SlideShare una empresa de Scribd logo

Regulators’ Role in Smart Grid Security: What They Want to Know by Alan Rivaldo Public Utility Commission of Texas

Descargar como PPTX, PDF
T
TheAnfieldGroup
TecnologíaEmpresariales
1 de 29
Alan Rivaldo Public Utility Commission of Texas Regulators’ Role in Smart Grid Security What They Want to Know
BACKGROUND • Utilities are typically monopolies and therefore are highly regulated. • Unlike with most other stock investments, for the most part utility investors are guaranteed a certain rate of return on their investment. • Any capital investments made by utilities are ultimately paid by ratepayers… their customers. 2
CUSTOMERS AND REGULATORS • Therefore, customers need to know what they are getting and how much they’re paying for it. • Customers are typically disengaged from the process (at least beyond the bottom line on their utility bill). • Regulators are the ones who are charged with knowing about the capital expenditures made by utilities. 3
RATE CASES • Utilities recapture capital investments through rate cases • Rate cases are conducted in open hearings • This process is nothing new: ~100 years • Any infrastructure: • Water and Wastewater • Electric service 4
WHAT IS NEW? • In past few years, commissions became aware of cybersecurity as a pressing issue. • Unfortunately, some awareness has come in the form of alarmist reports in the media: • Mass outages • Chaos • Imminent take-overs by foreign governments 5
WHAT’S NOT SO NEW? • Risk that legislatures may overreact • Try to pass “comprehensive bills” that may: • Cause unintended consequences • Impede meaningful progress • Interfere with commission direction • Classic conflict: legislative vs. executive 6
THE CHALLENGE • Utilities have difficulties finding qualified, knowledgeable staff for energy operations. • Commissions are in the same position; engineers have to be recruited from an industry in which there traditionally hasn’t been much turnover. 7
THE CHALLENGE (CONT.) • States’ budgets are being cut • Recruiting from industry and the private sector is a challenge • PUC staff knowledge limited to conventional energy operations technologies • Electromechanical devices • Not advanced, data-intensive technologies 8
WHAT TO DO? • Commissions train existing staff • Hire new people to ask intelligent questions of: • Utilities • Vendors • Staff within the agency • Ponder implications of technology on policy • Ponder implications of policy on technology 9
ASK UTILITIES QUESTIONS: STRATEGY • What is your security strategy? • Update your security plans? How often? • Test your plans? • Have you conducted vulnerability assessment of: • Back Office information systems? • Control Systems? 10
ASK UTILITIES QUESTIONS: RISK • How do you manage risk? • Use a Risk Management process? • How was it derived? • From DOE/NIST/NERC or some other authority? 11
QUESTIONS: UTILITY ENGAGEMENT • Have you worked with Department of Homeland Security regarding cybersecurity? • Aware of… work with… • DHS National Cyber Security Division (NCSD)? • US-CERT? ICS-CERT? etc. • NESCO (National Electric Sector Cybersecurity Organization) • Law Enforcement, i.e. Fusion centers • Local chapter of InfraGard (FBI public private partnership)? • DOE, SANS, others? 12
NERC CIP • We may ask about NERC CIP… • Not necessarily the utility’s status • NERC CIP is outside of a state’s jurisdiction • No double reporting or “double jeopardy” • NERC CIP compliance is only marginally interesting to state regulators. We care more about distribution: SAIDI and SAIFI • Upstream cybersecurity issues may have an impact upon SAIDI and SAIFI 13
NERC CIP (CONT.) • NERC CIP is compliance-based. Commissions are compliance-focused out of tradition, but… • Compliance doesn’t ensure security. • Cybersecurity isn’t about checking boxes on a form. • “Hackers don’t have checklists” • Folks at utilities: Trying to get their CIP compliance paperwork in order to satisfy some NERC auditor • Hackers: Working diligently to upset the apple cart 14
LESSONS FROM NERC CIP • PUCs are more interested in knowing how many resources a utility has tied up in doing NERC CIP compliance paperwork • Is NERC CIP compliance a value-added activity? • Compliance puts a utility only on the ground floor of security • Compliance doesn’t set a ceiling • Compliance makes security people contemplate the roof 15
LESSONS FROM NERC CIP • Utilities have to graduate beyond compliance • Utilities should have compliance mastered by now, right? • Utilities must find their way up the stairs to a higher floor in the building • Compliance mindset vs. Security 16
PERSONNEL • What kind of people do you have? • Individuals specifically assigned cybersecurity responsibility? • IT staff responsible for cybersecurity in energy operations? • Does energy operations have its own security staff? • What kind of training and experience does cybersecurity staff have? • Engaged in cybersecurity standards activities of: • NIST SGIP Cybersecurity Working Group? • NESCOR, UCAIug, NERC, etc.? 17
PERSONNEL / VENDORS • What background checking is performed for those with access to key cyber components? • Vendors and other third-parties that have access to key cyber systems • How are they vetted? How do you screen who has access to your systems? A lot of support comes from vendors and integrators. 18
CAPITAL EXPENDITURES • Review: Commissions are tasked with approving surcharges in rate cases so that utilities can recoup the costs they have incurred by making capital expenditures on the infrastructure. • Is the equipment a utility buys robust when it comes to security? Will it continue to be robust in the future? • Traditional equipment lifetime is as long as 40 years. 19
CAPITAL EXPENDITURES • Moving toward new paradigm • May call for more regular replacements of infrastructure components • Precedents: IT and mobile phone infrastructures • Will no longer be in terms of multiple decades • But anticipated replacement cycle won’t be as brisk as mobile phone infrastructure 20
CAPITAL EXPENDITURES • Prefer not to have to replace devices at all • Hope/wish replacement won’t be for reasons of security • Smart Grid continues to evolve • More palatable reasons for replacement: • Expanded functionality • Larger quantity of data • Higher data rates 21
CAPITAL EXPENDITURES/VENDORS • Regulators want assurance that: • Proposed investments are prudent • Solutions are cost effective • Firms hired by utilities are: • Capable • Reliable • Understand their ultimate responsibilities 22
CAPITAL EXPENDITURES/VENDORS • Regulators want utilities to: • Do their due diligence when securing their infrastructure • Prove it • Hold their vendors accountable for doing their part • Everyone plays a role in security, and everyone should be accountable for holding up their end of the bargain. 23
VENDORS • Regulators… and therefore the utilities… want: • To know that products and processes are secure • From concept to design to manufacture to deployment to support in the form of issuing of firmware updates, to the eventual decommissioning of these devices and systems. 24
VENDORS AND UTILITIES Concept/ Specification Design/ Development Integration Deployment Operation Product Suppliers System Integrators Realms of Security Assurance Utilities Maintenance S.I. V 25
VENDORS’ ROLE • Third-party assessment of products - proof • Installation of products - field testing of configured, deployed infrastructure • Deliver what was promised • Anything that touches or comes near a device is doing what it’s supposed to do • Maintain integrity of the data • Without latency 26
UTILITY’S RESPONSIBILITIES • Ensure the safe and secure delivery of energy and energy-related data • Maintain the accuracy of the data being transmitted • Ensure data is handled with care • Secure • Policies in place and followed • Ensure customer privacy 27
REVIEW • Commissions take a look at the numbers – we want to see what the public is… or will be… paying for. • If incorporating security costs a little bit more upfront, then that should be reflected in the numbers and filed in the rate case – preferably itemized, if possible. • At the same time, costs must be reasonable and reflect whatever level of risk is acceptable. 28
REVIEW AND CONCLUSION • We must accept that risk is inevitable and cannot be completely eliminated – only mitigated to an acceptable level. • Risk is difficult to calculate, but commissions want to know how you made your determinations; make us a part of the process. • We all play a role in security. 29

Recomendados

Technologies for Security and Compliance by Ken McIntyre, Ercot
Technologies for Security and Compliance by Ken McIntyre, ErcotTechnologies for Security and Compliance by Ken McIntyre, Ercot
Technologies for Security and Compliance by Ken McIntyre, ErcotTheAnfieldGroup
 
Integration of Technology & Compliance Presented by John Heintz, CPS Energy
Integration of Technology & Compliance Presented by John Heintz, CPS EnergyIntegration of Technology & Compliance Presented by John Heintz, CPS Energy
Integration of Technology & Compliance Presented by John Heintz, CPS Energystacybre
 
David Knox: How do we Protect our Systems and Meet Compliance in a Rapidly Ch...
David Knox: How do we Protect our Systems and Meet Compliance in a Rapidly Ch...David Knox: How do we Protect our Systems and Meet Compliance in a Rapidly Ch...
David Knox: How do we Protect our Systems and Meet Compliance in a Rapidly Ch...Government Technology and Services Coalition
 
Robert Carey, Principal Deputy CIO, DOD Insight session
Robert Carey, Principal Deputy CIO, DOD Insight sessionRobert Carey, Principal Deputy CIO, DOD Insight session
Robert Carey, Principal Deputy CIO, DOD Insight sessionGovernment Technology and Services Coalition
 
Essential Power Case Study: Protecting Critical Infrastructure From Cyber Att...
Essential Power Case Study: Protecting Critical Infrastructure From Cyber Att...Essential Power Case Study: Protecting Critical Infrastructure From Cyber Att...
Essential Power Case Study: Protecting Critical Infrastructure From Cyber Att...EnergySec
 
Multi-Cloud, Multi-Network Cyber Awareness, Monitoring and Management by Fran...
Multi-Cloud, Multi-Network Cyber Awareness, Monitoring and Management by Fran...Multi-Cloud, Multi-Network Cyber Awareness, Monitoring and Management by Fran...
Multi-Cloud, Multi-Network Cyber Awareness, Monitoring and Management by Fran...TheAnfieldGroup
 
Dr. Jim Murray: How do we Protect our Systems and Meet Compliance in a Rapidl...
Dr. Jim Murray: How do we Protect our Systems and Meet Compliance in a Rapidl...Dr. Jim Murray: How do we Protect our Systems and Meet Compliance in a Rapidl...
Dr. Jim Murray: How do we Protect our Systems and Meet Compliance in a Rapidl...Government Technology and Services Coalition
 
Designing a security policy to protect your automation solution
Designing a security policy to protect your automation solutionDesigning a security policy to protect your automation solution
Designing a security policy to protect your automation solutionSchneider Electric India
 

Recomendados

Technologies for Security and Compliance by Ken McIntyre, Ercot
Technologies for Security and Compliance by Ken McIntyre, ErcotTechnologies for Security and Compliance by Ken McIntyre, Ercot
Technologies for Security and Compliance by Ken McIntyre, ErcotTheAnfieldGroup
 
Integration of Technology & Compliance Presented by John Heintz, CPS Energy
Integration of Technology & Compliance Presented by John Heintz, CPS EnergyIntegration of Technology & Compliance Presented by John Heintz, CPS Energy
Integration of Technology & Compliance Presented by John Heintz, CPS Energystacybre
 
David Knox: How do we Protect our Systems and Meet Compliance in a Rapidly Ch...
David Knox: How do we Protect our Systems and Meet Compliance in a Rapidly Ch...David Knox: How do we Protect our Systems and Meet Compliance in a Rapidly Ch...
David Knox: How do we Protect our Systems and Meet Compliance in a Rapidly Ch...Government Technology and Services Coalition
 
Robert Carey, Principal Deputy CIO, DOD Insight session
Robert Carey, Principal Deputy CIO, DOD Insight sessionRobert Carey, Principal Deputy CIO, DOD Insight session
Robert Carey, Principal Deputy CIO, DOD Insight sessionGovernment Technology and Services Coalition
 
Essential Power Case Study: Protecting Critical Infrastructure From Cyber Att...
Essential Power Case Study: Protecting Critical Infrastructure From Cyber Att...Essential Power Case Study: Protecting Critical Infrastructure From Cyber Att...
Essential Power Case Study: Protecting Critical Infrastructure From Cyber Att...EnergySec
 
Multi-Cloud, Multi-Network Cyber Awareness, Monitoring and Management by Fran...
Multi-Cloud, Multi-Network Cyber Awareness, Monitoring and Management by Fran...Multi-Cloud, Multi-Network Cyber Awareness, Monitoring and Management by Fran...
Multi-Cloud, Multi-Network Cyber Awareness, Monitoring and Management by Fran...TheAnfieldGroup
 
Dr. Jim Murray: How do we Protect our Systems and Meet Compliance in a Rapidl...
Dr. Jim Murray: How do we Protect our Systems and Meet Compliance in a Rapidl...Dr. Jim Murray: How do we Protect our Systems and Meet Compliance in a Rapidl...
Dr. Jim Murray: How do we Protect our Systems and Meet Compliance in a Rapidl...Government Technology and Services Coalition
 
Designing a security policy to protect your automation solution
Designing a security policy to protect your automation solutionDesigning a security policy to protect your automation solution
Designing a security policy to protect your automation solutionSchneider Electric India
 
Critical Infrastructure Security by Subodh Belgi
Critical Infrastructure Security by Subodh BelgiCritical Infrastructure Security by Subodh Belgi
Critical Infrastructure Security by Subodh BelgiClubHack
 
Full Cybersecurity Regulations Overview for DoD Prime and Subcontractors
Full Cybersecurity Regulations Overview for DoD Prime and SubcontractorsFull Cybersecurity Regulations Overview for DoD Prime and Subcontractors
Full Cybersecurity Regulations Overview for DoD Prime and SubcontractorsIgnyte Assurance Platform
 
Exploring the Digital Oilfield 2016
Exploring the Digital Oilfield 2016Exploring the Digital Oilfield 2016
Exploring the Digital Oilfield 2016Inductive Automation
 
Institute of Internal Auditors Presentation 2014
Institute of Internal Auditors Presentation 2014Institute of Internal Auditors Presentation 2014
Institute of Internal Auditors Presentation 2014Brian T. O'Hara CISA, CISM, CRISC, CCSP, CISSP
 
Zones IoT Substation Protection and Security Solution NERC CIPv5-014 Overview...
Zones IoT Substation Protection and Security Solution NERC CIPv5-014 Overview...Zones IoT Substation Protection and Security Solution NERC CIPv5-014 Overview...
Zones IoT Substation Protection and Security Solution NERC CIPv5-014 Overview...David Sidhu
 
T063500000200201 ppte
T063500000200201 ppteT063500000200201 ppte
T063500000200201 ppteyasinalimohammed
 
Securing Networked Infrastructure for the Energy Sector
Securing Networked Infrastructure for the Energy SectorSecuring Networked Infrastructure for the Energy Sector
Securing Networked Infrastructure for the Energy SectorSmart Grid Interoperability Panel
 
Critical Infrastructure and Security
Critical Infrastructure and SecurityCritical Infrastructure and Security
Critical Infrastructure and SecurityCan Demirel
 
How to Comply with NIST 800-171
How to Comply with NIST 800-171How to Comply with NIST 800-171
How to Comply with NIST 800-171Corserva
 
Critical Infrastructure Security Talk At Null Bangalore 13 Feb 2010 Sundar N
Critical Infrastructure Security Talk At Null Bangalore 13 Feb 2010 Sundar NCritical Infrastructure Security Talk At Null Bangalore 13 Feb 2010 Sundar N
Critical Infrastructure Security Talk At Null Bangalore 13 Feb 2010 Sundar Nnull The Open Security Community
 
Helping Utilities with Cybersecurity Preparedness: The C2M2
Helping Utilities with Cybersecurity Preparedness: The C2M2Helping Utilities with Cybersecurity Preparedness: The C2M2
Helping Utilities with Cybersecurity Preparedness: The C2M2Smart Grid Interoperability Panel
 
ASIS Presentation_07112013
ASIS Presentation_07112013ASIS Presentation_07112013
ASIS Presentation_07112013Daniel Kelly, PSP
 
Practical Approaches to Securely Integrating Business and Production
Practical Approaches to Securely Integrating Business and ProductionPractical Approaches to Securely Integrating Business and Production
Practical Approaches to Securely Integrating Business and ProductionJim Gilsinn
 
Capturing Data and Improving Outcomes for Humans and Machines Using the Inter...
Capturing Data and Improving Outcomes for Humans and Machines Using the Inter...Capturing Data and Improving Outcomes for Humans and Machines Using the Inter...
Capturing Data and Improving Outcomes for Humans and Machines Using the Inter...Altoros
 
Industrial Cybersecurity: Practical Tips for IT & OT Collaboration
Industrial Cybersecurity: Practical Tips for IT & OT CollaborationIndustrial Cybersecurity: Practical Tips for IT & OT Collaboration
Industrial Cybersecurity: Practical Tips for IT & OT CollaborationTripwire
 
SAP’s Utilities Roadmap Overview, The Evolution of Regulatory Compliance and ...
SAP’s Utilities Roadmap Overview, The Evolution of Regulatory Compliance and ...SAP’s Utilities Roadmap Overview, The Evolution of Regulatory Compliance and ...
SAP’s Utilities Roadmap Overview, The Evolution of Regulatory Compliance and ...EnergySec
 
Efficient security to meet modern day challenges
Efficient security to meet modern day challengesEfficient security to meet modern day challenges
Efficient security to meet modern day challengesSchneider Electric
 
Network Configuration and Audit Simplified
Network Configuration and Audit SimplifiedNetwork Configuration and Audit Simplified
Network Configuration and Audit SimplifiedChristopher Willard
 
Cyber security of smart grid communication: Risk analysis and experimental te...
Cyber security of smart grid communication: Risk analysis and experimental te...Cyber security of smart grid communication: Risk analysis and experimental te...
Cyber security of smart grid communication: Risk analysis and experimental te...sidhota
 
Leveraging Purchase Power and Standards to Improve Security in the IT Supply ...
Leveraging Purchase Power and Standards to Improve Security in the IT Supply ...Leveraging Purchase Power and Standards to Improve Security in the IT Supply ...
Leveraging Purchase Power and Standards to Improve Security in the IT Supply ...John Gilligan
 
MYTHBUSTERS: Can You Secure Payments in the Cloud?
MYTHBUSTERS: Can You Secure Payments in the Cloud?MYTHBUSTERS: Can You Secure Payments in the Cloud?
MYTHBUSTERS: Can You Secure Payments in the Cloud?Kurt Hagerman
 
Tripwire Energy Working Group: Keynote w/Patrick Miller
Tripwire Energy Working Group: Keynote w/Patrick Miller Tripwire Energy Working Group: Keynote w/Patrick Miller
Tripwire Energy Working Group: Keynote w/Patrick Miller Tripwire
 

Más contenido relacionado

La actualidad más candente

Critical Infrastructure Security by Subodh Belgi
Critical Infrastructure Security by Subodh BelgiCritical Infrastructure Security by Subodh Belgi
Critical Infrastructure Security by Subodh BelgiClubHack
 
Full Cybersecurity Regulations Overview for DoD Prime and Subcontractors
Full Cybersecurity Regulations Overview for DoD Prime and SubcontractorsFull Cybersecurity Regulations Overview for DoD Prime and Subcontractors
Full Cybersecurity Regulations Overview for DoD Prime and SubcontractorsIgnyte Assurance Platform
 
Exploring the Digital Oilfield 2016
Exploring the Digital Oilfield 2016Exploring the Digital Oilfield 2016
Exploring the Digital Oilfield 2016Inductive Automation
 
Zones IoT Substation Protection and Security Solution NERC CIPv5-014 Overview...
Zones IoT Substation Protection and Security Solution NERC CIPv5-014 Overview...Zones IoT Substation Protection and Security Solution NERC CIPv5-014 Overview...
Zones IoT Substation Protection and Security Solution NERC CIPv5-014 Overview...David Sidhu
 
Critical Infrastructure and Security
Critical Infrastructure and SecurityCritical Infrastructure and Security
Critical Infrastructure and SecurityCan Demirel
 
How to Comply with NIST 800-171
How to Comply with NIST 800-171How to Comply with NIST 800-171
How to Comply with NIST 800-171Corserva
 
Critical Infrastructure Security Talk At Null Bangalore 13 Feb 2010 Sundar N
Critical Infrastructure Security Talk At Null Bangalore 13 Feb 2010 Sundar NCritical Infrastructure Security Talk At Null Bangalore 13 Feb 2010 Sundar N
Critical Infrastructure Security Talk At Null Bangalore 13 Feb 2010 Sundar Nnull The Open Security Community
 
Practical Approaches to Securely Integrating Business and Production
Practical Approaches to Securely Integrating Business and ProductionPractical Approaches to Securely Integrating Business and Production
Practical Approaches to Securely Integrating Business and ProductionJim Gilsinn
 
Capturing Data and Improving Outcomes for Humans and Machines Using the Inter...
Capturing Data and Improving Outcomes for Humans and Machines Using the Inter...Capturing Data and Improving Outcomes for Humans and Machines Using the Inter...
Capturing Data and Improving Outcomes for Humans and Machines Using the Inter...Altoros
 
Industrial Cybersecurity: Practical Tips for IT & OT Collaboration
Industrial Cybersecurity: Practical Tips for IT & OT CollaborationIndustrial Cybersecurity: Practical Tips for IT & OT Collaboration
Industrial Cybersecurity: Practical Tips for IT & OT CollaborationTripwire
 
SAP’s Utilities Roadmap Overview, The Evolution of Regulatory Compliance and ...
SAP’s Utilities Roadmap Overview, The Evolution of Regulatory Compliance and ...SAP’s Utilities Roadmap Overview, The Evolution of Regulatory Compliance and ...
SAP’s Utilities Roadmap Overview, The Evolution of Regulatory Compliance and ...EnergySec
 
Efficient security to meet modern day challenges
Efficient security to meet modern day challengesEfficient security to meet modern day challenges
Efficient security to meet modern day challengesSchneider Electric
 
Network Configuration and Audit Simplified
Network Configuration and Audit SimplifiedNetwork Configuration and Audit Simplified
Network Configuration and Audit SimplifiedChristopher Willard
 
Cyber security of smart grid communication: Risk analysis and experimental te...
Cyber security of smart grid communication: Risk analysis and experimental te...Cyber security of smart grid communication: Risk analysis and experimental te...
Cyber security of smart grid communication: Risk analysis and experimental te...sidhota
 
Leveraging Purchase Power and Standards to Improve Security in the IT Supply ...
Leveraging Purchase Power and Standards to Improve Security in the IT Supply ...Leveraging Purchase Power and Standards to Improve Security in the IT Supply ...
Leveraging Purchase Power and Standards to Improve Security in the IT Supply ...John Gilligan
 

La actualidad más candente (20)

Critical Infrastructure Security by Subodh Belgi
Critical Infrastructure Security by Subodh BelgiCritical Infrastructure Security by Subodh Belgi
Critical Infrastructure Security by Subodh Belgi
 
Full Cybersecurity Regulations Overview for DoD Prime and Subcontractors
Full Cybersecurity Regulations Overview for DoD Prime and SubcontractorsFull Cybersecurity Regulations Overview for DoD Prime and Subcontractors
Full Cybersecurity Regulations Overview for DoD Prime and Subcontractors
 
Exploring the Digital Oilfield 2016
Exploring the Digital Oilfield 2016Exploring the Digital Oilfield 2016
Exploring the Digital Oilfield 2016
 
Institute of Internal Auditors Presentation 2014
Institute of Internal Auditors Presentation 2014Institute of Internal Auditors Presentation 2014
Institute of Internal Auditors Presentation 2014
 
Zones IoT Substation Protection and Security Solution NERC CIPv5-014 Overview...
Zones IoT Substation Protection and Security Solution NERC CIPv5-014 Overview...Zones IoT Substation Protection and Security Solution NERC CIPv5-014 Overview...
Zones IoT Substation Protection and Security Solution NERC CIPv5-014 Overview...
 
T063500000200201 ppte
T063500000200201 ppteT063500000200201 ppte
T063500000200201 ppte
 
Securing Networked Infrastructure for the Energy Sector
Securing Networked Infrastructure for the Energy SectorSecuring Networked Infrastructure for the Energy Sector
Securing Networked Infrastructure for the Energy Sector
 
Critical Infrastructure and Security
Critical Infrastructure and SecurityCritical Infrastructure and Security
Critical Infrastructure and Security
 
How to Comply with NIST 800-171
How to Comply with NIST 800-171How to Comply with NIST 800-171
How to Comply with NIST 800-171
 
Critical Infrastructure Security Talk At Null Bangalore 13 Feb 2010 Sundar N
Critical Infrastructure Security Talk At Null Bangalore 13 Feb 2010 Sundar NCritical Infrastructure Security Talk At Null Bangalore 13 Feb 2010 Sundar N
Critical Infrastructure Security Talk At Null Bangalore 13 Feb 2010 Sundar N
 
Helping Utilities with Cybersecurity Preparedness: The C2M2
Helping Utilities with Cybersecurity Preparedness: The C2M2Helping Utilities with Cybersecurity Preparedness: The C2M2
Helping Utilities with Cybersecurity Preparedness: The C2M2
 
ASIS Presentation_07112013
ASIS Presentation_07112013ASIS Presentation_07112013
ASIS Presentation_07112013
 
Practical Approaches to Securely Integrating Business and Production
Practical Approaches to Securely Integrating Business and ProductionPractical Approaches to Securely Integrating Business and Production
Practical Approaches to Securely Integrating Business and Production
 
Capturing Data and Improving Outcomes for Humans and Machines Using the Inter...
Capturing Data and Improving Outcomes for Humans and Machines Using the Inter...Capturing Data and Improving Outcomes for Humans and Machines Using the Inter...
Capturing Data and Improving Outcomes for Humans and Machines Using the Inter...
 
Industrial Cybersecurity: Practical Tips for IT & OT Collaboration
Industrial Cybersecurity: Practical Tips for IT & OT CollaborationIndustrial Cybersecurity: Practical Tips for IT & OT Collaboration
Industrial Cybersecurity: Practical Tips for IT & OT Collaboration
 
SAP’s Utilities Roadmap Overview, The Evolution of Regulatory Compliance and ...
SAP’s Utilities Roadmap Overview, The Evolution of Regulatory Compliance and ...SAP’s Utilities Roadmap Overview, The Evolution of Regulatory Compliance and ...
SAP’s Utilities Roadmap Overview, The Evolution of Regulatory Compliance and ...
 
Efficient security to meet modern day challenges
Efficient security to meet modern day challengesEfficient security to meet modern day challenges
Efficient security to meet modern day challenges
 
Network Configuration and Audit Simplified
Network Configuration and Audit SimplifiedNetwork Configuration and Audit Simplified
Network Configuration and Audit Simplified
 
Cyber security of smart grid communication: Risk analysis and experimental te...
Cyber security of smart grid communication: Risk analysis and experimental te...Cyber security of smart grid communication: Risk analysis and experimental te...
Cyber security of smart grid communication: Risk analysis and experimental te...
 
Leveraging Purchase Power and Standards to Improve Security in the IT Supply ...
Leveraging Purchase Power and Standards to Improve Security in the IT Supply ...Leveraging Purchase Power and Standards to Improve Security in the IT Supply ...
Leveraging Purchase Power and Standards to Improve Security in the IT Supply ...
 

Similar a Regulators’ Role in Smart Grid Security: What They Want to Know by Alan Rivaldo Public Utility Commission of Texas

MYTHBUSTERS: Can You Secure Payments in the Cloud?
MYTHBUSTERS: Can You Secure Payments in the Cloud?MYTHBUSTERS: Can You Secure Payments in the Cloud?
MYTHBUSTERS: Can You Secure Payments in the Cloud?Kurt Hagerman
 
Tripwire Energy Working Group: Keynote w/Patrick Miller
Tripwire Energy Working Group: Keynote w/Patrick Miller Tripwire Energy Working Group: Keynote w/Patrick Miller
Tripwire Energy Working Group: Keynote w/Patrick Miller Tripwire
 
Intelligent Maintenance: Mapping the #IIoT Process
Intelligent Maintenance: Mapping the #IIoT ProcessIntelligent Maintenance: Mapping the #IIoT Process
Intelligent Maintenance: Mapping the #IIoT ProcessDan Yarmoluk
 
Branndon Kelley Keynote on Cybersecurity and the Smart Utility
Branndon Kelley Keynote on Cybersecurity and the Smart Utility Branndon Kelley Keynote on Cybersecurity and the Smart Utility
Branndon Kelley Keynote on Cybersecurity and the Smart Utility EnergyTech2015
 
Why Does IT Cost So Much CANHEIT v10
Why Does IT Cost So Much CANHEIT v10Why Does IT Cost So Much CANHEIT v10
Why Does IT Cost So Much CANHEIT v10Mark Roman
 
Don’t Just Trust Cloud Providers - How To Audit Cloud Providers
Don’t Just Trust Cloud Providers - How To Audit Cloud ProvidersDon’t Just Trust Cloud Providers - How To Audit Cloud Providers
Don’t Just Trust Cloud Providers - How To Audit Cloud ProvidersMichael Davis
 
What is the UK Cyber Essentials scheme?
What is the UK Cyber Essentials scheme?What is the UK Cyber Essentials scheme?
What is the UK Cyber Essentials scheme?IT Governance Ltd
 
Smart Grid Solutions( June 2012)
Smart Grid Solutions( June 2012)Smart Grid Solutions( June 2012)
Smart Grid Solutions( June 2012)Berik Dossayev
 
The Changing Role of IT: From Service Managers to Advisors
The Changing Role of IT: From Service Managers to AdvisorsThe Changing Role of IT: From Service Managers to Advisors
The Changing Role of IT: From Service Managers to AdvisorsJesse Stockall
 
Controls-Con 2019 | Business Track
Controls-Con 2019 | Business TrackControls-Con 2019 | Business Track
Controls-Con 2019 | Business TrackCochrane_Supply
 
Integrator Evolution: Discussing Current Challenges & Future Trends in Indust...
Integrator Evolution: Discussing Current Challenges & Future Trends in Indust...Integrator Evolution: Discussing Current Challenges & Future Trends in Indust...
Integrator Evolution: Discussing Current Challenges & Future Trends in Indust...Inductive Automation
 
Secure and Compliant Data Management in FinTech Applications
Secure and Compliant Data Management in FinTech ApplicationsSecure and Compliant Data Management in FinTech Applications
Secure and Compliant Data Management in FinTech ApplicationsLionel Briand
 
Integrator Evolution: Discussing Current Challenges & Future Trends in Indust...
Integrator Evolution: Discussing Current Challenges & Future Trends in Indust...Integrator Evolution: Discussing Current Challenges & Future Trends in Indust...
Integrator Evolution: Discussing Current Challenges & Future Trends in Indust...Inductive Automation
 
IT Series: Cloud Computing Done Right @One 2011
IT Series: Cloud Computing Done Right @One 2011IT Series: Cloud Computing Done Right @One 2011
IT Series: Cloud Computing Done Right @One 2011Donald E. Hester
 
New technologies security threats (Brussels 2014)
New technologies security threats (Brussels 2014)New technologies security threats (Brussels 2014)
New technologies security threats (Brussels 2014)Alexey Kachalin
 
Avoid outages-from-misconfigured-devices-webinar-slides
Avoid outages-from-misconfigured-devices-webinar-slidesAvoid outages-from-misconfigured-devices-webinar-slides
Avoid outages-from-misconfigured-devices-webinar-slidesAlgoSec
 
Using Integrated Security Systems to Accommodate Expansion and Ensure Safety
Using Integrated Security Systems to Accommodate Expansion and Ensure SafetyUsing Integrated Security Systems to Accommodate Expansion and Ensure Safety
Using Integrated Security Systems to Accommodate Expansion and Ensure SafetyUniversity of the District of Columbia
 

Similar a Regulators’ Role in Smart Grid Security: What They Want to Know by Alan Rivaldo Public Utility Commission of Texas (20)

MYTHBUSTERS: Can You Secure Payments in the Cloud?
MYTHBUSTERS: Can You Secure Payments in the Cloud?MYTHBUSTERS: Can You Secure Payments in the Cloud?
MYTHBUSTERS: Can You Secure Payments in the Cloud?
 
Tripwire Energy Working Group: Keynote w/Patrick Miller
Tripwire Energy Working Group: Keynote w/Patrick Miller Tripwire Energy Working Group: Keynote w/Patrick Miller
Tripwire Energy Working Group: Keynote w/Patrick Miller
 
Intelligent Maintenance: Mapping the #IIoT Process
Intelligent Maintenance: Mapping the #IIoT ProcessIntelligent Maintenance: Mapping the #IIoT Process
Intelligent Maintenance: Mapping the #IIoT Process
 
Branndon Kelley Keynote on Cybersecurity and the Smart Utility
Branndon Kelley Keynote on Cybersecurity and the Smart Utility Branndon Kelley Keynote on Cybersecurity and the Smart Utility
Branndon Kelley Keynote on Cybersecurity and the Smart Utility
 
Why Does IT Cost So Much CANHEIT v10
Why Does IT Cost So Much CANHEIT v10Why Does IT Cost So Much CANHEIT v10
Why Does IT Cost So Much CANHEIT v10
 
Final 5_4(10-37PM)
Final 5_4(10-37PM)Final 5_4(10-37PM)
Final 5_4(10-37PM)
 
Don’t Just Trust Cloud Providers - How To Audit Cloud Providers
Don’t Just Trust Cloud Providers - How To Audit Cloud ProvidersDon’t Just Trust Cloud Providers - How To Audit Cloud Providers
Don’t Just Trust Cloud Providers - How To Audit Cloud Providers
 
Robert Nichols: Cybersecurity for Government Contractors
Robert Nichols: Cybersecurity for Government ContractorsRobert Nichols: Cybersecurity for Government Contractors
Robert Nichols: Cybersecurity for Government Contractors
 
What is the UK Cyber Essentials scheme?
What is the UK Cyber Essentials scheme?What is the UK Cyber Essentials scheme?
What is the UK Cyber Essentials scheme?
 
Smart Grid Solutions( June 2012)
Smart Grid Solutions( June 2012)Smart Grid Solutions( June 2012)
Smart Grid Solutions( June 2012)
 
The Changing Role of IT: From Service Managers to Advisors
The Changing Role of IT: From Service Managers to AdvisorsThe Changing Role of IT: From Service Managers to Advisors
The Changing Role of IT: From Service Managers to Advisors
 
Controls-Con 2019 | Business Track
Controls-Con 2019 | Business TrackControls-Con 2019 | Business Track
Controls-Con 2019 | Business Track
 
Integrator Evolution: Discussing Current Challenges & Future Trends in Indust...
Integrator Evolution: Discussing Current Challenges & Future Trends in Indust...Integrator Evolution: Discussing Current Challenges & Future Trends in Indust...
Integrator Evolution: Discussing Current Challenges & Future Trends in Indust...
 
Secure and Compliant Data Management in FinTech Applications
Secure and Compliant Data Management in FinTech ApplicationsSecure and Compliant Data Management in FinTech Applications
Secure and Compliant Data Management in FinTech Applications
 
Integrator Evolution: Discussing Current Challenges & Future Trends in Indust...
Integrator Evolution: Discussing Current Challenges & Future Trends in Indust...Integrator Evolution: Discussing Current Challenges & Future Trends in Indust...
Integrator Evolution: Discussing Current Challenges & Future Trends in Indust...
 
IT Series: Cloud Computing Done Right @One 2011
IT Series: Cloud Computing Done Right @One 2011IT Series: Cloud Computing Done Right @One 2011
IT Series: Cloud Computing Done Right @One 2011
 
New technologies security threats (Brussels 2014)
New technologies security threats (Brussels 2014)New technologies security threats (Brussels 2014)
New technologies security threats (Brussels 2014)
 
Avoid outages-from-misconfigured-devices-webinar-slides
Avoid outages-from-misconfigured-devices-webinar-slidesAvoid outages-from-misconfigured-devices-webinar-slides
Avoid outages-from-misconfigured-devices-webinar-slides
 
Meter Operations in a Post AMI World
Meter Operations in a Post AMI WorldMeter Operations in a Post AMI World
Meter Operations in a Post AMI World
 
Using Integrated Security Systems to Accommodate Expansion and Ensure Safety
Using Integrated Security Systems to Accommodate Expansion and Ensure SafetyUsing Integrated Security Systems to Accommodate Expansion and Ensure Safety
Using Integrated Security Systems to Accommodate Expansion and Ensure Safety
 

Más de TheAnfieldGroup

Eliminate Silos to Enhance Critical Infrastructure Protection by Jasvir Gill
Eliminate Silos to Enhance Critical Infrastructure Protection by Jasvir GillEliminate Silos to Enhance Critical Infrastructure Protection by Jasvir Gill
Eliminate Silos to Enhance Critical Infrastructure Protection by Jasvir GillTheAnfieldGroup
 
Leveraging Technology to Enhance Security, Reliability & NERC-CIP Ver.5 Compl...
Leveraging Technology to Enhance Security, Reliability & NERC-CIP Ver.5 Compl...Leveraging Technology to Enhance Security, Reliability & NERC-CIP Ver.5 Compl...
Leveraging Technology to Enhance Security, Reliability & NERC-CIP Ver.5 Compl...TheAnfieldGroup
 
Cyber Security Standards Update: Version 5 by Scott Mix
Cyber Security Standards Update: Version 5 by Scott MixCyber Security Standards Update: Version 5 by Scott Mix
Cyber Security Standards Update: Version 5 by Scott MixTheAnfieldGroup
 
Collaborative Threat Mitigation or (Collective Self Defense) by Scott Pinkert...
Collaborative Threat Mitigation or (Collective Self Defense) by Scott Pinkert...Collaborative Threat Mitigation or (Collective Self Defense) by Scott Pinkert...
Collaborative Threat Mitigation or (Collective Self Defense) by Scott Pinkert...TheAnfieldGroup
 
Synchrophasor Timing Security
Synchrophasor Timing SecuritySynchrophasor Timing Security
Synchrophasor Timing SecurityTheAnfieldGroup
 
EnergySec & National Electric Cyber Security Organization (NESCO) Overview by...
EnergySec & National Electric Cyber Security Organization (NESCO) Overview by...EnergySec & National Electric Cyber Security Organization (NESCO) Overview by...
EnergySec & National Electric Cyber Security Organization (NESCO) Overview by...TheAnfieldGroup
 
Integration of Technology & Compliance Presented by John Heintz, CPS Energy
Integration of Technology & Compliance Presented by John Heintz, CPS EnergyIntegration of Technology & Compliance Presented by John Heintz, CPS Energy
Integration of Technology & Compliance Presented by John Heintz, CPS EnergyTheAnfieldGroup
 

Más de TheAnfieldGroup (7)

Eliminate Silos to Enhance Critical Infrastructure Protection by Jasvir Gill
Eliminate Silos to Enhance Critical Infrastructure Protection by Jasvir GillEliminate Silos to Enhance Critical Infrastructure Protection by Jasvir Gill
Eliminate Silos to Enhance Critical Infrastructure Protection by Jasvir Gill
 
Leveraging Technology to Enhance Security, Reliability & NERC-CIP Ver.5 Compl...
Leveraging Technology to Enhance Security, Reliability & NERC-CIP Ver.5 Compl...Leveraging Technology to Enhance Security, Reliability & NERC-CIP Ver.5 Compl...
Leveraging Technology to Enhance Security, Reliability & NERC-CIP Ver.5 Compl...
 
Cyber Security Standards Update: Version 5 by Scott Mix
Cyber Security Standards Update: Version 5 by Scott MixCyber Security Standards Update: Version 5 by Scott Mix
Cyber Security Standards Update: Version 5 by Scott Mix
 
Collaborative Threat Mitigation or (Collective Self Defense) by Scott Pinkert...
Collaborative Threat Mitigation or (Collective Self Defense) by Scott Pinkert...Collaborative Threat Mitigation or (Collective Self Defense) by Scott Pinkert...
Collaborative Threat Mitigation or (Collective Self Defense) by Scott Pinkert...
 
Synchrophasor Timing Security
Synchrophasor Timing SecuritySynchrophasor Timing Security
Synchrophasor Timing Security
 
EnergySec & National Electric Cyber Security Organization (NESCO) Overview by...
EnergySec & National Electric Cyber Security Organization (NESCO) Overview by...EnergySec & National Electric Cyber Security Organization (NESCO) Overview by...
EnergySec & National Electric Cyber Security Organization (NESCO) Overview by...
 
Integration of Technology & Compliance Presented by John Heintz, CPS Energy
Integration of Technology & Compliance Presented by John Heintz, CPS EnergyIntegration of Technology & Compliance Presented by John Heintz, CPS Energy
Integration of Technology & Compliance Presented by John Heintz, CPS Energy
 

Último

"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DayH2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DaySri Ambati
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostZilliz
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 

Último (20)

"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DayH2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 

Regulators’ Role in Smart Grid Security: What They Want to Know by Alan Rivaldo Public Utility Commission of Texas

  • 1. Alan Rivaldo Public Utility Commission of Texas Regulators’ Role in Smart Grid Security What They Want to Know
  • 2. BACKGROUND • Utilities are typically monopolies and therefore are highly regulated. • Unlike with most other stock investments, for the most part utility investors are guaranteed a certain rate of return on their investment. • Any capital investments made by utilities are ultimately paid by ratepayers… their customers. 2
  • 3. CUSTOMERS AND REGULATORS • Therefore, customers need to know what they are getting and how much they’re paying for it. • Customers are typically disengaged from the process (at least beyond the bottom line on their utility bill). • Regulators are the ones who are charged with knowing about the capital expenditures made by utilities. 3
  • 4. RATE CASES • Utilities recapture capital investments through rate cases • Rate cases are conducted in open hearings • This process is nothing new: ~100 years • Any infrastructure: • Water and Wastewater • Electric service 4
  • 5. WHAT IS NEW? • In past few years, commissions became aware of cybersecurity as a pressing issue. • Unfortunately, some awareness has come in the form of alarmist reports in the media: • Mass outages • Chaos • Imminent take-overs by foreign governments 5
  • 6. WHAT’S NOT SO NEW? • Risk that legislatures may overreact • Try to pass “comprehensive bills” that may: • Cause unintended consequences • Impede meaningful progress • Interfere with commission direction • Classic conflict: legislative vs. executive 6
  • 7. THE CHALLENGE • Utilities have difficulties finding qualified, knowledgeable staff for energy operations. • Commissions are in the same position; engineers have to be recruited from an industry in which there traditionally hasn’t been much turnover. 7
  • 8. THE CHALLENGE (CONT.) • States’ budgets are being cut • Recruiting from industry and the private sector is a challenge • PUC staff knowledge limited to conventional energy operations technologies • Electromechanical devices • Not advanced, data-intensive technologies 8
  • 9. WHAT TO DO? • Commissions train existing staff • Hire new people to ask intelligent questions of: • Utilities • Vendors • Staff within the agency • Ponder implications of technology on policy • Ponder implications of policy on technology 9
  • 10. ASK UTILITIES QUESTIONS: STRATEGY • What is your security strategy? • Update your security plans? How often? • Test your plans? • Have you conducted vulnerability assessment of: • Back Office information systems? • Control Systems? 10
  • 11. ASK UTILITIES QUESTIONS: RISK • How do you manage risk? • Use a Risk Management process? • How was it derived? • From DOE/NIST/NERC or some other authority? 11
  • 12. QUESTIONS: UTILITY ENGAGEMENT • Have you worked with Department of Homeland Security regarding cybersecurity? • Aware of… work with… • DHS National Cyber Security Division (NCSD)? • US-CERT? ICS-CERT? etc. • NESCO (National Electric Sector Cybersecurity Organization) • Law Enforcement, i.e. Fusion centers • Local chapter of InfraGard (FBI public private partnership)? • DOE, SANS, others? 12
  • 13. NERC CIP • We may ask about NERC CIP… • Not necessarily the utility’s status • NERC CIP is outside of a state’s jurisdiction • No double reporting or “double jeopardy” • NERC CIP compliance is only marginally interesting to state regulators. We care more about distribution: SAIDI and SAIFI • Upstream cybersecurity issues may have an impact upon SAIDI and SAIFI 13
  • 14. NERC CIP (CONT.) • NERC CIP is compliance-based. Commissions are compliance-focused out of tradition, but… • Compliance doesn’t ensure security. • Cybersecurity isn’t about checking boxes on a form. • “Hackers don’t have checklists” • Folks at utilities: Trying to get their CIP compliance paperwork in order to satisfy some NERC auditor • Hackers: Working diligently to upset the apple cart 14
  • 15. LESSONS FROM NERC CIP • PUCs are more interested in knowing how many resources a utility has tied up in doing NERC CIP compliance paperwork • Is NERC CIP compliance a value-added activity? • Compliance puts a utility only on the ground floor of security • Compliance doesn’t set a ceiling • Compliance makes security people contemplate the roof 15
  • 16. LESSONS FROM NERC CIP • Utilities have to graduate beyond compliance • Utilities should have compliance mastered by now, right? • Utilities must find their way up the stairs to a higher floor in the building • Compliance mindset vs. Security 16
  • 17. PERSONNEL • What kind of people do you have? • Individuals specifically assigned cybersecurity responsibility? • IT staff responsible for cybersecurity in energy operations? • Does energy operations have its own security staff? • What kind of training and experience does cybersecurity staff have? • Engaged in cybersecurity standards activities of: • NIST SGIP Cybersecurity Working Group? • NESCOR, UCAIug, NERC, etc.? 17
  • 18. PERSONNEL / VENDORS • What background checking is performed for those with access to key cyber components? • Vendors and other third-parties that have access to key cyber systems • How are they vetted? How do you screen who has access to your systems? A lot of support comes from vendors and integrators. 18
  • 19. CAPITAL EXPENDITURES • Review: Commissions are tasked with approving surcharges in rate cases so that utilities can recoup the costs they have incurred by making capital expenditures on the infrastructure. • Is the equipment a utility buys robust when it comes to security? Will it continue to be robust in the future? • Traditional equipment lifetime is as long as 40 years. 19
  • 20. CAPITAL EXPENDITURES • Moving toward new paradigm • May call for more regular replacements of infrastructure components • Precedents: IT and mobile phone infrastructures • Will no longer be in terms of multiple decades • But anticipated replacement cycle won’t be as brisk as mobile phone infrastructure 20
  • 21. CAPITAL EXPENDITURES • Prefer not to have to replace devices at all • Hope/wish replacement won’t be for reasons of security • Smart Grid continues to evolve • More palatable reasons for replacement: • Expanded functionality • Larger quantity of data • Higher data rates 21
  • 22. CAPITAL EXPENDITURES/VENDORS • Regulators want assurance that: • Proposed investments are prudent • Solutions are cost effective • Firms hired by utilities are: • Capable • Reliable • Understand their ultimate responsibilities 22
  • 23. CAPITAL EXPENDITURES/VENDORS • Regulators want utilities to: • Do their due diligence when securing their infrastructure • Prove it • Hold their vendors accountable for doing their part • Everyone plays a role in security, and everyone should be accountable for holding up their end of the bargain. 23
  • 24. VENDORS • Regulators… and therefore the utilities… want: • To know that products and processes are secure • From concept to design to manufacture to deployment to support in the form of issuing of firmware updates, to the eventual decommissioning of these devices and systems. 24
  • 25. VENDORS AND UTILITIES Concept/ Specification Design/ Development Integration Deployment Operation Product Suppliers System Integrators Realms of Security Assurance Utilities Maintenance S.I. V 25
  • 26. VENDORS’ ROLE • Third-party assessment of products - proof • Installation of products - field testing of configured, deployed infrastructure • Deliver what was promised • Anything that touches or comes near a device is doing what it’s supposed to do • Maintain integrity of the data • Without latency 26
  • 27. UTILITY’S RESPONSIBILITIES • Ensure the safe and secure delivery of energy and energy-related data • Maintain the accuracy of the data being transmitted • Ensure data is handled with care • Secure • Policies in place and followed • Ensure customer privacy 27
  • 28. REVIEW • Commissions take a look at the numbers – we want to see what the public is… or will be… paying for. • If incorporating security costs a little bit more upfront, then that should be reflected in the numbers and filed in the rate case – preferably itemized, if possible. • At the same time, costs must be reasonable and reflect whatever level of risk is acceptable. 28
  • 29. REVIEW AND CONCLUSION • We must accept that risk is inevitable and cannot be completely eliminated – only mitigated to an acceptable level. • Risk is difficult to calculate, but commissions want to know how you made your determinations; make us a part of the process. • We all play a role in security. 29

Notas del editor

  1. Disclaimer – the views expressed are not those of the commission or any commissioner – they are solely mine.
  2. Conflicts at the federal level can trickle down to the states.
  3. SAIDI = System Average Interruption Duration IndexSAIFI - System Average Interruption Frequency Index
  4. If hackers DO have checklists, it’s “launch Metasploit – CHECK!”, “launch exploit – CHECK!” “Turn off the lights - CHECK!” “Brag about what I did on Facebook - CHECK!”
  5. SGIP = Smart Grid Interoperability PanelUCAIug = Utility Communications Architecture International User’s Group
  6. SGIP = Smart Grid Interoperability PanelUCAIug = Utility Communications Architecture International User’s Group