SlideShare una empresa de Scribd logo

NERC CIP Cyber Security Standards V4 – Is it getting better or worse?

Descargar como PPTX, PDF
Tripwire
Tripwire

The Federal Energy Regulatory Commission (FERC) will likely soon approve version 4 of the North American Electricity Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) Cyber Security Standards. The new standards replace the traditional risk-based approach of identifying critical cyber assets with more prescriptive Bright Line criteria. How can those subject to the NERC CIPs comply with these new criteria and adopt them in a way that balances their business needs and risks? In addition, how does the adoption and spread of the smart grid impact business practices, privacy issues, threats, vulnerabilities and the need for security controls? In this webcast, Paul Reymann, security and compliance expert and CEO of ReymanGroup joins Jim Stanton, Senior Energy Consultant at ReymannGroup to address those questions, and specifically discuss: How operational characteristics of each asset help determine the security and reliability controls required. The potential risk of adopting a prescriptive controls model that is tied to the bright-line criteria. The current struggles between FERC, NERC, and the industry around updating the standards. Possible future scenarios and legal implications of a new regulatory structure that might improve the process. The pros and cons of the evolution of the smart grid. So tune in and learn how to prepare for the latest version of the NERC CIP standards, and discover what changes may be coming for the complex regulatory structure that surrounds it.

TecnologíaEmpresariales
1 de 23
NERC CIP Cyber Security Standards V4: Is it getting better or worse? Join the conversation: #CIPv4Webcast
NERC CIP Cyber Security Standards V4 – Is it getting better or worse? Join the conversation: #CIPv4Webcast
We will cover… The New Prescriptive Bright-line Criteria Struggles between FERC, NERC, & Industry Practices for Security, Reliability, and Compliance Smart Grid Evolution Benefits & Challenges Visibility, Intelligence, and Automation are Key Join the conversation: #CIPv4Webcast
Energy’s Inverted Security Model One Big Network Open to Cyber-Threats Join the conversation: #CIPv4Webcast
Cyber Security is a Priority! Join the conversation: #CIPv4Webcast
CIP Version 4 Vetting Process Industry • Majority vote of the Ballot Pool of Registered Ballot Body participants. Approval NERC • NERC Board of Trustees. • Dissenting & minority positions highlighted with the Approval drafting. team’s and NERC staff’s comments. FERC • Elect to approve as written; • Approve conditionally; or Approval • Reject the standards. • Opportunity for industry to file comments. FERC NOPR • Comments addressed in the Final Rule. Join the conversation: 6 #CIPv4Webcast
Potential FERC Timeline Scenario Final Order NOPR in Industry Published in Effective Federal Comments Federal Date Register Due Register 120 150 0 Days 30 Days Days Days + 24 months per NERC proposed implementation plan Join the conversation: #CIPv4Webcast
CIP Version 4 Bright-line Criteria Bright-line • Risk-based Examples • Required. Assessment is Out. • Identify Compliance • Prescriptive Criteria to • 1500 MW Generators. Milestones. Define Criticality of • Transmission Facilities • Follow Specific Criteria. Assets is In. at 500kv or Higher. • Reliability Coordinator Control Centers. Bright-line Implementation Criteria Plan Join the conversation: 8 #CIPv4Webcast
Next Practices for Security, Reliability, & Compliance Categorize All Prescriptive Identify All Assets with Risk Assets Bright-line Assessment Criteria Business Prescriptive Validate Decision: “How Controls: “What Security to implement to do” Controls controls” Collect & Retain Document All Continuously Data to Identify & Steps & Manage & Respond to Corrective Monitor Security Actions Incidents Join the conversation: 9 #CIPv4Webcast
Smart Grid Evolution – Benefits & Challenges Rethink: Consumer Participation Business Practices Privacy Issues Enables New Optimize Products, Se Asset Threats rvices, & Utilization & Markets Efficiency Vulnerabilities Security Controls Provides Proactive Quality Response to Power for System Digital Disturbances Economy Accommodate s all generation & storage options Join the conversation: 10 #CIPv4Webcast
How do you get started? Visibility Intelligence Automation • • • • Join the conversation: #CIPv4Webcast
Tripwire Solutions Join the conversation: #CIPv4Webcast
More Prescriptive Guidance Join the conversation: #CIPv4Webcast 13
What Needs To Change? Join the conversation: #CIPv4Webcast 14
Tripwire Solutions for NERC change auditing, configuration control log management SCADA and other mission critical systems monitor and review logs on a number of different platforms:  AIX PowerPC 5.3 systems  Windows 2003 servers  HP-UX (PA-RSIC) v11 systems  Win XP Desktops  Red Hat Linux  Windows 2003 and Active  Solaris SPARC Directory domain controllers SuSE Linux systems Join the conversation:   Windows Server 2000 #CIPv4Webcast
Tripwire and Relevant CIPs Critical Cyber Asset Identification Security Management Controls Electronic Security Perimeters Systems Security Management Join the conversation: #CIPv4Webcast
Tripwire and Relevant CIPs Critical Cyber Asset Identification • Security Management Controls • • Electronic Security Perimeters • • • Systems Security Management • • • • • Join the conversation: #CIPv4Webcast
VIA: Simply Compliant, More Secure. Join the conversation: #CIPv4Webcast 18
Tripwire VIA: Intelligent Threat Control Tripwire VIATM VISIBILITY  INTELLIGENCE  AUTOMATION Join the conversation: #CIPv4Webcast
www.tripwire.com/energy-compliance Join the conversation: #CIPv4Webcast
• Summarizes key points • Describes the affect of CIP compliance vs. noncompliance • Offers a Due Diligence Checklist • Complimentary copy Join the conversation: #CIPv4Webcast
Questions Paul Reymann James Stanton (410) 956-7336 (410) 956 7334 paul@reymanngroup.com jim@reymanngroup.com Cindy Valladares cvalladares@tripwire.com Twitter: @cindyv Join the conversation: #CIPv4Webcast
THANK YOU! Cindy Valladares www.tripwire.com cvalladares@tripwire.com @cindyv Join the conversation: #CIPv4Webcast

Recomendados

The Top Skills That Can Get You Hired in 2017
The Top Skills That Can Get You Hired in 2017The Top Skills That Can Get You Hired in 2017
The Top Skills That Can Get You Hired in 2017LinkedIn
 
Mind the Cybersecurity Gap - Why Compliance Isn't Enough
Mind the Cybersecurity Gap - Why Compliance Isn't EnoughMind the Cybersecurity Gap - Why Compliance Isn't Enough
Mind the Cybersecurity Gap - Why Compliance Isn't EnoughTripwire
 
Data Privacy Day 2022: Tips to Ensure Data Privacy
Data Privacy Day 2022: Tips to Ensure Data PrivacyData Privacy Day 2022: Tips to Ensure Data Privacy
Data Privacy Day 2022: Tips to Ensure Data PrivacyTripwire
 
Key Challenges Facing IT/OT: Hear From The Experts
Key Challenges Facing IT/OT: Hear From The ExpertsKey Challenges Facing IT/OT: Hear From The Experts
Key Challenges Facing IT/OT: Hear From The ExpertsTripwire
 
Tripwire Energy Working Group: TIV Demo
Tripwire Energy Working Group: TIV Demo Tripwire Energy Working Group: TIV Demo
Tripwire Energy Working Group: TIV Demo Tripwire
 
Tripwire Energy Working Group Session w/Dale Peterson
Tripwire Energy Working Group Session w/Dale PetersonTripwire Energy Working Group Session w/Dale Peterson
Tripwire Energy Working Group Session w/Dale PetersonTripwire
 
Tripwire Energy Working Group: CIP Solutions and Baseline Walk-Through
Tripwire Energy Working Group: CIP Solutions and Baseline Walk-Through Tripwire Energy Working Group: CIP Solutions and Baseline Walk-Through
Tripwire Energy Working Group: CIP Solutions and Baseline Walk-Through Tripwire
 
Tripwire Energy Working Group: Customer Session with Chase Cole
Tripwire Energy Working Group: Customer Session with Chase ColeTripwire Energy Working Group: Customer Session with Chase Cole
Tripwire Energy Working Group: Customer Session with Chase ColeTripwire
 

Recomendados

The Top Skills That Can Get You Hired in 2017
The Top Skills That Can Get You Hired in 2017The Top Skills That Can Get You Hired in 2017
The Top Skills That Can Get You Hired in 2017LinkedIn
 
Mind the Cybersecurity Gap - Why Compliance Isn't Enough
Mind the Cybersecurity Gap - Why Compliance Isn't EnoughMind the Cybersecurity Gap - Why Compliance Isn't Enough
Mind the Cybersecurity Gap - Why Compliance Isn't EnoughTripwire
 
Data Privacy Day 2022: Tips to Ensure Data Privacy
Data Privacy Day 2022: Tips to Ensure Data PrivacyData Privacy Day 2022: Tips to Ensure Data Privacy
Data Privacy Day 2022: Tips to Ensure Data PrivacyTripwire
 
Key Challenges Facing IT/OT: Hear From The Experts
Key Challenges Facing IT/OT: Hear From The ExpertsKey Challenges Facing IT/OT: Hear From The Experts
Key Challenges Facing IT/OT: Hear From The ExpertsTripwire
 
Tripwire Energy Working Group: TIV Demo
Tripwire Energy Working Group: TIV Demo Tripwire Energy Working Group: TIV Demo
Tripwire Energy Working Group: TIV Demo Tripwire
 
Tripwire Energy Working Group Session w/Dale Peterson
Tripwire Energy Working Group Session w/Dale PetersonTripwire Energy Working Group Session w/Dale Peterson
Tripwire Energy Working Group Session w/Dale PetersonTripwire
 
Tripwire Energy Working Group: CIP Solutions and Baseline Walk-Through
Tripwire Energy Working Group: CIP Solutions and Baseline Walk-Through Tripwire Energy Working Group: CIP Solutions and Baseline Walk-Through
Tripwire Energy Working Group: CIP Solutions and Baseline Walk-Through Tripwire
 
Tripwire Energy Working Group: Customer Session with Chase Cole
Tripwire Energy Working Group: Customer Session with Chase ColeTripwire Energy Working Group: Customer Session with Chase Cole
Tripwire Energy Working Group: Customer Session with Chase ColeTripwire
 
Tripwire Energy Working Group: Keynote w/Patrick Miller
Tripwire Energy Working Group: Keynote w/Patrick Miller Tripwire Energy Working Group: Keynote w/Patrick Miller
Tripwire Energy Working Group: Keynote w/Patrick Miller Tripwire
 
World Book Day: Cybersecurity’s Quietest Celebration
World Book Day: Cybersecurity’s Quietest CelebrationWorld Book Day: Cybersecurity’s Quietest Celebration
World Book Day: Cybersecurity’s Quietest CelebrationTripwire
 
Tripwire Retail Security 2020 Survey: Key Findings
Tripwire Retail Security 2020 Survey: Key FindingsTripwire Retail Security 2020 Survey: Key Findings
Tripwire Retail Security 2020 Survey: Key FindingsTripwire
 
Key Findings: Tripwire COVID-19 Cybersecurity Impact Report
Key Findings: Tripwire COVID-19 Cybersecurity Impact ReportKey Findings: Tripwire COVID-19 Cybersecurity Impact Report
Key Findings: Tripwire COVID-19 Cybersecurity Impact ReportTripwire
 
The Adventures of Captain Tripwire: Coloring Book!
The Adventures of Captain Tripwire: Coloring Book!The Adventures of Captain Tripwire: Coloring Book!
The Adventures of Captain Tripwire: Coloring Book!Tripwire
 
Industrial Cybersecurity: Practical Tips for IT & OT Collaboration
Industrial Cybersecurity: Practical Tips for IT & OT CollaborationIndustrial Cybersecurity: Practical Tips for IT & OT Collaboration
Industrial Cybersecurity: Practical Tips for IT & OT CollaborationTripwire
 
The Adventures of Captain Tripwire #1: Captain Tripwire Faces the Indefensibl...
The Adventures of Captain Tripwire #1: Captain Tripwire Faces the Indefensibl...The Adventures of Captain Tripwire #1: Captain Tripwire Faces the Indefensibl...
The Adventures of Captain Tripwire #1: Captain Tripwire Faces the Indefensibl...Tripwire
 
Tripwire 2019 Skills Gap Survey: Key Findings
Tripwire 2019 Skills Gap Survey: Key FindingsTripwire 2019 Skills Gap Survey: Key Findings
Tripwire 2019 Skills Gap Survey: Key FindingsTripwire
 
A Look Back at 2018: The Most Memorable Cyber Moments
A Look Back at 2018: The Most Memorable Cyber MomentsA Look Back at 2018: The Most Memorable Cyber Moments
A Look Back at 2018: The Most Memorable Cyber MomentsTripwire
 
Time for Your Compliance Check-Up: How Mercy Health Uses Tripwire to Pass Audits
Time for Your Compliance Check-Up: How Mercy Health Uses Tripwire to Pass AuditsTime for Your Compliance Check-Up: How Mercy Health Uses Tripwire to Pass Audits
Time for Your Compliance Check-Up: How Mercy Health Uses Tripwire to Pass AuditsTripwire
 
Tripwire State of Cyber Hygiene 2018 Report: Key Findings
Tripwire State of Cyber Hygiene 2018 Report: Key FindingsTripwire State of Cyber Hygiene 2018 Report: Key Findings
Tripwire State of Cyber Hygiene 2018 Report: Key FindingsTripwire
 
Defend Your Data Now with the MITRE ATT&CK Framework
Defend Your Data Now with the MITRE ATT&CK FrameworkDefend Your Data Now with the MITRE ATT&CK Framework
Defend Your Data Now with the MITRE ATT&CK FrameworkTripwire
 
Defending Critical Infrastructure Against Cyber Attacks
Defending Critical Infrastructure Against Cyber AttacksDefending Critical Infrastructure Against Cyber Attacks
Defending Critical Infrastructure Against Cyber AttacksTripwire
 
Jumpstarting Your Cyberdefense Machine with the CIS Controls V7
Jumpstarting Your Cyberdefense Machine with the CIS Controls V7 Jumpstarting Your Cyberdefense Machine with the CIS Controls V7
Jumpstarting Your Cyberdefense Machine with the CIS Controls V7Tripwire
 
Hunting for Cyber Threats Using Threat Modeling & Frameworks
Hunting for Cyber Threats Using Threat Modeling & Frameworks Hunting for Cyber Threats Using Threat Modeling & Frameworks
Hunting for Cyber Threats Using Threat Modeling & Frameworks Tripwire
 
Most RSAC Attendees Favor Shorter Vulnerability Disclosure Timelines
Most RSAC Attendees Favor Shorter Vulnerability Disclosure TimelinesMost RSAC Attendees Favor Shorter Vulnerability Disclosure Timelines
Most RSAC Attendees Favor Shorter Vulnerability Disclosure TimelinesTripwire
 
ICS Security in the Energy Industry
ICS Security in the Energy IndustryICS Security in the Energy Industry
ICS Security in the Energy IndustryTripwire
 
Protecting Your POS Systems from the Next Big Ransomware Threat
Protecting Your POS Systems from the Next Big Ransomware ThreatProtecting Your POS Systems from the Next Big Ransomware Threat
Protecting Your POS Systems from the Next Big Ransomware ThreatTripwire
 
Top 10 Dream Jobs in Information Security
Top 10 Dream Jobs in Information SecurityTop 10 Dream Jobs in Information Security
Top 10 Dream Jobs in Information SecurityTripwire
 
DevOps Security: A New Paradigm
DevOps Security: A New ParadigmDevOps Security: A New Paradigm
DevOps Security: A New ParadigmTripwire
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 

Más contenido relacionado

Más de Tripwire

Tripwire Energy Working Group: Keynote w/Patrick Miller
Tripwire Energy Working Group: Keynote w/Patrick Miller Tripwire Energy Working Group: Keynote w/Patrick Miller
Tripwire Energy Working Group: Keynote w/Patrick Miller Tripwire
 
World Book Day: Cybersecurity’s Quietest Celebration
World Book Day: Cybersecurity’s Quietest CelebrationWorld Book Day: Cybersecurity’s Quietest Celebration
World Book Day: Cybersecurity’s Quietest CelebrationTripwire
 
Tripwire Retail Security 2020 Survey: Key Findings
Tripwire Retail Security 2020 Survey: Key FindingsTripwire Retail Security 2020 Survey: Key Findings
Tripwire Retail Security 2020 Survey: Key FindingsTripwire
 
Key Findings: Tripwire COVID-19 Cybersecurity Impact Report
Key Findings: Tripwire COVID-19 Cybersecurity Impact ReportKey Findings: Tripwire COVID-19 Cybersecurity Impact Report
Key Findings: Tripwire COVID-19 Cybersecurity Impact ReportTripwire
 
The Adventures of Captain Tripwire: Coloring Book!
The Adventures of Captain Tripwire: Coloring Book!The Adventures of Captain Tripwire: Coloring Book!
The Adventures of Captain Tripwire: Coloring Book!Tripwire
 
Industrial Cybersecurity: Practical Tips for IT & OT Collaboration
Industrial Cybersecurity: Practical Tips for IT & OT CollaborationIndustrial Cybersecurity: Practical Tips for IT & OT Collaboration
Industrial Cybersecurity: Practical Tips for IT & OT CollaborationTripwire
 
The Adventures of Captain Tripwire #1: Captain Tripwire Faces the Indefensibl...
The Adventures of Captain Tripwire #1: Captain Tripwire Faces the Indefensibl...The Adventures of Captain Tripwire #1: Captain Tripwire Faces the Indefensibl...
The Adventures of Captain Tripwire #1: Captain Tripwire Faces the Indefensibl...Tripwire
 
Tripwire 2019 Skills Gap Survey: Key Findings
Tripwire 2019 Skills Gap Survey: Key FindingsTripwire 2019 Skills Gap Survey: Key Findings
Tripwire 2019 Skills Gap Survey: Key FindingsTripwire
 
A Look Back at 2018: The Most Memorable Cyber Moments
A Look Back at 2018: The Most Memorable Cyber MomentsA Look Back at 2018: The Most Memorable Cyber Moments
A Look Back at 2018: The Most Memorable Cyber MomentsTripwire
 
Time for Your Compliance Check-Up: How Mercy Health Uses Tripwire to Pass Audits
Time for Your Compliance Check-Up: How Mercy Health Uses Tripwire to Pass AuditsTime for Your Compliance Check-Up: How Mercy Health Uses Tripwire to Pass Audits
Time for Your Compliance Check-Up: How Mercy Health Uses Tripwire to Pass AuditsTripwire
 
Tripwire State of Cyber Hygiene 2018 Report: Key Findings
Tripwire State of Cyber Hygiene 2018 Report: Key FindingsTripwire State of Cyber Hygiene 2018 Report: Key Findings
Tripwire State of Cyber Hygiene 2018 Report: Key FindingsTripwire
 
Defend Your Data Now with the MITRE ATT&CK Framework
Defend Your Data Now with the MITRE ATT&CK FrameworkDefend Your Data Now with the MITRE ATT&CK Framework
Defend Your Data Now with the MITRE ATT&CK FrameworkTripwire
 
Defending Critical Infrastructure Against Cyber Attacks
Defending Critical Infrastructure Against Cyber AttacksDefending Critical Infrastructure Against Cyber Attacks
Defending Critical Infrastructure Against Cyber AttacksTripwire
 
Jumpstarting Your Cyberdefense Machine with the CIS Controls V7
Jumpstarting Your Cyberdefense Machine with the CIS Controls V7 Jumpstarting Your Cyberdefense Machine with the CIS Controls V7
Jumpstarting Your Cyberdefense Machine with the CIS Controls V7Tripwire
 
Hunting for Cyber Threats Using Threat Modeling & Frameworks
Hunting for Cyber Threats Using Threat Modeling & Frameworks Hunting for Cyber Threats Using Threat Modeling & Frameworks
Hunting for Cyber Threats Using Threat Modeling & Frameworks Tripwire
 
Most RSAC Attendees Favor Shorter Vulnerability Disclosure Timelines
Most RSAC Attendees Favor Shorter Vulnerability Disclosure TimelinesMost RSAC Attendees Favor Shorter Vulnerability Disclosure Timelines
Most RSAC Attendees Favor Shorter Vulnerability Disclosure TimelinesTripwire
 
ICS Security in the Energy Industry
ICS Security in the Energy IndustryICS Security in the Energy Industry
ICS Security in the Energy IndustryTripwire
 
Protecting Your POS Systems from the Next Big Ransomware Threat
Protecting Your POS Systems from the Next Big Ransomware ThreatProtecting Your POS Systems from the Next Big Ransomware Threat
Protecting Your POS Systems from the Next Big Ransomware ThreatTripwire
 
Top 10 Dream Jobs in Information Security
Top 10 Dream Jobs in Information SecurityTop 10 Dream Jobs in Information Security
Top 10 Dream Jobs in Information SecurityTripwire
 
DevOps Security: A New Paradigm
DevOps Security: A New ParadigmDevOps Security: A New Paradigm
DevOps Security: A New ParadigmTripwire
 

Más de Tripwire (20)

Tripwire Energy Working Group: Keynote w/Patrick Miller
Tripwire Energy Working Group: Keynote w/Patrick Miller Tripwire Energy Working Group: Keynote w/Patrick Miller
Tripwire Energy Working Group: Keynote w/Patrick Miller
 
World Book Day: Cybersecurity’s Quietest Celebration
World Book Day: Cybersecurity’s Quietest CelebrationWorld Book Day: Cybersecurity’s Quietest Celebration
World Book Day: Cybersecurity’s Quietest Celebration
 
Tripwire Retail Security 2020 Survey: Key Findings
Tripwire Retail Security 2020 Survey: Key FindingsTripwire Retail Security 2020 Survey: Key Findings
Tripwire Retail Security 2020 Survey: Key Findings
 
Key Findings: Tripwire COVID-19 Cybersecurity Impact Report
Key Findings: Tripwire COVID-19 Cybersecurity Impact ReportKey Findings: Tripwire COVID-19 Cybersecurity Impact Report
Key Findings: Tripwire COVID-19 Cybersecurity Impact Report
 
The Adventures of Captain Tripwire: Coloring Book!
The Adventures of Captain Tripwire: Coloring Book!The Adventures of Captain Tripwire: Coloring Book!
The Adventures of Captain Tripwire: Coloring Book!
 
Industrial Cybersecurity: Practical Tips for IT & OT Collaboration
Industrial Cybersecurity: Practical Tips for IT & OT CollaborationIndustrial Cybersecurity: Practical Tips for IT & OT Collaboration
Industrial Cybersecurity: Practical Tips for IT & OT Collaboration
 
The Adventures of Captain Tripwire #1: Captain Tripwire Faces the Indefensibl...
The Adventures of Captain Tripwire #1: Captain Tripwire Faces the Indefensibl...The Adventures of Captain Tripwire #1: Captain Tripwire Faces the Indefensibl...
The Adventures of Captain Tripwire #1: Captain Tripwire Faces the Indefensibl...
 
Tripwire 2019 Skills Gap Survey: Key Findings
Tripwire 2019 Skills Gap Survey: Key FindingsTripwire 2019 Skills Gap Survey: Key Findings
Tripwire 2019 Skills Gap Survey: Key Findings
 
A Look Back at 2018: The Most Memorable Cyber Moments
A Look Back at 2018: The Most Memorable Cyber MomentsA Look Back at 2018: The Most Memorable Cyber Moments
A Look Back at 2018: The Most Memorable Cyber Moments
 
Time for Your Compliance Check-Up: How Mercy Health Uses Tripwire to Pass Audits
Time for Your Compliance Check-Up: How Mercy Health Uses Tripwire to Pass AuditsTime for Your Compliance Check-Up: How Mercy Health Uses Tripwire to Pass Audits
Time for Your Compliance Check-Up: How Mercy Health Uses Tripwire to Pass Audits
 
Tripwire State of Cyber Hygiene 2018 Report: Key Findings
Tripwire State of Cyber Hygiene 2018 Report: Key FindingsTripwire State of Cyber Hygiene 2018 Report: Key Findings
Tripwire State of Cyber Hygiene 2018 Report: Key Findings
 
Defend Your Data Now with the MITRE ATT&CK Framework
Defend Your Data Now with the MITRE ATT&CK FrameworkDefend Your Data Now with the MITRE ATT&CK Framework
Defend Your Data Now with the MITRE ATT&CK Framework
 
Defending Critical Infrastructure Against Cyber Attacks
Defending Critical Infrastructure Against Cyber AttacksDefending Critical Infrastructure Against Cyber Attacks
Defending Critical Infrastructure Against Cyber Attacks
 
Jumpstarting Your Cyberdefense Machine with the CIS Controls V7
Jumpstarting Your Cyberdefense Machine with the CIS Controls V7 Jumpstarting Your Cyberdefense Machine with the CIS Controls V7
Jumpstarting Your Cyberdefense Machine with the CIS Controls V7
 
Hunting for Cyber Threats Using Threat Modeling & Frameworks
Hunting for Cyber Threats Using Threat Modeling & Frameworks Hunting for Cyber Threats Using Threat Modeling & Frameworks
Hunting for Cyber Threats Using Threat Modeling & Frameworks
 
Most RSAC Attendees Favor Shorter Vulnerability Disclosure Timelines
Most RSAC Attendees Favor Shorter Vulnerability Disclosure TimelinesMost RSAC Attendees Favor Shorter Vulnerability Disclosure Timelines
Most RSAC Attendees Favor Shorter Vulnerability Disclosure Timelines
 
ICS Security in the Energy Industry
ICS Security in the Energy IndustryICS Security in the Energy Industry
ICS Security in the Energy Industry
 
Protecting Your POS Systems from the Next Big Ransomware Threat
Protecting Your POS Systems from the Next Big Ransomware ThreatProtecting Your POS Systems from the Next Big Ransomware Threat
Protecting Your POS Systems from the Next Big Ransomware Threat
 
Top 10 Dream Jobs in Information Security
Top 10 Dream Jobs in Information SecurityTop 10 Dream Jobs in Information Security
Top 10 Dream Jobs in Information Security
 
DevOps Security: A New Paradigm
DevOps Security: A New ParadigmDevOps Security: A New Paradigm
DevOps Security: A New Paradigm
 

Último

Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 

Último (20)

Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 

NERC CIP Cyber Security Standards V4 – Is it getting better or worse?

  • 1. NERC CIP Cyber Security Standards V4: Is it getting better or worse? Join the conversation: #CIPv4Webcast
  • 2. NERC CIP Cyber Security Standards V4 – Is it getting better or worse? Join the conversation: #CIPv4Webcast
  • 3. We will cover… The New Prescriptive Bright-line Criteria Struggles between FERC, NERC, & Industry Practices for Security, Reliability, and Compliance Smart Grid Evolution Benefits & Challenges Visibility, Intelligence, and Automation are Key Join the conversation: #CIPv4Webcast
  • 4. Energy’s Inverted Security Model One Big Network Open to Cyber-Threats Join the conversation: #CIPv4Webcast
  • 5. Cyber Security is a Priority! Join the conversation: #CIPv4Webcast
  • 6. CIP Version 4 Vetting Process Industry • Majority vote of the Ballot Pool of Registered Ballot Body participants. Approval NERC • NERC Board of Trustees. • Dissenting & minority positions highlighted with the Approval drafting. team’s and NERC staff’s comments. FERC • Elect to approve as written; • Approve conditionally; or Approval • Reject the standards. • Opportunity for industry to file comments. FERC NOPR • Comments addressed in the Final Rule. Join the conversation: 6 #CIPv4Webcast
  • 7. Potential FERC Timeline Scenario Final Order NOPR in Industry Published in Effective Federal Comments Federal Date Register Due Register 120 150 0 Days 30 Days Days Days + 24 months per NERC proposed implementation plan Join the conversation: #CIPv4Webcast
  • 8. CIP Version 4 Bright-line Criteria Bright-line • Risk-based Examples • Required. Assessment is Out. • Identify Compliance • Prescriptive Criteria to • 1500 MW Generators. Milestones. Define Criticality of • Transmission Facilities • Follow Specific Criteria. Assets is In. at 500kv or Higher. • Reliability Coordinator Control Centers. Bright-line Implementation Criteria Plan Join the conversation: 8 #CIPv4Webcast
  • 9. Next Practices for Security, Reliability, & Compliance Categorize All Prescriptive Identify All Assets with Risk Assets Bright-line Assessment Criteria Business Prescriptive Validate Decision: “How Controls: “What Security to implement to do” Controls controls” Collect & Retain Document All Continuously Data to Identify & Steps & Manage & Respond to Corrective Monitor Security Actions Incidents Join the conversation: 9 #CIPv4Webcast
  • 10. Smart Grid Evolution – Benefits & Challenges Rethink: Consumer Participation Business Practices Privacy Issues Enables New Optimize Products, Se Asset Threats rvices, & Utilization & Markets Efficiency Vulnerabilities Security Controls Provides Proactive Quality Response to Power for System Digital Disturbances Economy Accommodate s all generation & storage options Join the conversation: 10 #CIPv4Webcast
  • 11. How do you get started? Visibility Intelligence Automation • • • • Join the conversation: #CIPv4Webcast
  • 12. Tripwire Solutions Join the conversation: #CIPv4Webcast
  • 13. More Prescriptive Guidance Join the conversation: #CIPv4Webcast 13
  • 14. What Needs To Change? Join the conversation: #CIPv4Webcast 14
  • 15. Tripwire Solutions for NERC change auditing, configuration control log management SCADA and other mission critical systems monitor and review logs on a number of different platforms:  AIX PowerPC 5.3 systems  Windows 2003 servers  HP-UX (PA-RSIC) v11 systems  Win XP Desktops  Red Hat Linux  Windows 2003 and Active  Solaris SPARC Directory domain controllers SuSE Linux systems Join the conversation:   Windows Server 2000 #CIPv4Webcast
  • 16. Tripwire and Relevant CIPs Critical Cyber Asset Identification Security Management Controls Electronic Security Perimeters Systems Security Management Join the conversation: #CIPv4Webcast
  • 17. Tripwire and Relevant CIPs Critical Cyber Asset Identification • Security Management Controls • • Electronic Security Perimeters • • • Systems Security Management • • • • • Join the conversation: #CIPv4Webcast
  • 18. VIA: Simply Compliant, More Secure. Join the conversation: #CIPv4Webcast 18
  • 19. Tripwire VIA: Intelligent Threat Control Tripwire VIATM VISIBILITY  INTELLIGENCE  AUTOMATION Join the conversation: #CIPv4Webcast
  • 21. • Summarizes key points • Describes the affect of CIP compliance vs. noncompliance • Offers a Due Diligence Checklist • Complimentary copy Join the conversation: #CIPv4Webcast
  • 22. Questions Paul Reymann James Stanton (410) 956-7336 (410) 956 7334 paul@reymanngroup.com jim@reymanngroup.com Cindy Valladares cvalladares@tripwire.com Twitter: @cindyv Join the conversation: #CIPv4Webcast
  • 23. THANK YOU! Cindy Valladares www.tripwire.com cvalladares@tripwire.com @cindyv Join the conversation: #CIPv4Webcast

Notas del editor

  1. Because companies are still having so many problems, more prescriptive guidance and stronger compliance ensues.
  2. Attacks are more real than everStuxnet as an exampleIndustry is running as fast as possible to “hardened shell” strategy.Blind side not working – it’s the server and the data2 problems – The technical solution – harden from the inside outGetting people to acknowledge this as a better way and begin to adopt this new approachWhere are we?Battle between configurations and events+perimeterDavid vs. GoliathSecurity industry: events and perimeterEmerging compliance mandates: ConfigurationsCompliance: ConfigurationsVerizon: ConfigurationsSANs: ConfigurationsFederal government: Configurations and monitoringOrganizations are getting a false sense of security, because they are investing in reactive controls but not getting the benefit of their investment.At an inflection point. Our focus is on hardening and defending the server.Standards can’t evolve fast enough and no single compliance requirement will be enough.Hardened shell – embrace and extendEmbrace and extend the hard shellHard shell is necessary but not sufficientInside-out strategy
  3. Leverage compliance to proactively get ahead of threatsDeliver context others cannotDemonstrate the value of your compliance and security investmentSimply Compliant. More Secure.Simplify IT compliance and securityShorten the time to detect IT RiskReduce our customers’ costs
  4. Tripwire VIA delivers intelligent threat control by providing…Visibility across your infrastructure to know what is happening at all times.Intelligence to know which changes or events are suspect and may put your infrastructure and data at risk of compromise.Automation to help you to categorize high risk changes and events, remediate certain conditions, and automate compliance requirements such as reporting.
  5. Tripwire VIA delivers intelligent threat control by providing…Visibility across your infrastructure to know what is happening at all times.Intelligence to know which changes or events are suspect and may put your infrastructure and data at risk of compromise.Automation to help you to categorize high risk changes and events, remediate certain conditions, and automate compliance requirements such as reporting.
  6. Tripwire VIA delivers intelligent threat control by providing…Visibility across your infrastructure to know what is happening at all times.Intelligence to know which changes or events are suspect and may put your infrastructure and data at risk of compromise.Automation to help you to categorize high risk changes and events, remediate certain conditions, and automate compliance requirements such as reporting.