SlideShare a Scribd company logo

Combating Apathy, Fatigue and Misdirection at EnergySec Summit

EnergySec
EnergySec

EnergySec CEO, Patrick Miller's, opening address to the attendees of the 8th Annual EnergySec Summit in Portland, OR.

Technology
1 of 22
Call to Arms: Combating Apathy, Fatigue and Misdirection 8th Annual EnergySec Summit World Trade Center Portland, OR September 25 2012
Threat Picture Intelligent, adaptive adversaries exist. They don’t follow the rules or compliance checklists. They have people, money and time. But… They sky isn’t falling. The$Na'onal$Electric$Sector$Cybersecurity$Organiza'on$(NESCO)$is$operated$by$EnergySec$ 9/26/12" with$funding$assistance$from$the$U.S.$Department$of$Energy$ 2"
Technology Picture !  Emergent intelligence !  A new digital world order !  Hyper-connectivity !  Hyper-embeddedness !  Hyper-temporality !  Vulnerabilities abound !  Bolt-ons are imperfect & complex The$Na'onal$Electric$Sector$Cybersecurity$Organiza'on$(NESCO)$is$operated$by$EnergySec$ 9/26/12" with$funding$assistance$from$the$U.S.$Department$of$Energy$ 3"
Cybersecurity Picture !  Research, espionage, organized crime, cyber/info warfare !  Data is money !  Nation state quality defense is the new norm !  Isolation is extremely difficult !  Cyber-kinetic impacts !  Engineering vs. Security The$Na'onal$Electric$Sector$Cybersecurity$Organiza'on$(NESCO)$is$operated$by$EnergySec$ 9/26/12" with$funding$assistance$from$the$U.S.$Department$of$Energy$ 4"
Small Is The New Big !  Cyber attacks don’t care about distance or size !  It’s all about connectivity !  Hacker’s are typically lazy, except when they’re not !  Attribution and obfuscation !  Stepping stones
Legislative/Regulatory Picture !  Hyperbole, FUD and politics !  Fear the auditor more than attacker !  “Comprehensive” !  Smart Grid security/interoperability !  Data breach disclosure !  Intelligent islanding !  Federal turf wars over critical infrastructure cybersecurity !  Regulatory landscape shift The$Na'onal$Electric$Sector$Cybersecurity$Organiza'on$(NESCO)$is$operated$by$EnergySec$ 9/26/12" with$funding$assistance$from$the$U.S.$Department$of$Energy$ 6"
Regulation vs. Attitude !  Regulation is easy, until it isn’t –  Toaster to turbine –  Party politics –  Fed vs Fed, Fed vs State vs Local… –  Overlap, cost and fatigue !  Adversaries will always innovate faster than legislative process !  You can prescribe action, but not attitude The$Na'onal$Electric$Sector$Cybersecurity$Organiza'on$(NESCO)$is$operated$by$EnergySec$ 9/26/12" with$funding$assistance$from$the$U.S.$Department$of$Energy$ 7"
Cybersecurity Law !  Posse Comitatus Act, 18 U.S.C. §1385 !  Antitrust Laws !  Sherman Antitrus Act, 15 U.S.C. §§1-7 !  Wilson Tariff Act 15, U.S.C. §§8-11 !  Clayton Act §5 of the Federal Trade Commission (FTC), 15 U.S.C. §§12-27 !  Clayton Act §5 of the Federal Trade Commission (FTC), 15 U.S.C. §45(a) !  National Institute of Standards and Technology (NIST), Act (p. 13) 15 U.S.C. §271 !  Radio Act of 1912 !  Federal Power Act (p. 13), 16 U.S.C. §791a et seq., §824 et seq. !  Radio Act of 1927 !  Communications Act of 1934 (p.14), 47 U.S.C. §151 et seq. !  National Security Act of 1947 (p. 15), 50 U.S.C. §401 et seq. !  US Information and Educational Exchange Act of 1948 (Smith-Mundt Act) (p. 15), 22 U.S.C. §1431 et seq. !  Defense Production Act of 1950, 50 U.S.C. App. §2061 et seq. !  State Department Basic Authorities Act of 1956 (p. 17), 22 U.S.C. §2651a !  Brooks Automatic Data Processing Act !  Freedom of Information Act (FOIA) (p. 17), 5 U.S.C. §552 !  Omnibus Crime Control and Safe Streets Act of 1968 (p. 19), 42 U.S.C. Chapter 46, §§3701 to 3797ee-1 !  Racketeer Influenced and Corrupt Organizations Act (RICO) (p. 19), 18 U.S.C. Chapter 96, §§1961-1968 !  Federal Advisory Committee Act (p. 20), 5 U.S.C. App., §§1-16 !  War Powers Resolution, 50 U.S.C. Chapter 33, §§1541-1548. !  Privacy Act of 1974 (p. 20), 5 U.S.C. §552a !  Foreign Intelligence Surveillance Act of 1978 (FISA), 18 U.S.C. §§2511, 2518-9, !  Foreign Intelligence Surveillance Act of 1978 (FISA), 50 U.S.C. Chapter 36, §§1801-1885c !  Privacy Protection Act of 1980, 42 U.S.C. Chapter 21A, §§2000aa-5 to 2000aa-12 !  Counterfeit Access Device and Computer Fraud and Abuse Act of 1984 (p. 21), 18 U.S.C. §1030 !  Computer Fraud and Abuse Act of 1986, 18 U.S.C. §1030 !  Electronic Communications Privacy Act of 1986 (ECPA) (p. 22), 18 U.S.C. §§2510- 2522, 2701-2712, 3121-3126 !  Department of Defense Appropriations Act, 1987 (p. 24), 10 U.S.C. §167 !  Computer Security Act of 1987, 15 U.S.C. §§272, 278g-3, 278g-4, 278h !  Computer Matching and Privacy Protection Act of 1988, 5 U.S.C. §552a !  High Performance Computing Act of 1991 (p. 24), 15 U.S.C. Chapter 81 !  Communications Assistance for Law Enforcement Act (CALEA) of 1994 (p. 26), 47 U.S.C. §1001 et seq. !  Source: Federal Laws Relating to Cybersecurity: Discussion of Proposed Revisions, Eric A. Fischer, Senior Specialist in Science and Technology December 22, 2011 The$Na'onal$Electric$Sector$Cybersecurity$Organiza'on$(NESCO)$is$operated$by$EnergySec$ 9/26/12" with$funding$assistance$from$the$U.S.$Department$of$Energy$ 8"
Cybersecurity Law !  Paperwork Reduction Act of 1995, 44 U.S.C. Chapter 35, §§3501-3549 !  Telecommunications Act of 1996, 47 U.S.C. §609 !  Communications Decency Act of 1996 (p. 27), 47 U.S.C. §§223, 230 !  Clinger-Cohen Act (Information Technology Management Reform Act) of 1996) (p. 28), 40 U.S.C. §11001 et seq. !  Health Insurance Portability and Accountability Act of 1996 (HIPAA), 42 U.S.C. §1320d et seq. !  Economic Espionage Act of 1996, 18 U.S.C. §1030, Chapter 90, §§1831-1839 !  Identity Theft and Assumption Deterrence Act of 1998 (p. 29), 18 U.S.C. §1028 !  National Defense Authorization Act for Fiscal Year 200, 10 U.S.C. §2224 !  Gramm-Leach-Bliley Act of 1999, 15 U.S.C. Chapter 94, §§6801-6827 !  USA PATRIOT Act of 2001, 18 U.S.C. §1 !  Sarbanes-Oxley Act of 2002, 15 U.S.C. §7262 !  Homeland Security Act of 2002 (HSA) (p. 30), 6 U.S.C. §§121-195c, 441-444, and 481-486 !  Federal Information Security Management Act of 2002 (FISMA) (p. 32), 44 U. S. C. Chapter 35, Subchapters II and III, 40 U.S.C. 11331, 15 U.S.C. 278g-3 & 4 !  Terrorism Risk Insurance Act of 2002 (p. 34), 15 U.S.C. §6701 nt. !  Cyber Security Research and Development Act, 2002 (p. 34), 15 U.S.C. §§278g, h, 7401 et seq. !  E-Government Act of 2002 (p. 36), 5 U.S.C. Chapter 37, 44 U.S.C. §3501 nt.., Chapter 35, Subchapter 2, and Chapter 36 !  Fair and Accurate Credit T ransactions Act of 2003, 15 U.S.C. §1601 !  Controlling the Assault of Non-Solicited Pornography and Marketing (CAN-SPAM) Act of 2003, 15 U.S.C. Chapter 103, §§7701-7713, 18 U.S.C. 1037 !  Identity Theft Penalty Enhancement Act 2004 (p. 37), 18 U.S.C. §§1028, 1028A !  Intelligence Reform and Terrorism Prevention Act of 2004 (IRPTA) (p. 38), 42 U.S. C. §2000ee, 50 U.S.C. §403-1 et seq. , §403-3 et seq. , §404o et. seq. !  Energy Policy Act of 2005 (EPACT), 16 U.S.C. 824o !  Department of Homeland Security Appropriations Act, 2007, 6 U.S.C. §121 nt. !  Protect America Act of 2007, 50 U.S.C. §1801 nt. !  Energy Independence and Security Act of 2007 (EISA), 42 U.S.C. §§17381- 17385 !  Foreign Intelligence Surveillance Act of 1978 [FISA] Amendments Act of 2008, 50 U.S.C. §1801 !  Identity Theft Enforcement and Restitution Act of 2008, 18 U.S.C. §1030 !  Health Information Technology for Economic and Clinical Health Act, 42 U.S.C. §17901 et seq. !  Source: Federal Laws Relating to Cybersecurity: Discussion of Proposed Revisions, Eric A. Fischer, Senior Specialist in Science and Technology December 22, 2011 “…security is an art – and you cannot legislate art.” Comment by Deputy Assistant Director, US DOE The$Na'onal$Electric$Sector$Cybersecurity$Organiza'on$(NESCO)$is$operated$by$EnergySec$ 9/26/12" with$funding$assistance$from$the$U.S.$Department$of$Energy$ 9"
Do The Right Thing !  “Why don’t they just do the right thing?” –  Comment by House Homeland Security Committee staffer, 2009 !  Dozens of Congressional hearings !  Roughly 150 bills since 2009 !  Executive Order being considered !  No closer to defining what the “right thing” is The$Na'onal$Electric$Sector$Cybersecurity$Organiza'on$(NESCO)$is$operated$by$EnergySec$ 9/26/12" with$funding$assistance$from$the$U.S.$Department$of$Energy$ 10"
Compliance vs. Security The$Na'onal$Electric$Sector$Cybersecurity$Organiza'on$(NESCO)$is$operated$by$EnergySec$ 9/26/12" with$funding$assistance$from$the$U.S.$Department$of$Energy$ 11"
Compliance vs. Security !  “I had a nightmare last night. My entire security team had been converted to compliance staff!” –  Comment by former security manager for large U.S. investor owned utility !  Culture of compliance may not be a good thing !  Compliance can both help and hurt security !  There is a point where security and compliance meet – it isn’t always easy to find but it is the best approach toward spending/resourcing The$Na'onal$Electric$Sector$Cybersecurity$Organiza'on$(NESCO)$is$operated$by$EnergySec$ 9/26/12" with$funding$assistance$from$the$U.S.$Department$of$Energy$ 12"
Sector Spotlight !  Electric sector (SCADA) = new shiny object !  TV, movies, media, blogosphere, Twitter !  Armchair experts and hyperbole !  Other critical infrastructures, nation states !  Smart Grid fever will drive more attention !  The mania will intensify in the near term !  Very little actuarial data to form risk models The$Na'onal$Electric$Sector$Cybersecurity$Organiza'on$(NESCO)$is$operated$by$EnergySec$ 9/26/12" with$funding$assistance$from$the$U.S.$Department$of$Energy$ 13"
Resources Are Scarce !  Not enough qualified security pros available !  Very complex range of skills needed to match operational technologies, security tools and business (compliance) risk !  Active “cannibalization” of talent within sector !  Few qualified auditors and consultants !  Artificial demand in market increases costs The$Na'onal$Electric$Sector$Cybersecurity$Organiza'on$(NESCO)$is$operated$by$EnergySec$ 9/26/12" with$funding$assistance$from$the$U.S.$Department$of$Energy$ 14"
Vendor Relationships !  Most vendors put features first, security second !  ARRA and other “green/clean” dollars are fueling corporate consumerism !  You are being given old technology as new and new technology that hasn’t been tested !  Interoperability standards, SCADA Procurement Language, code reviews, etc !  100% secure does not and will not exist !  Security testing in FAT, and again in SAT !  Vulnerability disclosure ripple effect The$Na'onal$Electric$Sector$Cybersecurity$Organiza'on$(NESCO)$is$operated$by$EnergySec$ 9/26/12" with$funding$assistance$from$the$U.S.$Department$of$Energy$ 15"
Negative Perceptions !  Too many cases of lowering security to achieve strict compliance to NERC CIP standards – while possibly [potentially] reducing reliability !  Too few Critical Assets and Critical Cyber Assets !  CIPS is more about accountability than security !  Future changes to CIPS are slow and inadequate !  Virtually no change in over 6 years !  Industry is actively trying to minimize and stall !  CIP Version 5 has one more “round” - or else… The$Na'onal$Electric$Sector$Cybersecurity$Organiza'on$(NESCO)$is$operated$by$EnergySec$ 9/26/12" with$funding$assistance$from$the$U.S.$Department$of$Energy$ 16"
Regulation Will Get Muddy !  Accountability baseline still forming !  Consensus is not possible; ANSI flaws !  Region/NERC/FERC relationship is unstable !  Data breach laws are coming !  Overlapping regulations (SOX, PCI, CFATS, MTSA, Pipeline Safety, NRC…) !  Heavy politics attached to grid security !  Who’s got the cybersecurity authority today? The$Na'onal$Electric$Sector$Cybersecurity$Organiza'on$(NESCO)$is$operated$by$EnergySec$ 9/26/12" with$funding$assistance$from$the$U.S.$Department$of$Energy$ 17"
Recommendations !  Realize that you are a target; act accordingly !  Prepare for the spotlight and microscope !  Build a compliance program that can embrace any regulatory regime – even DHS (think TSA) !  CIPS is only the beginning, expect more !  Don’t wait for the next regulation to get started implementing controls The$Na'onal$Electric$Sector$Cybersecurity$Organiza'on$(NESCO)$is$operated$by$EnergySec$ 9/26/12" with$funding$assistance$from$the$U.S.$Department$of$Energy$ 18"
Recommendations !  Start with an evaluation of risk and capability !  Adopt a risk management framework !  Automate compliance from sound business process, but don’t under-resource –  Security technology requires humans !  Consider continuous monitoring approach !  Manage like other risks in portfolio !  Communication is key; customers, stakeholders The$Na'onal$Electric$Sector$Cybersecurity$Organiza'on$(NESCO)$is$operated$by$EnergySec$ 9/26/12" with$funding$assistance$from$the$U.S.$Department$of$Energy$ 19"
EnergySec Needs You !  Volunteer programs –  Tactical Analysis Center –  Best Practices Repository –  Community-driven efforts (Working Groups, task force, whitepapers, etc) !  Financial support –  NESCO must be sustained by industry –  TAC subscriptions –  Organizational or individual membership –  Donations/sponsorships The$Na'onal$Electric$Sector$Cybersecurity$Organiza'on$(NESCO)$is$operated$by$EnergySec$ 9/26/12" with$funding$assistance$from$the$U.S.$Department$of$Energy$ 20"
Break The Mold “You cannot solve a problem from the same consciousness that created it. You must learn to see the world anew.” - Albert Einstein The$Na'onal$Electric$Sector$Cybersecurity$Organiza'on$(NESCO)$is$operated$by$EnergySec$ 9/26/12" with$funding$assistance$from$the$U.S.$Department$of$Energy$ 21"
Questions Patrick C Miller President & CEO patrick.miller@energysec.org 503.272.1414) @patrickcmiller (twitter) www.energysec.org The$Na'onal$Electric$Sector$Cybersecurity$Organiza'on$(NESCO)$is$operated$by$EnergySec$ 9/26/12" with$funding$assistance$from$the$U.S.$Department$of$Energy$ 22"

Recommended

Fighting Malware Without Antivirus
Fighting Malware Without AntivirusFighting Malware Without Antivirus
Fighting Malware Without AntivirusEnergySec
 
Courts
Courts Courts
Courts atrantham
 
"Human Target: How Small Arms Production, Trade and Use affect Health and Dev...
"Human Target: How Small Arms Production, Trade and Use affect Health and Dev..."Human Target: How Small Arms Production, Trade and Use affect Health and Dev...
"Human Target: How Small Arms Production, Trade and Use affect Health and Dev...Geneva Declaration
 
Organization of the us court system
Organization of the us court systemOrganization of the us court system
Organization of the us court systemmarkathebest7
 
The United States Court System
The United States Court SystemThe United States Court System
The United States Court SystemRobo965
 
Dual court system
Dual court systemDual court system
Dual court systemjkegg
 
Drug smuggling
Drug smugglingDrug smuggling
Drug smugglingjoe133
 
The Judicial Branch
The Judicial BranchThe Judicial Branch
The Judicial Branchrcambou
 

Recommended

Fighting Malware Without Antivirus
Fighting Malware Without AntivirusFighting Malware Without Antivirus
Fighting Malware Without AntivirusEnergySec
 
Courts
Courts Courts
Courts atrantham
 
"Human Target: How Small Arms Production, Trade and Use affect Health and Dev...
"Human Target: How Small Arms Production, Trade and Use affect Health and Dev..."Human Target: How Small Arms Production, Trade and Use affect Health and Dev...
"Human Target: How Small Arms Production, Trade and Use affect Health and Dev...Geneva Declaration
 
Organization of the us court system
Organization of the us court systemOrganization of the us court system
Organization of the us court systemmarkathebest7
 
The United States Court System
The United States Court SystemThe United States Court System
The United States Court SystemRobo965
 
Dual court system
Dual court systemDual court system
Dual court systemjkegg
 
Drug smuggling
Drug smugglingDrug smuggling
Drug smugglingjoe133
 
The Judicial Branch
The Judicial BranchThe Judicial Branch
The Judicial Branchrcambou
 
Pássaro de Fogo
Pássaro de FogoPássaro de Fogo
Pássaro de FogoHercules Santhus
 
Arms trade by Alvaro Ruiz
Arms trade by Alvaro RuizArms trade by Alvaro Ruiz
Arms trade by Alvaro RuizAlmudena Vicente-Franqueira Díez
 
International Business Environment - Arms Trade
International Business Environment - Arms TradeInternational Business Environment - Arms Trade
International Business Environment - Arms TradeProsenjit Sarkar, CLDM®, Prince2® Practitioner
 
arms trafficking
arms traffickingarms trafficking
arms traffickingsanju249
 
The Arms Trade Treaty: An Industry Perspective
The Arms Trade Treaty: An Industry PerspectiveThe Arms Trade Treaty: An Industry Perspective
The Arms Trade Treaty: An Industry PerspectiveGreen Light Exports Consulting Ltd
 
The us federal court system & supreme court
The us federal court system & supreme courtThe us federal court system & supreme court
The us federal court system & supreme courtpjosephchs
 
Organization Of U.S. Court System
Organization Of U.S. Court SystemOrganization Of U.S. Court System
Organization Of U.S. Court SystemBryan Toth
 
Nuclear Arms Race
Nuclear Arms RaceNuclear Arms Race
Nuclear Arms RaceTrwolfgang
 
The Judicial Branch | The US Supreme Court
The Judicial Branch | The US Supreme CourtThe Judicial Branch | The US Supreme Court
The Judicial Branch | The US Supreme CourtAquinas College Economics Department
 
Nuclear Arms Race Power Point Project
Nuclear Arms Race Power Point ProjectNuclear Arms Race Power Point Project
Nuclear Arms Race Power Point Projecteric loper
 
The American legal system: An overview
The American legal system: An overviewThe American legal system: An overview
The American legal system: An overviewDan Kennedy
 
One Security Device to Rule Them All
One Security Device to Rule Them AllOne Security Device to Rule Them All
One Security Device to Rule Them AllInnoTech
 
GARRIE.REEVES.37.5
GARRIE.REEVES.37.5GARRIE.REEVES.37.5
GARRIE.REEVES.37.5Law & Forensics
 
Journal of Physical Security 7(1)
Journal of Physical Security 7(1)Journal of Physical Security 7(1)
Journal of Physical Security 7(1)Roger Johnston
 
cyber security and impact on national security (3)
cyber security and impact on national security (3)cyber security and impact on national security (3)
cyber security and impact on national security (3)Tughral Yamin
 
6b3de471-b100-483c-9df1-fc6afb92fb5f-151219150001.ppt
6b3de471-b100-483c-9df1-fc6afb92fb5f-151219150001.ppt6b3de471-b100-483c-9df1-fc6afb92fb5f-151219150001.ppt
6b3de471-b100-483c-9df1-fc6afb92fb5f-151219150001.pptChayaSorir
 
Stanford Business School Case Study on Chips & Science Act: Keith Krach
Stanford Business School Case Study on Chips & Science Act: Keith Krach Stanford Business School Case Study on Chips & Science Act: Keith Krach
Stanford Business School Case Study on Chips & Science Act: Keith Krach Keith Krach
 
Karen Cook: Technology Outspacing Constitution
Karen Cook: Technology Outspacing ConstitutionKaren Cook: Technology Outspacing Constitution
Karen Cook: Technology Outspacing Constitutionmerlyna
 
Why Are We Being Watched?
Why Are We Being Watched?Why Are We Being Watched?
Why Are We Being Watched?Crystal Miller
 
Cybersecurity - Overview
Cybersecurity - OverviewCybersecurity - Overview
Cybersecurity - OverviewThanuja Seneviratne
 
Faraday Cages, Marbled Palaces and Humpty Dumpty: the Reality of Internet Gov...
Faraday Cages, Marbled Palaces and Humpty Dumpty: the Reality of Internet Gov...Faraday Cages, Marbled Palaces and Humpty Dumpty: the Reality of Internet Gov...
Faraday Cages, Marbled Palaces and Humpty Dumpty: the Reality of Internet Gov...blogzilla
 
Cyber terrorism fact or fiction - 2011
Cyber terrorism fact or fiction - 2011Cyber terrorism fact or fiction - 2011
Cyber terrorism fact or fiction - 2011hassanzadeh20
 

More Related Content

Viewers also liked

arms trafficking
arms traffickingarms trafficking
arms traffickingsanju249
 
The us federal court system & supreme court
The us federal court system & supreme courtThe us federal court system & supreme court
The us federal court system & supreme courtpjosephchs
 
Organization Of U.S. Court System
Organization Of U.S. Court SystemOrganization Of U.S. Court System
Organization Of U.S. Court SystemBryan Toth
 
Nuclear Arms Race
Nuclear Arms RaceNuclear Arms Race
Nuclear Arms RaceTrwolfgang
 
Nuclear Arms Race Power Point Project
Nuclear Arms Race Power Point ProjectNuclear Arms Race Power Point Project
Nuclear Arms Race Power Point Projecteric loper
 
The American legal system: An overview
The American legal system: An overviewThe American legal system: An overview
The American legal system: An overviewDan Kennedy
 

Viewers also liked (11)

Pássaro de Fogo
Pássaro de FogoPássaro de Fogo
Pássaro de Fogo
 
Arms trade by Alvaro Ruiz
Arms trade by Alvaro RuizArms trade by Alvaro Ruiz
Arms trade by Alvaro Ruiz
 
International Business Environment - Arms Trade
International Business Environment - Arms TradeInternational Business Environment - Arms Trade
International Business Environment - Arms Trade
 
arms trafficking
arms traffickingarms trafficking
arms trafficking
 
The Arms Trade Treaty: An Industry Perspective
The Arms Trade Treaty: An Industry PerspectiveThe Arms Trade Treaty: An Industry Perspective
The Arms Trade Treaty: An Industry Perspective
 
The us federal court system & supreme court
The us federal court system & supreme courtThe us federal court system & supreme court
The us federal court system & supreme court
 
Organization Of U.S. Court System
Organization Of U.S. Court SystemOrganization Of U.S. Court System
Organization Of U.S. Court System
 
Nuclear Arms Race
Nuclear Arms RaceNuclear Arms Race
Nuclear Arms Race
 
The Judicial Branch | The US Supreme Court
The Judicial Branch | The US Supreme CourtThe Judicial Branch | The US Supreme Court
The Judicial Branch | The US Supreme Court
 
Nuclear Arms Race Power Point Project
Nuclear Arms Race Power Point ProjectNuclear Arms Race Power Point Project
Nuclear Arms Race Power Point Project
 
The American legal system: An overview
The American legal system: An overviewThe American legal system: An overview
The American legal system: An overview
 

Similar to Combating Apathy, Fatigue and Misdirection at EnergySec Summit

One Security Device to Rule Them All
One Security Device to Rule Them AllOne Security Device to Rule Them All
One Security Device to Rule Them AllInnoTech
 
Journal of Physical Security 7(1)
Journal of Physical Security 7(1)Journal of Physical Security 7(1)
Journal of Physical Security 7(1)Roger Johnston
 
cyber security and impact on national security (3)
cyber security and impact on national security (3)cyber security and impact on national security (3)
cyber security and impact on national security (3)Tughral Yamin
 
6b3de471-b100-483c-9df1-fc6afb92fb5f-151219150001.ppt
6b3de471-b100-483c-9df1-fc6afb92fb5f-151219150001.ppt6b3de471-b100-483c-9df1-fc6afb92fb5f-151219150001.ppt
6b3de471-b100-483c-9df1-fc6afb92fb5f-151219150001.pptChayaSorir
 
Stanford Business School Case Study on Chips & Science Act: Keith Krach
Stanford Business School Case Study on Chips & Science Act: Keith Krach Stanford Business School Case Study on Chips & Science Act: Keith Krach
Stanford Business School Case Study on Chips & Science Act: Keith Krach Keith Krach
 
Karen Cook: Technology Outspacing Constitution
Karen Cook: Technology Outspacing ConstitutionKaren Cook: Technology Outspacing Constitution
Karen Cook: Technology Outspacing Constitutionmerlyna
 
Why Are We Being Watched?
Why Are We Being Watched?Why Are We Being Watched?
Why Are We Being Watched?Crystal Miller
 
Faraday Cages, Marbled Palaces and Humpty Dumpty: the Reality of Internet Gov...
Faraday Cages, Marbled Palaces and Humpty Dumpty: the Reality of Internet Gov...Faraday Cages, Marbled Palaces and Humpty Dumpty: the Reality of Internet Gov...
Faraday Cages, Marbled Palaces and Humpty Dumpty: the Reality of Internet Gov...blogzilla
 
Cyber terrorism fact or fiction - 2011
Cyber terrorism fact or fiction - 2011Cyber terrorism fact or fiction - 2011
Cyber terrorism fact or fiction - 2011hassanzadeh20
 
Evolution of US Approaches to Internet Regulation
Evolution of US Approaches to Internet RegulationEvolution of US Approaches to Internet Regulation
Evolution of US Approaches to Internet RegulationInternet Law Center
 
Securityand policing2015(2.05)
Securityand policing2015(2.05)Securityand policing2015(2.05)
Securityand policing2015(2.05)guest7227c5
 
Review DNI WTAs for 2015 and 2016 (see attached). Compare and con.docx
Review DNI WTAs for 2015 and 2016 (see attached). Compare and con.docxReview DNI WTAs for 2015 and 2016 (see attached). Compare and con.docx
Review DNI WTAs for 2015 and 2016 (see attached). Compare and con.docxronak56
 
Privacy And Surveillance
Privacy And SurveillancePrivacy And Surveillance
Privacy And SurveillanceSarah Cortes
 
CST 20363 Session 6 Cybersecurity Policy
CST 20363 Session 6 Cybersecurity PolicyCST 20363 Session 6 Cybersecurity Policy
CST 20363 Session 6 Cybersecurity Policyoudesign
 
ECON 202 Written AssignmentDue April 28th Submitted through Blac
ECON 202 Written AssignmentDue April 28th Submitted through BlacECON 202 Written AssignmentDue April 28th Submitted through Blac
ECON 202 Written AssignmentDue April 28th Submitted through BlacEvonCanales257
 
News letter aug 11
News letter aug 11News letter aug 11
News letter aug 11captsbtyagi
 

Similar to Combating Apathy, Fatigue and Misdirection at EnergySec Summit (20)

One Security Device to Rule Them All
One Security Device to Rule Them AllOne Security Device to Rule Them All
One Security Device to Rule Them All
 
GARRIE.REEVES.37.5
GARRIE.REEVES.37.5GARRIE.REEVES.37.5
GARRIE.REEVES.37.5
 
Journal of Physical Security 7(1)
Journal of Physical Security 7(1)Journal of Physical Security 7(1)
Journal of Physical Security 7(1)
 
cyber security and impact on national security (3)
cyber security and impact on national security (3)cyber security and impact on national security (3)
cyber security and impact on national security (3)
 
6b3de471-b100-483c-9df1-fc6afb92fb5f-151219150001.ppt
6b3de471-b100-483c-9df1-fc6afb92fb5f-151219150001.ppt6b3de471-b100-483c-9df1-fc6afb92fb5f-151219150001.ppt
6b3de471-b100-483c-9df1-fc6afb92fb5f-151219150001.ppt
 
Stanford Business School Case Study on Chips & Science Act: Keith Krach
Stanford Business School Case Study on Chips & Science Act: Keith Krach Stanford Business School Case Study on Chips & Science Act: Keith Krach
Stanford Business School Case Study on Chips & Science Act: Keith Krach
 
Karen Cook: Technology Outspacing Constitution
Karen Cook: Technology Outspacing ConstitutionKaren Cook: Technology Outspacing Constitution
Karen Cook: Technology Outspacing Constitution
 
Why Are We Being Watched?
Why Are We Being Watched?Why Are We Being Watched?
Why Are We Being Watched?
 
Cybersecurity - Overview
Cybersecurity - OverviewCybersecurity - Overview
Cybersecurity - Overview
 
Faraday Cages, Marbled Palaces and Humpty Dumpty: the Reality of Internet Gov...
Faraday Cages, Marbled Palaces and Humpty Dumpty: the Reality of Internet Gov...Faraday Cages, Marbled Palaces and Humpty Dumpty: the Reality of Internet Gov...
Faraday Cages, Marbled Palaces and Humpty Dumpty: the Reality of Internet Gov...
 
Cyber terrorism fact or fiction - 2011
Cyber terrorism fact or fiction - 2011Cyber terrorism fact or fiction - 2011
Cyber terrorism fact or fiction - 2011
 
Evolution of US Approaches to Internet Regulation
Evolution of US Approaches to Internet RegulationEvolution of US Approaches to Internet Regulation
Evolution of US Approaches to Internet Regulation
 
Securityand policing2015(2.05)
Securityand policing2015(2.05)Securityand policing2015(2.05)
Securityand policing2015(2.05)
 
Surveillance
SurveillanceSurveillance
Surveillance
 
Review DNI WTAs for 2015 and 2016 (see attached). Compare and con.docx
Review DNI WTAs for 2015 and 2016 (see attached). Compare and con.docxReview DNI WTAs for 2015 and 2016 (see attached). Compare and con.docx
Review DNI WTAs for 2015 and 2016 (see attached). Compare and con.docx
 
IT_Cutter_Publication
IT_Cutter_PublicationIT_Cutter_Publication
IT_Cutter_Publication
 
Privacy And Surveillance
Privacy And SurveillancePrivacy And Surveillance
Privacy And Surveillance
 
CST 20363 Session 6 Cybersecurity Policy
CST 20363 Session 6 Cybersecurity PolicyCST 20363 Session 6 Cybersecurity Policy
CST 20363 Session 6 Cybersecurity Policy
 
ECON 202 Written AssignmentDue April 28th Submitted through Blac
ECON 202 Written AssignmentDue April 28th Submitted through BlacECON 202 Written AssignmentDue April 28th Submitted through Blac
ECON 202 Written AssignmentDue April 28th Submitted through Blac
 
News letter aug 11
News letter aug 11News letter aug 11
News letter aug 11
 

More from EnergySec

Gary Leatherman - A Holistic Approach for Reimagining Cyber Defense
Gary Leatherman - A Holistic Approach for Reimagining Cyber DefenseGary Leatherman - A Holistic Approach for Reimagining Cyber Defense
Gary Leatherman - A Holistic Approach for Reimagining Cyber DefenseEnergySec
 
Slide Griffin - Practical Attacks and Mitigations
Slide Griffin - Practical Attacks and MitigationsSlide Griffin - Practical Attacks and Mitigations
Slide Griffin - Practical Attacks and MitigationsEnergySec
 
Patrick Miller - Tackling Tomorrow's Biggest Cybersecurity Problems with Real...
Patrick Miller - Tackling Tomorrow's Biggest Cybersecurity Problems with Real...Patrick Miller - Tackling Tomorrow's Biggest Cybersecurity Problems with Real...
Patrick Miller - Tackling Tomorrow's Biggest Cybersecurity Problems with Real...EnergySec
 
Jack Whitsitt - Yours, Anecdotally
Jack Whitsitt - Yours, AnecdotallyJack Whitsitt - Yours, Anecdotally
Jack Whitsitt - Yours, AnecdotallyEnergySec
 
Steve Parker - The Internet of Everything: Cyber-defense in an Age of Ubiquit...
Steve Parker - The Internet of Everything: Cyber-defense in an Age of Ubiquit...Steve Parker - The Internet of Everything: Cyber-defense in an Age of Ubiquit...
Steve Parker - The Internet of Everything: Cyber-defense in an Age of Ubiquit...EnergySec
 
Daniel Lance - What "You've Got Mail" Taught Me About Cyber Security
Daniel Lance - What "You've Got Mail" Taught Me About Cyber SecurityDaniel Lance - What "You've Got Mail" Taught Me About Cyber Security
Daniel Lance - What "You've Got Mail" Taught Me About Cyber SecurityEnergySec
 
Lessons Learned For NERC CIPv5 Compliance & Configuration Change Management
Lessons Learned For NERC CIPv5 Compliance & Configuration Change ManagementLessons Learned For NERC CIPv5 Compliance & Configuration Change Management
Lessons Learned For NERC CIPv5 Compliance & Configuration Change ManagementEnergySec
 
Explore the Implicit Requirements of the NERC CIP RSAWs
Explore the Implicit Requirements of the NERC CIP RSAWsExplore the Implicit Requirements of the NERC CIP RSAWs
Explore the Implicit Requirements of the NERC CIP RSAWsEnergySec
 
Wireless Sensor Networks: Nothing is Out of Reach
Wireless Sensor Networks: Nothing is Out of ReachWireless Sensor Networks: Nothing is Out of Reach
Wireless Sensor Networks: Nothing is Out of ReachEnergySec
 
Please, Come and Hack my SCADA System!
Please, Come and Hack my SCADA System!Please, Come and Hack my SCADA System!
Please, Come and Hack my SCADA System!EnergySec
 
Unidirectional Network Architectures
Unidirectional Network ArchitecturesUnidirectional Network Architectures
Unidirectional Network ArchitecturesEnergySec
 
NERC CIP Version 5 and Beyond – Compliance and the Vendor’s Role
NERC CIP Version 5 and Beyond – Compliance and the Vendor’s RoleNERC CIP Version 5 and Beyond – Compliance and the Vendor’s Role
NERC CIP Version 5 and Beyond – Compliance and the Vendor’s RoleEnergySec
 
Industrial Technology Trajectory: Running With Scissors
Industrial Technology Trajectory: Running With ScissorsIndustrial Technology Trajectory: Running With Scissors
Industrial Technology Trajectory: Running With ScissorsEnergySec
 
The Path to Confident Compliance and the Transition to NERC CIP Version 5 – A...
The Path to Confident Compliance and the Transition to NERC CIP Version 5 – A...The Path to Confident Compliance and the Transition to NERC CIP Version 5 – A...
The Path to Confident Compliance and the Transition to NERC CIP Version 5 – A...EnergySec
 
ICS Cybersecurity: How to Protect the Proprietary Cyber Assets That Hackers C...
ICS Cybersecurity: How to Protect the Proprietary Cyber Assets That Hackers C...ICS Cybersecurity: How to Protect the Proprietary Cyber Assets That Hackers C...
ICS Cybersecurity: How to Protect the Proprietary Cyber Assets That Hackers C...EnergySec
 
Where Cyber Security Meets Operational Value
Where Cyber Security Meets Operational ValueWhere Cyber Security Meets Operational Value
Where Cyber Security Meets Operational ValueEnergySec
 
Where Are All The ICS Attacks?
Where Are All The ICS Attacks?Where Are All The ICS Attacks?
Where Are All The ICS Attacks?EnergySec
 
SAP’s Utilities Roadmap Overview, The Evolution of Regulatory Compliance and ...
SAP’s Utilities Roadmap Overview, The Evolution of Regulatory Compliance and ...SAP’s Utilities Roadmap Overview, The Evolution of Regulatory Compliance and ...
SAP’s Utilities Roadmap Overview, The Evolution of Regulatory Compliance and ...EnergySec
 
Industry Reliability and Security Standards Working Together
Industry Reliability and Security Standards Working TogetherIndustry Reliability and Security Standards Working Together
Industry Reliability and Security Standards Working TogetherEnergySec
 
What the Department of Defense and Energy Sector Can Learn from Each Other
What the Department of Defense and Energy Sector Can Learn from Each OtherWhat the Department of Defense and Energy Sector Can Learn from Each Other
What the Department of Defense and Energy Sector Can Learn from Each OtherEnergySec
 

More from EnergySec (20)

Gary Leatherman - A Holistic Approach for Reimagining Cyber Defense
Gary Leatherman - A Holistic Approach for Reimagining Cyber DefenseGary Leatherman - A Holistic Approach for Reimagining Cyber Defense
Gary Leatherman - A Holistic Approach for Reimagining Cyber Defense
 
Slide Griffin - Practical Attacks and Mitigations
Slide Griffin - Practical Attacks and MitigationsSlide Griffin - Practical Attacks and Mitigations
Slide Griffin - Practical Attacks and Mitigations
 
Patrick Miller - Tackling Tomorrow's Biggest Cybersecurity Problems with Real...
Patrick Miller - Tackling Tomorrow's Biggest Cybersecurity Problems with Real...Patrick Miller - Tackling Tomorrow's Biggest Cybersecurity Problems with Real...
Patrick Miller - Tackling Tomorrow's Biggest Cybersecurity Problems with Real...
 
Jack Whitsitt - Yours, Anecdotally
Jack Whitsitt - Yours, AnecdotallyJack Whitsitt - Yours, Anecdotally
Jack Whitsitt - Yours, Anecdotally
 
Steve Parker - The Internet of Everything: Cyber-defense in an Age of Ubiquit...
Steve Parker - The Internet of Everything: Cyber-defense in an Age of Ubiquit...Steve Parker - The Internet of Everything: Cyber-defense in an Age of Ubiquit...
Steve Parker - The Internet of Everything: Cyber-defense in an Age of Ubiquit...
 
Daniel Lance - What "You've Got Mail" Taught Me About Cyber Security
Daniel Lance - What "You've Got Mail" Taught Me About Cyber SecurityDaniel Lance - What "You've Got Mail" Taught Me About Cyber Security
Daniel Lance - What "You've Got Mail" Taught Me About Cyber Security
 
Lessons Learned For NERC CIPv5 Compliance & Configuration Change Management
Lessons Learned For NERC CIPv5 Compliance & Configuration Change ManagementLessons Learned For NERC CIPv5 Compliance & Configuration Change Management
Lessons Learned For NERC CIPv5 Compliance & Configuration Change Management
 
Explore the Implicit Requirements of the NERC CIP RSAWs
Explore the Implicit Requirements of the NERC CIP RSAWsExplore the Implicit Requirements of the NERC CIP RSAWs
Explore the Implicit Requirements of the NERC CIP RSAWs
 
Wireless Sensor Networks: Nothing is Out of Reach
Wireless Sensor Networks: Nothing is Out of ReachWireless Sensor Networks: Nothing is Out of Reach
Wireless Sensor Networks: Nothing is Out of Reach
 
Please, Come and Hack my SCADA System!
Please, Come and Hack my SCADA System!Please, Come and Hack my SCADA System!
Please, Come and Hack my SCADA System!
 
Unidirectional Network Architectures
Unidirectional Network ArchitecturesUnidirectional Network Architectures
Unidirectional Network Architectures
 
NERC CIP Version 5 and Beyond – Compliance and the Vendor’s Role
NERC CIP Version 5 and Beyond – Compliance and the Vendor’s RoleNERC CIP Version 5 and Beyond – Compliance and the Vendor’s Role
NERC CIP Version 5 and Beyond – Compliance and the Vendor’s Role
 
Industrial Technology Trajectory: Running With Scissors
Industrial Technology Trajectory: Running With ScissorsIndustrial Technology Trajectory: Running With Scissors
Industrial Technology Trajectory: Running With Scissors
 
The Path to Confident Compliance and the Transition to NERC CIP Version 5 – A...
The Path to Confident Compliance and the Transition to NERC CIP Version 5 – A...The Path to Confident Compliance and the Transition to NERC CIP Version 5 – A...
The Path to Confident Compliance and the Transition to NERC CIP Version 5 – A...
 
ICS Cybersecurity: How to Protect the Proprietary Cyber Assets That Hackers C...
ICS Cybersecurity: How to Protect the Proprietary Cyber Assets That Hackers C...ICS Cybersecurity: How to Protect the Proprietary Cyber Assets That Hackers C...
ICS Cybersecurity: How to Protect the Proprietary Cyber Assets That Hackers C...
 
Where Cyber Security Meets Operational Value
Where Cyber Security Meets Operational ValueWhere Cyber Security Meets Operational Value
Where Cyber Security Meets Operational Value
 
Where Are All The ICS Attacks?
Where Are All The ICS Attacks?Where Are All The ICS Attacks?
Where Are All The ICS Attacks?
 
SAP’s Utilities Roadmap Overview, The Evolution of Regulatory Compliance and ...
SAP’s Utilities Roadmap Overview, The Evolution of Regulatory Compliance and ...SAP’s Utilities Roadmap Overview, The Evolution of Regulatory Compliance and ...
SAP’s Utilities Roadmap Overview, The Evolution of Regulatory Compliance and ...
 
Industry Reliability and Security Standards Working Together
Industry Reliability and Security Standards Working TogetherIndustry Reliability and Security Standards Working Together
Industry Reliability and Security Standards Working Together
 
What the Department of Defense and Energy Sector Can Learn from Each Other
What the Department of Defense and Energy Sector Can Learn from Each OtherWhat the Department of Defense and Energy Sector Can Learn from Each Other
What the Department of Defense and Energy Sector Can Learn from Each Other
 

Recently uploaded

Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAndikSusilo4
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?XfilesPro
 

Recently uploaded (20)

Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & Application
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?
 

Combating Apathy, Fatigue and Misdirection at EnergySec Summit

  • 1. Call to Arms: Combating Apathy, Fatigue and Misdirection 8th Annual EnergySec Summit World Trade Center Portland, OR September 25 2012
  • 2. Threat Picture Intelligent, adaptive adversaries exist. They don’t follow the rules or compliance checklists. They have people, money and time. But… They sky isn’t falling. The$Na'onal$Electric$Sector$Cybersecurity$Organiza'on$(NESCO)$is$operated$by$EnergySec$ 9/26/12" with$funding$assistance$from$the$U.S.$Department$of$Energy$ 2"
  • 3. Technology Picture !  Emergent intelligence !  A new digital world order !  Hyper-connectivity !  Hyper-embeddedness !  Hyper-temporality !  Vulnerabilities abound !  Bolt-ons are imperfect & complex The$Na'onal$Electric$Sector$Cybersecurity$Organiza'on$(NESCO)$is$operated$by$EnergySec$ 9/26/12" with$funding$assistance$from$the$U.S.$Department$of$Energy$ 3"
  • 4. Cybersecurity Picture !  Research, espionage, organized crime, cyber/info warfare !  Data is money !  Nation state quality defense is the new norm !  Isolation is extremely difficult !  Cyber-kinetic impacts !  Engineering vs. Security The$Na'onal$Electric$Sector$Cybersecurity$Organiza'on$(NESCO)$is$operated$by$EnergySec$ 9/26/12" with$funding$assistance$from$the$U.S.$Department$of$Energy$ 4"
  • 5. Small Is The New Big !  Cyber attacks don’t care about distance or size !  It’s all about connectivity !  Hacker’s are typically lazy, except when they’re not !  Attribution and obfuscation !  Stepping stones
  • 6. Legislative/Regulatory Picture !  Hyperbole, FUD and politics !  Fear the auditor more than attacker !  “Comprehensive” !  Smart Grid security/interoperability !  Data breach disclosure !  Intelligent islanding !  Federal turf wars over critical infrastructure cybersecurity !  Regulatory landscape shift The$Na'onal$Electric$Sector$Cybersecurity$Organiza'on$(NESCO)$is$operated$by$EnergySec$ 9/26/12" with$funding$assistance$from$the$U.S.$Department$of$Energy$ 6"
  • 7. Regulation vs. Attitude !  Regulation is easy, until it isn’t –  Toaster to turbine –  Party politics –  Fed vs Fed, Fed vs State vs Local… –  Overlap, cost and fatigue !  Adversaries will always innovate faster than legislative process !  You can prescribe action, but not attitude The$Na'onal$Electric$Sector$Cybersecurity$Organiza'on$(NESCO)$is$operated$by$EnergySec$ 9/26/12" with$funding$assistance$from$the$U.S.$Department$of$Energy$ 7"
  • 8. Cybersecurity Law !  Posse Comitatus Act, 18 U.S.C. §1385 !  Antitrust Laws !  Sherman Antitrus Act, 15 U.S.C. §§1-7 !  Wilson Tariff Act 15, U.S.C. §§8-11 !  Clayton Act §5 of the Federal Trade Commission (FTC), 15 U.S.C. §§12-27 !  Clayton Act §5 of the Federal Trade Commission (FTC), 15 U.S.C. §45(a) !  National Institute of Standards and Technology (NIST), Act (p. 13) 15 U.S.C. §271 !  Radio Act of 1912 !  Federal Power Act (p. 13), 16 U.S.C. §791a et seq., §824 et seq. !  Radio Act of 1927 !  Communications Act of 1934 (p.14), 47 U.S.C. §151 et seq. !  National Security Act of 1947 (p. 15), 50 U.S.C. §401 et seq. !  US Information and Educational Exchange Act of 1948 (Smith-Mundt Act) (p. 15), 22 U.S.C. §1431 et seq. !  Defense Production Act of 1950, 50 U.S.C. App. §2061 et seq. !  State Department Basic Authorities Act of 1956 (p. 17), 22 U.S.C. §2651a !  Brooks Automatic Data Processing Act !  Freedom of Information Act (FOIA) (p. 17), 5 U.S.C. §552 !  Omnibus Crime Control and Safe Streets Act of 1968 (p. 19), 42 U.S.C. Chapter 46, §§3701 to 3797ee-1 !  Racketeer Influenced and Corrupt Organizations Act (RICO) (p. 19), 18 U.S.C. Chapter 96, §§1961-1968 !  Federal Advisory Committee Act (p. 20), 5 U.S.C. App., §§1-16 !  War Powers Resolution, 50 U.S.C. Chapter 33, §§1541-1548. !  Privacy Act of 1974 (p. 20), 5 U.S.C. §552a !  Foreign Intelligence Surveillance Act of 1978 (FISA), 18 U.S.C. §§2511, 2518-9, !  Foreign Intelligence Surveillance Act of 1978 (FISA), 50 U.S.C. Chapter 36, §§1801-1885c !  Privacy Protection Act of 1980, 42 U.S.C. Chapter 21A, §§2000aa-5 to 2000aa-12 !  Counterfeit Access Device and Computer Fraud and Abuse Act of 1984 (p. 21), 18 U.S.C. §1030 !  Computer Fraud and Abuse Act of 1986, 18 U.S.C. §1030 !  Electronic Communications Privacy Act of 1986 (ECPA) (p. 22), 18 U.S.C. §§2510- 2522, 2701-2712, 3121-3126 !  Department of Defense Appropriations Act, 1987 (p. 24), 10 U.S.C. §167 !  Computer Security Act of 1987, 15 U.S.C. §§272, 278g-3, 278g-4, 278h !  Computer Matching and Privacy Protection Act of 1988, 5 U.S.C. §552a !  High Performance Computing Act of 1991 (p. 24), 15 U.S.C. Chapter 81 !  Communications Assistance for Law Enforcement Act (CALEA) of 1994 (p. 26), 47 U.S.C. §1001 et seq. !  Source: Federal Laws Relating to Cybersecurity: Discussion of Proposed Revisions, Eric A. Fischer, Senior Specialist in Science and Technology December 22, 2011 The$Na'onal$Electric$Sector$Cybersecurity$Organiza'on$(NESCO)$is$operated$by$EnergySec$ 9/26/12" with$funding$assistance$from$the$U.S.$Department$of$Energy$ 8"
  • 9. Cybersecurity Law !  Paperwork Reduction Act of 1995, 44 U.S.C. Chapter 35, §§3501-3549 !  Telecommunications Act of 1996, 47 U.S.C. §609 !  Communications Decency Act of 1996 (p. 27), 47 U.S.C. §§223, 230 !  Clinger-Cohen Act (Information Technology Management Reform Act) of 1996) (p. 28), 40 U.S.C. §11001 et seq. !  Health Insurance Portability and Accountability Act of 1996 (HIPAA), 42 U.S.C. §1320d et seq. !  Economic Espionage Act of 1996, 18 U.S.C. §1030, Chapter 90, §§1831-1839 !  Identity Theft and Assumption Deterrence Act of 1998 (p. 29), 18 U.S.C. §1028 !  National Defense Authorization Act for Fiscal Year 200, 10 U.S.C. §2224 !  Gramm-Leach-Bliley Act of 1999, 15 U.S.C. Chapter 94, §§6801-6827 !  USA PATRIOT Act of 2001, 18 U.S.C. §1 !  Sarbanes-Oxley Act of 2002, 15 U.S.C. §7262 !  Homeland Security Act of 2002 (HSA) (p. 30), 6 U.S.C. §§121-195c, 441-444, and 481-486 !  Federal Information Security Management Act of 2002 (FISMA) (p. 32), 44 U. S. C. Chapter 35, Subchapters II and III, 40 U.S.C. 11331, 15 U.S.C. 278g-3 & 4 !  Terrorism Risk Insurance Act of 2002 (p. 34), 15 U.S.C. §6701 nt. !  Cyber Security Research and Development Act, 2002 (p. 34), 15 U.S.C. §§278g, h, 7401 et seq. !  E-Government Act of 2002 (p. 36), 5 U.S.C. Chapter 37, 44 U.S.C. §3501 nt.., Chapter 35, Subchapter 2, and Chapter 36 !  Fair and Accurate Credit T ransactions Act of 2003, 15 U.S.C. §1601 !  Controlling the Assault of Non-Solicited Pornography and Marketing (CAN-SPAM) Act of 2003, 15 U.S.C. Chapter 103, §§7701-7713, 18 U.S.C. 1037 !  Identity Theft Penalty Enhancement Act 2004 (p. 37), 18 U.S.C. §§1028, 1028A !  Intelligence Reform and Terrorism Prevention Act of 2004 (IRPTA) (p. 38), 42 U.S. C. §2000ee, 50 U.S.C. §403-1 et seq. , §403-3 et seq. , §404o et. seq. !  Energy Policy Act of 2005 (EPACT), 16 U.S.C. 824o !  Department of Homeland Security Appropriations Act, 2007, 6 U.S.C. §121 nt. !  Protect America Act of 2007, 50 U.S.C. §1801 nt. !  Energy Independence and Security Act of 2007 (EISA), 42 U.S.C. §§17381- 17385 !  Foreign Intelligence Surveillance Act of 1978 [FISA] Amendments Act of 2008, 50 U.S.C. §1801 !  Identity Theft Enforcement and Restitution Act of 2008, 18 U.S.C. §1030 !  Health Information Technology for Economic and Clinical Health Act, 42 U.S.C. §17901 et seq. !  Source: Federal Laws Relating to Cybersecurity: Discussion of Proposed Revisions, Eric A. Fischer, Senior Specialist in Science and Technology December 22, 2011 “…security is an art – and you cannot legislate art.” Comment by Deputy Assistant Director, US DOE The$Na'onal$Electric$Sector$Cybersecurity$Organiza'on$(NESCO)$is$operated$by$EnergySec$ 9/26/12" with$funding$assistance$from$the$U.S.$Department$of$Energy$ 9"
  • 10. Do The Right Thing !  “Why don’t they just do the right thing?” –  Comment by House Homeland Security Committee staffer, 2009 !  Dozens of Congressional hearings !  Roughly 150 bills since 2009 !  Executive Order being considered !  No closer to defining what the “right thing” is The$Na'onal$Electric$Sector$Cybersecurity$Organiza'on$(NESCO)$is$operated$by$EnergySec$ 9/26/12" with$funding$assistance$from$the$U.S.$Department$of$Energy$ 10"
  • 11. Compliance vs. Security The$Na'onal$Electric$Sector$Cybersecurity$Organiza'on$(NESCO)$is$operated$by$EnergySec$ 9/26/12" with$funding$assistance$from$the$U.S.$Department$of$Energy$ 11"
  • 12. Compliance vs. Security !  “I had a nightmare last night. My entire security team had been converted to compliance staff!” –  Comment by former security manager for large U.S. investor owned utility !  Culture of compliance may not be a good thing !  Compliance can both help and hurt security !  There is a point where security and compliance meet – it isn’t always easy to find but it is the best approach toward spending/resourcing The$Na'onal$Electric$Sector$Cybersecurity$Organiza'on$(NESCO)$is$operated$by$EnergySec$ 9/26/12" with$funding$assistance$from$the$U.S.$Department$of$Energy$ 12"
  • 13. Sector Spotlight !  Electric sector (SCADA) = new shiny object !  TV, movies, media, blogosphere, Twitter !  Armchair experts and hyperbole !  Other critical infrastructures, nation states !  Smart Grid fever will drive more attention !  The mania will intensify in the near term !  Very little actuarial data to form risk models The$Na'onal$Electric$Sector$Cybersecurity$Organiza'on$(NESCO)$is$operated$by$EnergySec$ 9/26/12" with$funding$assistance$from$the$U.S.$Department$of$Energy$ 13"
  • 14. Resources Are Scarce !  Not enough qualified security pros available !  Very complex range of skills needed to match operational technologies, security tools and business (compliance) risk !  Active “cannibalization” of talent within sector !  Few qualified auditors and consultants !  Artificial demand in market increases costs The$Na'onal$Electric$Sector$Cybersecurity$Organiza'on$(NESCO)$is$operated$by$EnergySec$ 9/26/12" with$funding$assistance$from$the$U.S.$Department$of$Energy$ 14"
  • 15. Vendor Relationships !  Most vendors put features first, security second !  ARRA and other “green/clean” dollars are fueling corporate consumerism !  You are being given old technology as new and new technology that hasn’t been tested !  Interoperability standards, SCADA Procurement Language, code reviews, etc !  100% secure does not and will not exist !  Security testing in FAT, and again in SAT !  Vulnerability disclosure ripple effect The$Na'onal$Electric$Sector$Cybersecurity$Organiza'on$(NESCO)$is$operated$by$EnergySec$ 9/26/12" with$funding$assistance$from$the$U.S.$Department$of$Energy$ 15"
  • 16. Negative Perceptions !  Too many cases of lowering security to achieve strict compliance to NERC CIP standards – while possibly [potentially] reducing reliability !  Too few Critical Assets and Critical Cyber Assets !  CIPS is more about accountability than security !  Future changes to CIPS are slow and inadequate !  Virtually no change in over 6 years !  Industry is actively trying to minimize and stall !  CIP Version 5 has one more “round” - or else… The$Na'onal$Electric$Sector$Cybersecurity$Organiza'on$(NESCO)$is$operated$by$EnergySec$ 9/26/12" with$funding$assistance$from$the$U.S.$Department$of$Energy$ 16"
  • 17. Regulation Will Get Muddy !  Accountability baseline still forming !  Consensus is not possible; ANSI flaws !  Region/NERC/FERC relationship is unstable !  Data breach laws are coming !  Overlapping regulations (SOX, PCI, CFATS, MTSA, Pipeline Safety, NRC…) !  Heavy politics attached to grid security !  Who’s got the cybersecurity authority today? The$Na'onal$Electric$Sector$Cybersecurity$Organiza'on$(NESCO)$is$operated$by$EnergySec$ 9/26/12" with$funding$assistance$from$the$U.S.$Department$of$Energy$ 17"
  • 18. Recommendations !  Realize that you are a target; act accordingly !  Prepare for the spotlight and microscope !  Build a compliance program that can embrace any regulatory regime – even DHS (think TSA) !  CIPS is only the beginning, expect more !  Don’t wait for the next regulation to get started implementing controls The$Na'onal$Electric$Sector$Cybersecurity$Organiza'on$(NESCO)$is$operated$by$EnergySec$ 9/26/12" with$funding$assistance$from$the$U.S.$Department$of$Energy$ 18"
  • 19. Recommendations !  Start with an evaluation of risk and capability !  Adopt a risk management framework !  Automate compliance from sound business process, but don’t under-resource –  Security technology requires humans !  Consider continuous monitoring approach !  Manage like other risks in portfolio !  Communication is key; customers, stakeholders The$Na'onal$Electric$Sector$Cybersecurity$Organiza'on$(NESCO)$is$operated$by$EnergySec$ 9/26/12" with$funding$assistance$from$the$U.S.$Department$of$Energy$ 19"
  • 20. EnergySec Needs You !  Volunteer programs –  Tactical Analysis Center –  Best Practices Repository –  Community-driven efforts (Working Groups, task force, whitepapers, etc) !  Financial support –  NESCO must be sustained by industry –  TAC subscriptions –  Organizational or individual membership –  Donations/sponsorships The$Na'onal$Electric$Sector$Cybersecurity$Organiza'on$(NESCO)$is$operated$by$EnergySec$ 9/26/12" with$funding$assistance$from$the$U.S.$Department$of$Energy$ 20"
  • 21. Break The Mold “You cannot solve a problem from the same consciousness that created it. You must learn to see the world anew.” - Albert Einstein The$Na'onal$Electric$Sector$Cybersecurity$Organiza'on$(NESCO)$is$operated$by$EnergySec$ 9/26/12" with$funding$assistance$from$the$U.S.$Department$of$Energy$ 21"
  • 22. Questions Patrick C Miller President & CEO patrick.miller@energysec.org 503.272.1414) @patrickcmiller (twitter) www.energysec.org The$Na'onal$Electric$Sector$Cybersecurity$Organiza'on$(NESCO)$is$operated$by$EnergySec$ 9/26/12" with$funding$assistance$from$the$U.S.$Department$of$Energy$ 22"