protection and big data
Advanced threat protection and big data
 
Dr Dev Kambhampati | Strategic Principles for Securing the Internet of Things...
Dr Dev Kambhampati | Strategic Principles for Securing the Internet of Things...Dr Dev Kambhampati | Strategic Principles for Securing the Internet of Things...
Dr Dev Kambhampati | Strategic Principles for Securing the Internet of Things...
 
An IOT Based Low Power Health Monitoring with Active Personal Assistance
An IOT Based Low Power Health Monitoring with Active Personal AssistanceAn IOT Based Low Power Health Monitoring with Active Personal Assistance
An IOT Based Low Power Health Monitoring with Active Personal Assistance
 
Presentasi ftii intlcyberlaw
Presentasi ftii intlcyberlawPresentasi ftii intlcyberlaw
Presentasi ftii intlcyberlaw
 
Starting From Scratch - the ELN Reality
Starting From Scratch - the ELN RealityStarting From Scratch - the ELN Reality
Starting From Scratch - the ELN Reality
 
PEoPLe@DEIB + Sport && Wellness Hackathon @ ACSO
PEoPLe@DEIB + Sport && Wellness Hackathon @ ACSOPEoPLe@DEIB + Sport && Wellness Hackathon @ ACSO
PEoPLe@DEIB + Sport && Wellness Hackathon @ ACSO
 

Destacado

ISPG-Corporate-Profile-all-products
ISPG-Corporate-Profile-all-productsISPG-Corporate-Profile-all-products
ISPG-Corporate-Profile-all-products
Ajith B. G.
 

Destacado (10)

Project center in trichy @ieee 2016 17 titles for java and dotnet
Project center in trichy @ieee 2016 17 titles for java and dotnetProject center in trichy @ieee 2016 17 titles for java and dotnet
Project center in trichy @ieee 2016 17 titles for java and dotnet
 
Fösica andalucöa 1
Fösica andalucöa 1Fösica andalucöa 1
Fösica andalucöa 1
 
Unit 4
Unit 4Unit 4
Unit 4
 
Resume
ResumeResume
Resume
 
Potential Issues and Backup Plan
Potential Issues and Backup PlanPotential Issues and Backup Plan
Potential Issues and Backup Plan
 
ISPG-Corporate-Profile-all-products
ISPG-Corporate-Profile-all-productsISPG-Corporate-Profile-all-products
ISPG-Corporate-Profile-all-products
 
Press Release
Press ReleasePress Release
Press Release
 
Laia.Ricino
Laia.RicinoLaia.Ricino
Laia.Ricino
 
Aprendiendo De La Naturaleza
Aprendiendo De La NaturalezaAprendiendo De La Naturaleza
Aprendiendo De La Naturaleza
 
Third Quarter 2016 Investor Presentation
Third Quarter 2016 Investor PresentationThird Quarter 2016 Investor Presentation
Third Quarter 2016 Investor Presentation
 

Similar a Interoperability, Standards and Cybersecurity: A Business Perspective

EISS Cybersecurity Briefing
EISS Cybersecurity BriefingEISS Cybersecurity Briefing
EISS Cybersecurity Briefing
EnergySec
 
NESCO: A Closer Look
NESCO: A Closer LookNESCO: A Closer Look
NESCO: A Closer Look
EnergySec
 
Next Generation Information Sharing For The Electric Sector
Next Generation Information Sharing For The Electric SectorNext Generation Information Sharing For The Electric Sector
Next Generation Information Sharing For The Electric Sector
EnergySec
 
Security From the Ground Up
Security From the Ground UpSecurity From the Ground Up
Security From the Ground Up
EnergySec
 

Similar a Interoperability, Standards and Cybersecurity: A Business Perspective (20)

The Expanding Web of Cybersecurity Requirements
The Expanding Web of Cybersecurity RequirementsThe Expanding Web of Cybersecurity Requirements
The Expanding Web of Cybersecurity Requirements
 
EISS Cybersecurity Briefing
EISS Cybersecurity BriefingEISS Cybersecurity Briefing
EISS Cybersecurity Briefing
 
NESCO: A Closer Look
NESCO: A Closer LookNESCO: A Closer Look
NESCO: A Closer Look
 
NESCO Overview: Emerson Ovation User Group BOD Meeting
NESCO Overview: Emerson Ovation User Group BOD MeetingNESCO Overview: Emerson Ovation User Group BOD Meeting
NESCO Overview: Emerson Ovation User Group BOD Meeting
 
Next Generation Information Sharing for the Electric Sector
Next Generation Information Sharing for the Electric SectorNext Generation Information Sharing for the Electric Sector
Next Generation Information Sharing for the Electric Sector
 
Next Generation Information Sharing For The Electric Sector
Next Generation Information Sharing For The Electric SectorNext Generation Information Sharing For The Electric Sector
Next Generation Information Sharing For The Electric Sector
 
Don't Get Hacked! Cybersecurity Boot Camp
Don't Get Hacked! Cybersecurity Boot CampDon't Get Hacked! Cybersecurity Boot Camp
Don't Get Hacked! Cybersecurity Boot Camp
 
EnergySec and the NESCO overview
EnergySec and the NESCO overviewEnergySec and the NESCO overview
EnergySec and the NESCO overview
 
Bridging the Gap: Between Operations and IT
Bridging the Gap: Between Operations and ITBridging the Gap: Between Operations and IT
Bridging the Gap: Between Operations and IT
 
EnergySec & NESCO Overview
EnergySec & NESCO OverviewEnergySec & NESCO Overview
EnergySec & NESCO Overview
 
What's "Smart" Got to Do With It?: A technical overview of Advanced Metering ...
What's "Smart" Got to Do With It?: A technical overview of Advanced Metering ...What's "Smart" Got to Do With It?: A technical overview of Advanced Metering ...
What's "Smart" Got to Do With It?: A technical overview of Advanced Metering ...
 
Capstone Paper
Capstone PaperCapstone Paper
Capstone Paper
 
Security of the Electric Grid: It's more than just NERC CIP
Security of the Electric Grid: It's more than just NERC CIPSecurity of the Electric Grid: It's more than just NERC CIP
Security of the Electric Grid: It's more than just NERC CIP
 
Security From the Ground Up
Security From the Ground UpSecurity From the Ground Up
Security From the Ground Up
 
Security From the Ground Up
Security From the Ground UpSecurity From the Ground Up
Security From the Ground Up
 
EnergySec & National Electric Cyber Security Organization (NESCO) Overview by...
EnergySec & National Electric Cyber Security Organization (NESCO) Overview by...EnergySec & National Electric Cyber Security Organization (NESCO) Overview by...
EnergySec & National Electric Cyber Security Organization (NESCO) Overview by...
 
Hype, Hope and Happenstance: Cyber Threats and Opportunities in an Age of Aut...
Hype, Hope and Happenstance: Cyber Threats and Opportunities in an Age of Aut...Hype, Hope and Happenstance: Cyber Threats and Opportunities in an Age of Aut...
Hype, Hope and Happenstance: Cyber Threats and Opportunities in an Age of Aut...
 
2-25-2014 Part 1 - NRECA Kickoff Meeting v2
2-25-2014 Part 1 - NRECA Kickoff Meeting v22-25-2014 Part 1 - NRECA Kickoff Meeting v2
2-25-2014 Part 1 - NRECA Kickoff Meeting v2
 
Nreca kickoff meeting
Nreca kickoff meetingNreca kickoff meeting
Nreca kickoff meeting
 
NESCO Year 2 Overview
NESCO Year 2 OverviewNESCO Year 2 Overview
NESCO Year 2 Overview
 

Más de EnergySec

Gary Leatherman - A Holistic Approach for Reimagining Cyber Defense
Gary Leatherman - A Holistic Approach for Reimagining Cyber DefenseGary Leatherman - A Holistic Approach for Reimagining Cyber Defense
Gary Leatherman - A Holistic Approach for Reimagining Cyber Defense
EnergySec
 
Slide Griffin - Practical Attacks and Mitigations
Slide Griffin - Practical Attacks and MitigationsSlide Griffin - Practical Attacks and Mitigations
Slide Griffin - Practical Attacks and Mitigations
EnergySec
 
Patrick Miller - Tackling Tomorrow's Biggest Cybersecurity Problems with Real...
Patrick Miller - Tackling Tomorrow's Biggest Cybersecurity Problems with Real...Patrick Miller - Tackling Tomorrow's Biggest Cybersecurity Problems with Real...
Patrick Miller - Tackling Tomorrow's Biggest Cybersecurity Problems with Real...
EnergySec
 
Jack Whitsitt - Yours, Anecdotally
Jack Whitsitt - Yours, AnecdotallyJack Whitsitt - Yours, Anecdotally
Jack Whitsitt - Yours, Anecdotally
EnergySec
 
Steve Parker - The Internet of Everything: Cyber-defense in an Age of Ubiquit...
Steve Parker - The Internet of Everything: Cyber-defense in an Age of Ubiquit...Steve Parker - The Internet of Everything: Cyber-defense in an Age of Ubiquit...
Steve Parker - The Internet of Everything: Cyber-defense in an Age of Ubiquit...
EnergySec
 
Wireless Sensor Networks: Nothing is Out of Reach
Wireless Sensor Networks: Nothing is Out of ReachWireless Sensor Networks: Nothing is Out of Reach
Wireless Sensor Networks: Nothing is Out of Reach
EnergySec
 
Please, Come and Hack my SCADA System!
Please, Come and Hack my SCADA System!Please, Come and Hack my SCADA System!
Please, Come and Hack my SCADA System!
EnergySec
 
Unidirectional Network Architectures
Unidirectional Network ArchitecturesUnidirectional Network Architectures
Unidirectional Network Architectures
EnergySec
 
NERC CIP Version 5 and Beyond – Compliance and the Vendor’s Role
NERC CIP Version 5 and Beyond – Compliance and the Vendor’s RoleNERC CIP Version 5 and Beyond – Compliance and the Vendor’s Role
NERC CIP Version 5 and Beyond – Compliance and the Vendor’s Role
EnergySec
 
Industrial Technology Trajectory: Running With Scissors
Industrial Technology Trajectory: Running With ScissorsIndustrial Technology Trajectory: Running With Scissors
Industrial Technology Trajectory: Running With Scissors
EnergySec
 
The Path to Confident Compliance and the Transition to NERC CIP Version 5 – A...
The Path to Confident Compliance and the Transition to NERC CIP Version 5 – A...The Path to Confident Compliance and the Transition to NERC CIP Version 5 – A...
The Path to Confident Compliance and the Transition to NERC CIP Version 5 – A...
EnergySec
 
ICS Cybersecurity: How to Protect the Proprietary Cyber Assets That Hackers C...
ICS Cybersecurity: How to Protect the Proprietary Cyber Assets That Hackers C...ICS Cybersecurity: How to Protect the Proprietary Cyber Assets That Hackers C...
ICS Cybersecurity: How to Protect the Proprietary Cyber Assets That Hackers C...
EnergySec
 
Where Cyber Security Meets Operational Value
Where Cyber Security Meets Operational ValueWhere Cyber Security Meets Operational Value
Where Cyber Security Meets Operational Value
EnergySec
 
Where Are All The ICS Attacks?
Where Are All The ICS Attacks?Where Are All The ICS Attacks?
Where Are All The ICS Attacks?
EnergySec
 
SAP’s Utilities Roadmap Overview, The Evolution of Regulatory Compliance and ...
SAP’s Utilities Roadmap Overview, The Evolution of Regulatory Compliance and ...SAP’s Utilities Roadmap Overview, The Evolution of Regulatory Compliance and ...
SAP’s Utilities Roadmap Overview, The Evolution of Regulatory Compliance and ...
EnergySec
 

Más de EnergySec (20)

Gary Leatherman - A Holistic Approach for Reimagining Cyber Defense
Gary Leatherman - A Holistic Approach for Reimagining Cyber DefenseGary Leatherman - A Holistic Approach for Reimagining Cyber Defense
Gary Leatherman - A Holistic Approach for Reimagining Cyber Defense
 
Slide Griffin - Practical Attacks and Mitigations
Slide Griffin - Practical Attacks and MitigationsSlide Griffin - Practical Attacks and Mitigations
Slide Griffin - Practical Attacks and Mitigations
 
Patrick Miller - Tackling Tomorrow's Biggest Cybersecurity Problems with Real...
Patrick Miller - Tackling Tomorrow's Biggest Cybersecurity Problems with Real...Patrick Miller - Tackling Tomorrow's Biggest Cybersecurity Problems with Real...
Patrick Miller - Tackling Tomorrow's Biggest Cybersecurity Problems with Real...
 
Jack Whitsitt - Yours, Anecdotally
Jack Whitsitt - Yours, AnecdotallyJack Whitsitt - Yours, Anecdotally
Jack Whitsitt - Yours, Anecdotally
 
Steve Parker - The Internet of Everything: Cyber-defense in an Age of Ubiquit...
Steve Parker - The Internet of Everything: Cyber-defense in an Age of Ubiquit...Steve Parker - The Internet of Everything: Cyber-defense in an Age of Ubiquit...
Steve Parker - The Internet of Everything: Cyber-defense in an Age of Ubiquit...
 
Daniel Lance - What "You've Got Mail" Taught Me About Cyber Security
Daniel Lance - What "You've Got Mail" Taught Me About Cyber SecurityDaniel Lance - What "You've Got Mail" Taught Me About Cyber Security
Daniel Lance - What "You've Got Mail" Taught Me About Cyber Security
 
Lessons Learned For NERC CIPv5 Compliance & Configuration Change Management
Lessons Learned For NERC CIPv5 Compliance & Configuration Change ManagementLessons Learned For NERC CIPv5 Compliance & Configuration Change Management
Lessons Learned For NERC CIPv5 Compliance & Configuration Change Management
 
Explore the Implicit Requirements of the NERC CIP RSAWs
Explore the Implicit Requirements of the NERC CIP RSAWsExplore the Implicit Requirements of the NERC CIP RSAWs
Explore the Implicit Requirements of the NERC CIP RSAWs
 
Wireless Sensor Networks: Nothing is Out of Reach
Wireless Sensor Networks: Nothing is Out of ReachWireless Sensor Networks: Nothing is Out of Reach
Wireless Sensor Networks: Nothing is Out of Reach
 
Please, Come and Hack my SCADA System!
Please, Come and Hack my SCADA System!Please, Come and Hack my SCADA System!
Please, Come and Hack my SCADA System!
 
Unidirectional Network Architectures
Unidirectional Network ArchitecturesUnidirectional Network Architectures
Unidirectional Network Architectures
 
NERC CIP Version 5 and Beyond – Compliance and the Vendor’s Role
NERC CIP Version 5 and Beyond – Compliance and the Vendor’s RoleNERC CIP Version 5 and Beyond – Compliance and the Vendor’s Role
NERC CIP Version 5 and Beyond – Compliance and the Vendor’s Role
 
Industrial Technology Trajectory: Running With Scissors
Industrial Technology Trajectory: Running With ScissorsIndustrial Technology Trajectory: Running With Scissors
Industrial Technology Trajectory: Running With Scissors
 
The Path to Confident Compliance and the Transition to NERC CIP Version 5 – A...
The Path to Confident Compliance and the Transition to NERC CIP Version 5 – A...The Path to Confident Compliance and the Transition to NERC CIP Version 5 – A...
The Path to Confident Compliance and the Transition to NERC CIP Version 5 – A...
 
ICS Cybersecurity: How to Protect the Proprietary Cyber Assets That Hackers C...
ICS Cybersecurity: How to Protect the Proprietary Cyber Assets That Hackers C...ICS Cybersecurity: How to Protect the Proprietary Cyber Assets That Hackers C...
ICS Cybersecurity: How to Protect the Proprietary Cyber Assets That Hackers C...
 
Where Cyber Security Meets Operational Value
Where Cyber Security Meets Operational ValueWhere Cyber Security Meets Operational Value
Where Cyber Security Meets Operational Value
 
Where Are All The ICS Attacks?
Where Are All The ICS Attacks?Where Are All The ICS Attacks?
Where Are All The ICS Attacks?
 
SAP’s Utilities Roadmap Overview, The Evolution of Regulatory Compliance and ...
SAP’s Utilities Roadmap Overview, The Evolution of Regulatory Compliance and ...SAP’s Utilities Roadmap Overview, The Evolution of Regulatory Compliance and ...
SAP’s Utilities Roadmap Overview, The Evolution of Regulatory Compliance and ...
 
Industry Reliability and Security Standards Working Together
Industry Reliability and Security Standards Working TogetherIndustry Reliability and Security Standards Working Together
Industry Reliability and Security Standards Working Together
 
What the Department of Defense and Energy Sector Can Learn from Each Other
What the Department of Defense and Energy Sector Can Learn from Each OtherWhat the Department of Defense and Energy Sector Can Learn from Each Other
What the Department of Defense and Energy Sector Can Learn from Each Other
 

Último

Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 

Último (20)

Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
 

Interoperability, Standards and Cybersecurity: A Business Perspective

  • 1. Interoperability, Standards and Cyber-Security: A Business Perspective Patrick C Miller, President and CEO April 21 2011 Innotech Smart Grid Oregon Pacific NW Smart Grid Trade Show and Conference
  • 2. Interoperability • Goal: “electron flocking” (e-flocking) • Current approach may be too prescriptive • $10K per seat may be a barrier • No real consensus at this time • Potentially unbalanced voting process • EEI feels the industry is being “marginalized” • Not ready for adoption at this time; but when? The National Electric Sector Cybersecurity Organization (NESCO) is a DOE-funded EnergySec Program 1
  • 3. Standards • FERC/PUC lines are not clear • NARUC wants backward compatibility • Many state commissions do not have expertise or sufficient staff to deal with the smart grid wave • California PUC is not waiting for Federal standards • Utilities are moving forward, but inconsistently • Suffering from standard fatigue The National Electric Sector Cybersecurity Organization (NESCO) is a DOE-funded EnergySec Program 2
  • 4. Cybersecurity Landscape • Security approaches favor new installations, legacy environments are still vulnerable • Very difficult to replace/patch in-service devices • Isolation has diminishing security value • Security products vs. buying secure products • Engineering (N-1) and Security are different – Nature may be sophisticated, but it isn’t malicious • Hackers don’t use a compliance checklist – Following a compliance checklist won’t make you secure The National Electric Sector Cybersecurity Organization (NESCO) is a DOE-funded EnergySec Program 3
  • 5. Cybersecurity Landscape • Mixing legacy and bleeding edge tech is difficult • Logical distance between kinetic endpoint and HMI is exponentially increasing; “hyperembeddedness” • Many vendors are forced to put features ahead of security due to market conditions • Privacy and security will be dominant forces in the smart grid market • Sufficient motive, means and opportunity exist to take the threat seriously The National Electric Sector Cybersecurity Organization (NESCO) is a DOE-funded EnergySec Program 4
  • 6. TwitBookBlogosphere The National Electric Sector Cybersecurity Organization (NESCO) is a DOE-funded EnergySec Program 5
  • 7. Research and Disclosure 46 zero-day SCADA vulnerabilities issued a two-week span The National Electric Sector Cybersecurity Organization (NESCO) is a DOE-funded EnergySec Program 6
  • 8. Smart Grid Development • Security Considerations – Get off of the innovation treadmill (see: Apple) – Code review: meters, aggregators, upstream – Crypto: transit, rest, key management – Message authentication: learn from EAI models – Patching – Supply chain: hardware, software, people – Physical access – Vulnerability management The National Electric Sector Cybersecurity Organization (NESCO) is a DOE-funded EnergySec Program 7
  • 9. Smart Grid Development • Privacy Considerations – Legal implications – Tin foil hat club – Must have vs. nice to have – Opt in vs. opt out vs. no option – Information is a commodity; ethics matter The National Electric Sector Cybersecurity Organization (NESCO) is a DOE-funded EnergySec Program 8
  • 10. Questions? Non-profit. Independent. Trusted. Patrick C Miller, President and CEO patrick@energysec.org 503-446-1212 The National Electric Sector Cybersecurity Organization (NESCO) is a DOE-funded EnergySec Program 9