Best practices in NERC CIP Compliance Programs
Protecting utility networks from cyber attack is a never-ending job. To that end, utilities are in the midst of modifying Critical Infrastructure Protection programs to not only comply with federal regulations but achieve mature security practices. In this session, panelists will discuss how their utilities are making use of the National Institute of Standards and Technology’s Cybersecurity Framework, NERC CIP standards and other security best practices for control references. Attendees will learn from those in the field on how they are shoring up their compliance programs. Panelists will discuss opportunities addressed throughout these processes and impart their lessons-learned.
Staying Ahead of the Threat: Current Trends in Physical Security
Physical security challenges remain a key priority for the utility industry. From concerns over sophisticated, targeted attacks on key infrastructure to the rise in environmental activism and vandalism, utilities must stay vigilant in their efforts to protect their assets. In this session, panelists will discuss current trends/best practices in physical security. What are the biggest challenges? What successes can be shared across the industry?
Putting Everything into Perspective: Are All Risks Business Risks?
9:45am - 10:45am
Is it blasphemy to say cybersecurity is not an operational risk? Many in the industry have been struggling to define accurate cybersecurity measurements for operational assets, and perhaps some have been looking at it the wrong way. To truly measure and reduce the cybersecurity aspect of a utility’s risk, especially those dealing with our operational assets, the role of cybersecurity must be better aligned with business goals. In this session, experts will discuss the need to alter the perception of cybersecurity from a primarily IT concern, to an everyday function of the business. Panelists will discuss ways to redefine how cybersecurity impacts are identified in operational environments. This presentation will arm attendees with information and data to make that argument and move us beyond our current limitations.
The New Paradigm in Grid Management, Cybersecurity & Critical Infrastructure Protection
The digitalization of utilities promises to optimize the supply and demand of electricity, manage the increasing number of renewable sources of energy and micro grids while offering efficiency improvements for consumers. Furthermore, the large volumes of data generated, combined with predictive analytics allows utilities to transition to a proactive mode of asset management. Such a far-reaching digital transformation comes with many challenges for critical infrastructures, with cyber security near the top of the list. The widespread connection of distributed energy resources will drastically increase the attack surfaces, which will expose utilities to new threats. Other issues such as the deployment of intelligent networks, interoperability between legacy systems and IoT devices, IT/OT convergence, equipment standardization and compliance all need to be addressed before the real benefits of the digital transformation can be achieved. Mr. Gaetan Houle, SNC-Lavalin’s Principal Security Architect, will touch upon the digital utility transformation and highlight some of the industry’s best-practices for transitioning to a secure, digitally integrated electrical grid amidst increasingly sophisticated threats.
Defense in Depth Strategy
3:15pm - 4:15pm
Cyber Attacks on Critical Infrastructures has risen more than 24% over the course of the past year. As time goes on, more and more Intelligent Electronic Devices (IEDs) are being deployed in Bulk Electric Systems (BES), Oil & Gas, and Transportation in order to be able to gather more data, and to help optimize efficiency. In turn, this is causing cybercriminals to turn their attention to Industrial Controls Systems (ICS) as targets. In order for operators to be able to defend against these attacks, they must implement a Defense in Depth strategy utilizing standards such as IEC 624423 and ISO 27001 along with guidelines such as the NIST Cybersecurity Framework, NCCOE Situational Awareness Planning Guide NIST SP 1800-7, and the BDEW whitepaper. While the implementation of any single strategy will not lead to full cybersecurity compliance, with the adaptation of Defense in Depth and in implementing more than one of these standards, it will help to reduce the “attack surface” which will greatly reduce the likelihood of an attacker being successful.
Updates on NERC CIP Compliance
4:30pm - 5:30pm
As utilities shore up their systems from all kinds of physical and cyber threats, the industry’s compliance arm is proposing new standards and requirements in an effort to manage these dangers. This session will give those responsible for implementing these standards an opportunity to hear from those crafting them. In this panel, attendees will hear directly from the North American Electric Reliability Corporation, the entity responsible for ensuring compliance with these evolving standards. Attendees will have an opportunity engage in an interactive dialogue with NERC and learn about the organization’s priorities going forward.