SlideShare uma empresa Scribd logo

Next Generation Information Sharing for the Electric Sector

Transferir como PPTX, PDF
EnergySec
EnergySec

Presented in February of 2011 at ERCOT CIPWG meeting, this slide deck addresses not only the NESCO program but also points out the information sharing and collaboration required to help improve security in the electric sector.

TecnologiaNegócios
1 de 21
Next Generation Information Sharing For The Electric Sector Patrick C Miller, President and CEO February 4, 2011 ERCOT CIPWG Meeting ERCOT Executive and Administrative Center
History • 7/2004: EnergySec founded as E-Sec NW • 1/2008: SANS Information Sharing Award • 12/2008: Incorporated as EnergySec • 10/2009: 501(c)(3) nonprofit determination • 4/2010: EnergySec applied for National Electric Sector Cybersecurity Organization (NESCO) FOA • 7/2010: NESCO grant award from DOE • 10/2010: NESCO became operational The National Electric Sector Cybersecurity Organization (NESCO) is a DOE-funded EnergySec Program 1
Now And Beyond • Over 460 members from 124 organizations – 74% of US electric distribution – 60% of US electric generation • The asset owners are already sharing • Challenges – Increase and improve asset-owner sharing – Establish two-way sharing from the government and vendor segments The National Electric Sector Cybersecurity Organization (NESCO) is a DOE-funded EnergySec Program 2
What Is The NESCO? Two organizations received awards: – EnergySec was selected to form and lead the National Electric Sector Cybersecurity Organization (NESCO) – The Electric Power Research Institute (EPRI) was selected as a research and analysis resource to the NESCO (NESCOR) The National Electric Sector Cybersecurity Organization (NESCO) is a DOE-funded EnergySec Program 3
What Is The NESCO? • Mission: Lead a broad-based, public-private partnership to improve electric sector energy systems cyber security; become the security voice of the electric industry • Goals: – Identify and disseminate common, effective cyber security practices – Analyze, monitor and relay infrastructure threat information – Work with federal agencies to improve electric sector cyber security – Encourage key electric sector supplier and vendor support / interaction The National Electric Sector Cybersecurity Organization (NESCO) is a DOE-funded EnergySec Program 4
Key Differentiators • What is the difference between EnergySec and NESCO? – NESCO is a DOE-funded program under the EnergySec non-profit umbrella • What is the difference between NESCO and NESCOR? – NESCO is the lead role, NESCOR is a technical resource to the NESCO The National Electric Sector Cybersecurity Organization (NESCO) is a DOE-funded EnergySec Program 5
Key Differentiators • Is EnergySec a product or service vendor? – EnergySec has no for-profit products and/or services • Is NESCO a government agency? – No; the NESCO is funded by a DOE grant but managed by EnergySec, a private non-profit 501(c)(3) organization • Is NESCO involved in regulation? – No; the NESCO has no regulatory capacity The National Electric Sector Cybersecurity Organization (NESCO) is a DOE-funded EnergySec Program 6
Key Differentiators • What is the difference between NESCO and the NERC ES-ISAC? – NESCO: Non-regulatory; participation and reporting are not required (voluntary); industry funded; supports ISAC – NERC ES-ISAC: Regulatory, participation and reporting is mandatory; statutorily funded The National Electric Sector Cybersecurity Organization (NESCO) is a DOE-funded EnergySec Program 7
Key Differentiators • What is the difference between NESCO and the DHS ICS-CERT? – NESCO: Electric sector focus; discretionary classification of information; near real-time; informal – DHS ICS-CERT: Control systems focus (all sectors); extended duration before information is classified and released; formal The National Electric Sector Cybersecurity Organization (NESCO) is a DOE-funded EnergySec Program 8
Key Differentiators • Is NESCO another trade association? – No; NESCO spans all trade associations • Is NESCO another National Energy Lab? – No, however NESCO works closely with all National Labs • NESCO makes every effort to avoid duplicating already existing successful programs The National Electric Sector Cybersecurity Organization (NESCO) is a DOE-funded EnergySec Program 9
Infosharing Characteristics US Government Industry • Deliberate and • Often more ad hoc and authoritative much more agile • Often highly • 100% accuracy isn’t compartmentalized always required • Classifies threats and • Difficult to handle incidents for CI/KR classified information • Holds only some of the • Can share more freely relevant information without needing authorization The National Electric Sector Cybersecurity Organization (NESCO) is a DOE-funded EnergySec Program 10
How Does This Work? • Sharing requires trust • Trust is built on relationships • NESCO fosters trustworthy relationships – Bringing people together – Flexible technology options The National Electric Sector Cybersecurity Organization (NESCO) is a DOE-funded EnergySec Program 11
NESCO Outreach • NESCO outreach programs – Annual Summit – Town Hall Meetings (April 27th, Austin TX) – Voice Of The Industry Meeting – Interest Groups – Webinars – Portal/Forums – Email distribution lists – Social media The National Electric Sector Cybersecurity Organization (NESCO) is a DOE-funded EnergySec Program 12
NESCO Technology • Email distribution lists • Secure portal with forums • Secure instant messaging • Rapid notification mechanisms • Web collaboration • Resource repository • Most technologies have non- attribution (anonymous) options The National Electric Sector Cybersecurity Organization (NESCO) is a DOE-funded EnergySec Program 13
Free Like A Puppy • NESCO grant contains a cost-share requirement – Must be fully funded by industry after 3 years • 20/80 Year One • 40/60 Year Two • 60/40 Year Three – DOE has an expectation that industry will support the NESCO The National Electric Sector Cybersecurity Organization (NESCO) is a DOE-funded EnergySec Program 14
Sponsorship Benefits • Sponsorships are tax deductible • Less expensive than headcount and/or training • Access to industry peers – What works, what doesn’t – Informal benchmarking – Situational awareness – Threat and vulnerability analysis – Mentoring The National Electric Sector Cybersecurity Organization (NESCO) is a DOE-funded EnergySec Program 15
Sponsorship Benefits • Access to Resource Repository [coming soon] – Code snippets – IDS signatures – Audit templates – Reference architectures – Attack signatures – System configurations – Policy, process, procedure templates – Compliance practices The National Electric Sector Cybersecurity Organization (NESCO) is a DOE-funded EnergySec Program 16
Secure Collaboration Options Asset Owners Product and Academia Service Vendors Government Entities The National Electric Sector Cybersecurity Organization (NESCO) is a DOE-funded EnergySec Program 17
Conclusion • Unique non-profit, independent, public-private information sharing organization • Focused on building trust through relationships • Flexible technology facilitates and catalyzes information sharing efforts • Security voice of the electric sector • NESCO’s success depends on participation and sponsorship from the asset-owners and vendors The National Electric Sector Cybersecurity Organization (NESCO) is a DOE-funded EnergySec Program 18
Plug In www.energysec.org The National Electric Sector Cybersecurity Organization (NESCO) is a DOE-funded EnergySec Program 19
Questions? Non-profit. Independent. Trusted. Patrick C Miller, President and CEO patrick@energysec.org 503-446-1212 The National Electric Sector Cybersecurity Organization (NESCO) is a DOE-funded EnergySec Program 20

Recomendados

EnergySec & NESCO Overview
EnergySec & NESCO OverviewEnergySec & NESCO Overview
EnergySec & NESCO OverviewEnergySec
 
Security From the Ground Up
Security From the Ground UpSecurity From the Ground Up
Security From the Ground UpEnergySec
 
Security From the Ground Up
Security From the Ground UpSecurity From the Ground Up
Security From the Ground UpEnergySec
 
TAC Subscription Webinar
TAC Subscription WebinarTAC Subscription Webinar
TAC Subscription WebinarEnergySec
 
Smart Grid Interoperablity December Emeeting 20131212 final
Smart Grid Interoperablity December Emeeting 20131212 finalSmart Grid Interoperablity December Emeeting 20131212 final
Smart Grid Interoperablity December Emeeting 20131212 finalSmart Grid Interoperability Panel
 
Br pdf ad_p_2010
Br pdf ad_p_2010Br pdf ad_p_2010
Br pdf ad_p_2010dictatim
 
NESCO Overview: Emerson Ovation User Group BOD Meeting
NESCO Overview: Emerson Ovation User Group BOD MeetingNESCO Overview: Emerson Ovation User Group BOD Meeting
NESCO Overview: Emerson Ovation User Group BOD MeetingEnergySec
 
Daniel Lance - What "You've Got Mail" Taught Me About Cyber Security
Daniel Lance - What "You've Got Mail" Taught Me About Cyber SecurityDaniel Lance - What "You've Got Mail" Taught Me About Cyber Security
Daniel Lance - What "You've Got Mail" Taught Me About Cyber SecurityEnergySec
 

Recomendados

EnergySec & NESCO Overview
EnergySec & NESCO OverviewEnergySec & NESCO Overview
EnergySec & NESCO OverviewEnergySec
 
Security From the Ground Up
Security From the Ground UpSecurity From the Ground Up
Security From the Ground UpEnergySec
 
Security From the Ground Up
Security From the Ground UpSecurity From the Ground Up
Security From the Ground UpEnergySec
 
TAC Subscription Webinar
TAC Subscription WebinarTAC Subscription Webinar
TAC Subscription WebinarEnergySec
 
Smart Grid Interoperablity December Emeeting 20131212 final
Smart Grid Interoperablity December Emeeting 20131212 finalSmart Grid Interoperablity December Emeeting 20131212 final
Smart Grid Interoperablity December Emeeting 20131212 finalSmart Grid Interoperability Panel
 
Br pdf ad_p_2010
Br pdf ad_p_2010Br pdf ad_p_2010
Br pdf ad_p_2010dictatim
 
NESCO Overview: Emerson Ovation User Group BOD Meeting
NESCO Overview: Emerson Ovation User Group BOD MeetingNESCO Overview: Emerson Ovation User Group BOD Meeting
NESCO Overview: Emerson Ovation User Group BOD MeetingEnergySec
 
Daniel Lance - What "You've Got Mail" Taught Me About Cyber Security
Daniel Lance - What "You've Got Mail" Taught Me About Cyber SecurityDaniel Lance - What "You've Got Mail" Taught Me About Cyber Security
Daniel Lance - What "You've Got Mail" Taught Me About Cyber SecurityEnergySec
 
Generators
GeneratorsGenerators
GeneratorsKim Boggio
 
SSGC Complete Report
SSGC Complete ReportSSGC Complete Report
SSGC Complete ReportSamad Bombaywala
 
Presentation By Munawar Baseer Ahmed
Presentation By Munawar Baseer AhmedPresentation By Munawar Baseer Ahmed
Presentation By Munawar Baseer AhmedIEEEP Karachi
 
Training on Diesel Generators
Training on Diesel GeneratorsTraining on Diesel Generators
Training on Diesel Generatorsvijay tharad
 
Electric power generation professional development project
Electric power generation professional development projectElectric power generation professional development project
Electric power generation professional development projectErik Jones
 
Energy Source Of Pakistan
Energy Source Of PakistanEnergy Source Of Pakistan
Energy Source Of Pakistannight seem
 
Power sector in India
Power sector in IndiaPower sector in India
Power sector in IndiaDaya Kherwar
 
Power Generation In Pakistan
Power Generation In PakistanPower Generation In Pakistan
Power Generation In PakistanImad Baig
 
Thermal power point
Thermal power pointThermal power point
Thermal power pointSwatantra Kumar
 
Thermal power plant
Thermal power plantThermal power plant
Thermal power plantShikhar Sodhani
 
NESCO: A Closer Look
NESCO: A Closer LookNESCO: A Closer Look
NESCO: A Closer LookEnergySec
 
EnergySec and the NESCO overview
EnergySec and the NESCO overviewEnergySec and the NESCO overview
EnergySec and the NESCO overviewEnergySec
 
Emerson Ovation User Group BOD Meeting
Emerson Ovation User Group BOD MeetingEmerson Ovation User Group BOD Meeting
Emerson Ovation User Group BOD MeetingEnergySec
 
Interoperability, Standards and Cybersecurity: A Business Perspective
Interoperability, Standards and Cybersecurity: A Business PerspectiveInteroperability, Standards and Cybersecurity: A Business Perspective
Interoperability, Standards and Cybersecurity: A Business PerspectiveEnergySec
 
EISS Cybersecurity Briefing
EISS Cybersecurity BriefingEISS Cybersecurity Briefing
EISS Cybersecurity BriefingEnergySec
 
The Expanding Web of Cybersecurity Requirements
The Expanding Web of Cybersecurity RequirementsThe Expanding Web of Cybersecurity Requirements
The Expanding Web of Cybersecurity RequirementsEnergySec
 
Don't Get Hacked! Cybersecurity Boot Camp
Don't Get Hacked! Cybersecurity Boot CampDon't Get Hacked! Cybersecurity Boot Camp
Don't Get Hacked! Cybersecurity Boot CampEnergySec
 
NESCO Year 2 Overview
NESCO Year 2 OverviewNESCO Year 2 Overview
NESCO Year 2 OverviewEnergySec
 
Bridging the Gap: Between Operations and IT
Bridging the Gap: Between Operations and ITBridging the Gap: Between Operations and IT
Bridging the Gap: Between Operations and ITEnergySec
 
NESCO/NESCOR Joint Overview
NESCO/NESCOR Joint OverviewNESCO/NESCOR Joint Overview
NESCO/NESCOR Joint OverviewEnergySec
 
EnergySec & National Electric Cyber Security Organization (NESCO) Overview by...
EnergySec & National Electric Cyber Security Organization (NESCO) Overview by...EnergySec & National Electric Cyber Security Organization (NESCO) Overview by...
EnergySec & National Electric Cyber Security Organization (NESCO) Overview by...TheAnfieldGroup
 
What's "Smart" Got to Do With It?: A technical overview of Advanced Metering ...
What's "Smart" Got to Do With It?: A technical overview of Advanced Metering ...What's "Smart" Got to Do With It?: A technical overview of Advanced Metering ...
What's "Smart" Got to Do With It?: A technical overview of Advanced Metering ...EnergySec
 

Mais conteúdo relacionado

Destaque

Presentation By Munawar Baseer Ahmed
Presentation By Munawar Baseer AhmedPresentation By Munawar Baseer Ahmed
Presentation By Munawar Baseer AhmedIEEEP Karachi
 
Training on Diesel Generators
Training on Diesel GeneratorsTraining on Diesel Generators
Training on Diesel Generatorsvijay tharad
 
Electric power generation professional development project
Electric power generation professional development projectElectric power generation professional development project
Electric power generation professional development projectErik Jones
 
Energy Source Of Pakistan
Energy Source Of PakistanEnergy Source Of Pakistan
Energy Source Of Pakistannight seem
 
Power sector in India
Power sector in IndiaPower sector in India
Power sector in IndiaDaya Kherwar
 
Power Generation In Pakistan
Power Generation In PakistanPower Generation In Pakistan
Power Generation In PakistanImad Baig
 

Destaque (10)

Generators
GeneratorsGenerators
Generators
 
SSGC Complete Report
SSGC Complete ReportSSGC Complete Report
SSGC Complete Report
 
Presentation By Munawar Baseer Ahmed
Presentation By Munawar Baseer AhmedPresentation By Munawar Baseer Ahmed
Presentation By Munawar Baseer Ahmed
 
Training on Diesel Generators
Training on Diesel GeneratorsTraining on Diesel Generators
Training on Diesel Generators
 
Electric power generation professional development project
Electric power generation professional development projectElectric power generation professional development project
Electric power generation professional development project
 
Energy Source Of Pakistan
Energy Source Of PakistanEnergy Source Of Pakistan
Energy Source Of Pakistan
 
Power sector in India
Power sector in IndiaPower sector in India
Power sector in India
 
Power Generation In Pakistan
Power Generation In PakistanPower Generation In Pakistan
Power Generation In Pakistan
 
Thermal power point
Thermal power pointThermal power point
Thermal power point
 
Thermal power plant
Thermal power plantThermal power plant
Thermal power plant
 

Semelhante a Next Generation Information Sharing for the Electric Sector

NESCO: A Closer Look
NESCO: A Closer LookNESCO: A Closer Look
NESCO: A Closer LookEnergySec
 
EnergySec and the NESCO overview
EnergySec and the NESCO overviewEnergySec and the NESCO overview
EnergySec and the NESCO overviewEnergySec
 
Emerson Ovation User Group BOD Meeting
Emerson Ovation User Group BOD MeetingEmerson Ovation User Group BOD Meeting
Emerson Ovation User Group BOD MeetingEnergySec
 
Interoperability, Standards and Cybersecurity: A Business Perspective
Interoperability, Standards and Cybersecurity: A Business PerspectiveInteroperability, Standards and Cybersecurity: A Business Perspective
Interoperability, Standards and Cybersecurity: A Business PerspectiveEnergySec
 
EISS Cybersecurity Briefing
EISS Cybersecurity BriefingEISS Cybersecurity Briefing
EISS Cybersecurity BriefingEnergySec
 
The Expanding Web of Cybersecurity Requirements
The Expanding Web of Cybersecurity RequirementsThe Expanding Web of Cybersecurity Requirements
The Expanding Web of Cybersecurity RequirementsEnergySec
 
Don't Get Hacked! Cybersecurity Boot Camp
Don't Get Hacked! Cybersecurity Boot CampDon't Get Hacked! Cybersecurity Boot Camp
Don't Get Hacked! Cybersecurity Boot CampEnergySec
 
NESCO Year 2 Overview
NESCO Year 2 OverviewNESCO Year 2 Overview
NESCO Year 2 OverviewEnergySec
 
Bridging the Gap: Between Operations and IT
Bridging the Gap: Between Operations and ITBridging the Gap: Between Operations and IT
Bridging the Gap: Between Operations and ITEnergySec
 
NESCO/NESCOR Joint Overview
NESCO/NESCOR Joint OverviewNESCO/NESCOR Joint Overview
NESCO/NESCOR Joint OverviewEnergySec
 
EnergySec & National Electric Cyber Security Organization (NESCO) Overview by...
EnergySec & National Electric Cyber Security Organization (NESCO) Overview by...EnergySec & National Electric Cyber Security Organization (NESCO) Overview by...
EnergySec & National Electric Cyber Security Organization (NESCO) Overview by...TheAnfieldGroup
 
What's "Smart" Got to Do With It?: A technical overview of Advanced Metering ...
What's "Smart" Got to Do With It?: A technical overview of Advanced Metering ...What's "Smart" Got to Do With It?: A technical overview of Advanced Metering ...
What's "Smart" Got to Do With It?: A technical overview of Advanced Metering ...EnergySec
 
"How Today's Power Grid Implementation Choices Impact Future Smart Grid Deplo...
"How Today's Power Grid Implementation Choices Impact Future Smart Grid Deplo..."How Today's Power Grid Implementation Choices Impact Future Smart Grid Deplo...
"How Today's Power Grid Implementation Choices Impact Future Smart Grid Deplo...Smart Grid Interoperability Panel
 
Nicce, Inc. National Institute for the Commercialization of Clean Energy
Nicce, Inc. National Institute for the Commercialization of Clean EnergyNicce, Inc. National Institute for the Commercialization of Clean Energy
Nicce, Inc. National Institute for the Commercialization of Clean EnergyCarole Inge
 
Hype, Hope and Happenstance: Cyber Threats and Opportunities in an Age of Aut...
Hype, Hope and Happenstance: Cyber Threats and Opportunities in an Age of Aut...Hype, Hope and Happenstance: Cyber Threats and Opportunities in an Age of Aut...
Hype, Hope and Happenstance: Cyber Threats and Opportunities in an Age of Aut...EnergySec
 
Security of the Electric Grid: It's more than just NERC CIP
Security of the Electric Grid: It's more than just NERC CIPSecurity of the Electric Grid: It's more than just NERC CIP
Security of the Electric Grid: It's more than just NERC CIPEnergySec
 
Using the power of data by David Wollman
Using the power of data by David WollmanUsing the power of data by David Wollman
Using the power of data by David WollmanMaRS Discovery District
 
Cybersecurity for Smart Grids: Technical Approaches to Provide Cybersecurity
Cybersecurity for Smart Grids: Technical Approaches to Provide CybersecurityCybersecurity for Smart Grids: Technical Approaches to Provide Cybersecurity
Cybersecurity for Smart Grids: Technical Approaches to Provide CybersecurityLeonardo ENERGY
 
Cybersecurity Discipline
Cybersecurity DisciplineCybersecurity Discipline
Cybersecurity DisciplineMark Stockman
 

Semelhante a Next Generation Information Sharing for the Electric Sector (20)

NESCO: A Closer Look
NESCO: A Closer LookNESCO: A Closer Look
NESCO: A Closer Look
 
EnergySec and the NESCO overview
EnergySec and the NESCO overviewEnergySec and the NESCO overview
EnergySec and the NESCO overview
 
Emerson Ovation User Group BOD Meeting
Emerson Ovation User Group BOD MeetingEmerson Ovation User Group BOD Meeting
Emerson Ovation User Group BOD Meeting
 
Interoperability, Standards and Cybersecurity: A Business Perspective
Interoperability, Standards and Cybersecurity: A Business PerspectiveInteroperability, Standards and Cybersecurity: A Business Perspective
Interoperability, Standards and Cybersecurity: A Business Perspective
 
EISS Cybersecurity Briefing
EISS Cybersecurity BriefingEISS Cybersecurity Briefing
EISS Cybersecurity Briefing
 
The Expanding Web of Cybersecurity Requirements
The Expanding Web of Cybersecurity RequirementsThe Expanding Web of Cybersecurity Requirements
The Expanding Web of Cybersecurity Requirements
 
Don't Get Hacked! Cybersecurity Boot Camp
Don't Get Hacked! Cybersecurity Boot CampDon't Get Hacked! Cybersecurity Boot Camp
Don't Get Hacked! Cybersecurity Boot Camp
 
NESCO Year 2 Overview
NESCO Year 2 OverviewNESCO Year 2 Overview
NESCO Year 2 Overview
 
Bridging the Gap: Between Operations and IT
Bridging the Gap: Between Operations and ITBridging the Gap: Between Operations and IT
Bridging the Gap: Between Operations and IT
 
NESCO/NESCOR Joint Overview
NESCO/NESCOR Joint OverviewNESCO/NESCOR Joint Overview
NESCO/NESCOR Joint Overview
 
EnergySec & National Electric Cyber Security Organization (NESCO) Overview by...
EnergySec & National Electric Cyber Security Organization (NESCO) Overview by...EnergySec & National Electric Cyber Security Organization (NESCO) Overview by...
EnergySec & National Electric Cyber Security Organization (NESCO) Overview by...
 
What's "Smart" Got to Do With It?: A technical overview of Advanced Metering ...
What's "Smart" Got to Do With It?: A technical overview of Advanced Metering ...What's "Smart" Got to Do With It?: A technical overview of Advanced Metering ...
What's "Smart" Got to Do With It?: A technical overview of Advanced Metering ...
 
"How Today's Power Grid Implementation Choices Impact Future Smart Grid Deplo...
"How Today's Power Grid Implementation Choices Impact Future Smart Grid Deplo..."How Today's Power Grid Implementation Choices Impact Future Smart Grid Deplo...
"How Today's Power Grid Implementation Choices Impact Future Smart Grid Deplo...
 
Nicce, Inc. National Institute for the Commercialization of Clean Energy
Nicce, Inc. National Institute for the Commercialization of Clean EnergyNicce, Inc. National Institute for the Commercialization of Clean Energy
Nicce, Inc. National Institute for the Commercialization of Clean Energy
 
Hype, Hope and Happenstance: Cyber Threats and Opportunities in an Age of Aut...
Hype, Hope and Happenstance: Cyber Threats and Opportunities in an Age of Aut...Hype, Hope and Happenstance: Cyber Threats and Opportunities in an Age of Aut...
Hype, Hope and Happenstance: Cyber Threats and Opportunities in an Age of Aut...
 
Security of the Electric Grid: It's more than just NERC CIP
Security of the Electric Grid: It's more than just NERC CIPSecurity of the Electric Grid: It's more than just NERC CIP
Security of the Electric Grid: It's more than just NERC CIP
 
EITAC-030121-G
EITAC-030121-GEITAC-030121-G
EITAC-030121-G
 
Using the power of data by David Wollman
Using the power of data by David WollmanUsing the power of data by David Wollman
Using the power of data by David Wollman
 
Cybersecurity for Smart Grids: Technical Approaches to Provide Cybersecurity
Cybersecurity for Smart Grids: Technical Approaches to Provide CybersecurityCybersecurity for Smart Grids: Technical Approaches to Provide Cybersecurity
Cybersecurity for Smart Grids: Technical Approaches to Provide Cybersecurity
 
Cybersecurity Discipline
Cybersecurity DisciplineCybersecurity Discipline
Cybersecurity Discipline
 

Mais de EnergySec

Gary Leatherman - A Holistic Approach for Reimagining Cyber Defense
Gary Leatherman - A Holistic Approach for Reimagining Cyber DefenseGary Leatherman - A Holistic Approach for Reimagining Cyber Defense
Gary Leatherman - A Holistic Approach for Reimagining Cyber DefenseEnergySec
 
Slide Griffin - Practical Attacks and Mitigations
Slide Griffin - Practical Attacks and MitigationsSlide Griffin - Practical Attacks and Mitigations
Slide Griffin - Practical Attacks and MitigationsEnergySec
 
Patrick Miller - Tackling Tomorrow's Biggest Cybersecurity Problems with Real...
Patrick Miller - Tackling Tomorrow's Biggest Cybersecurity Problems with Real...Patrick Miller - Tackling Tomorrow's Biggest Cybersecurity Problems with Real...
Patrick Miller - Tackling Tomorrow's Biggest Cybersecurity Problems with Real...EnergySec
 
Jack Whitsitt - Yours, Anecdotally
Jack Whitsitt - Yours, AnecdotallyJack Whitsitt - Yours, Anecdotally
Jack Whitsitt - Yours, AnecdotallyEnergySec
 
Steve Parker - The Internet of Everything: Cyber-defense in an Age of Ubiquit...
Steve Parker - The Internet of Everything: Cyber-defense in an Age of Ubiquit...Steve Parker - The Internet of Everything: Cyber-defense in an Age of Ubiquit...
Steve Parker - The Internet of Everything: Cyber-defense in an Age of Ubiquit...EnergySec
 
Lessons Learned For NERC CIPv5 Compliance & Configuration Change Management
Lessons Learned For NERC CIPv5 Compliance & Configuration Change ManagementLessons Learned For NERC CIPv5 Compliance & Configuration Change Management
Lessons Learned For NERC CIPv5 Compliance & Configuration Change ManagementEnergySec
 
Explore the Implicit Requirements of the NERC CIP RSAWs
Explore the Implicit Requirements of the NERC CIP RSAWsExplore the Implicit Requirements of the NERC CIP RSAWs
Explore the Implicit Requirements of the NERC CIP RSAWsEnergySec
 
Wireless Sensor Networks: Nothing is Out of Reach
Wireless Sensor Networks: Nothing is Out of ReachWireless Sensor Networks: Nothing is Out of Reach
Wireless Sensor Networks: Nothing is Out of ReachEnergySec
 
Please, Come and Hack my SCADA System!
Please, Come and Hack my SCADA System!Please, Come and Hack my SCADA System!
Please, Come and Hack my SCADA System!EnergySec
 
Unidirectional Network Architectures
Unidirectional Network ArchitecturesUnidirectional Network Architectures
Unidirectional Network ArchitecturesEnergySec
 
NERC CIP Version 5 and Beyond – Compliance and the Vendor’s Role
NERC CIP Version 5 and Beyond – Compliance and the Vendor’s RoleNERC CIP Version 5 and Beyond – Compliance and the Vendor’s Role
NERC CIP Version 5 and Beyond – Compliance and the Vendor’s RoleEnergySec
 
Industrial Technology Trajectory: Running With Scissors
Industrial Technology Trajectory: Running With ScissorsIndustrial Technology Trajectory: Running With Scissors
Industrial Technology Trajectory: Running With ScissorsEnergySec
 
The Path to Confident Compliance and the Transition to NERC CIP Version 5 – A...
The Path to Confident Compliance and the Transition to NERC CIP Version 5 – A...The Path to Confident Compliance and the Transition to NERC CIP Version 5 – A...
The Path to Confident Compliance and the Transition to NERC CIP Version 5 – A...EnergySec
 
ICS Cybersecurity: How to Protect the Proprietary Cyber Assets That Hackers C...
ICS Cybersecurity: How to Protect the Proprietary Cyber Assets That Hackers C...ICS Cybersecurity: How to Protect the Proprietary Cyber Assets That Hackers C...
ICS Cybersecurity: How to Protect the Proprietary Cyber Assets That Hackers C...EnergySec
 
Where Cyber Security Meets Operational Value
Where Cyber Security Meets Operational ValueWhere Cyber Security Meets Operational Value
Where Cyber Security Meets Operational ValueEnergySec
 
Where Are All The ICS Attacks?
Where Are All The ICS Attacks?Where Are All The ICS Attacks?
Where Are All The ICS Attacks?EnergySec
 
SAP’s Utilities Roadmap Overview, The Evolution of Regulatory Compliance and ...
SAP’s Utilities Roadmap Overview, The Evolution of Regulatory Compliance and ...SAP’s Utilities Roadmap Overview, The Evolution of Regulatory Compliance and ...
SAP’s Utilities Roadmap Overview, The Evolution of Regulatory Compliance and ...EnergySec
 
Industry Reliability and Security Standards Working Together
Industry Reliability and Security Standards Working TogetherIndustry Reliability and Security Standards Working Together
Industry Reliability and Security Standards Working TogetherEnergySec
 
What the Department of Defense and Energy Sector Can Learn from Each Other
What the Department of Defense and Energy Sector Can Learn from Each OtherWhat the Department of Defense and Energy Sector Can Learn from Each Other
What the Department of Defense and Energy Sector Can Learn from Each OtherEnergySec
 
Third Party Security Testing for Advanced Metering Infrastructure Program
Third Party Security Testing for Advanced Metering Infrastructure ProgramThird Party Security Testing for Advanced Metering Infrastructure Program
Third Party Security Testing for Advanced Metering Infrastructure ProgramEnergySec
 

Mais de EnergySec (20)

Gary Leatherman - A Holistic Approach for Reimagining Cyber Defense
Gary Leatherman - A Holistic Approach for Reimagining Cyber DefenseGary Leatherman - A Holistic Approach for Reimagining Cyber Defense
Gary Leatherman - A Holistic Approach for Reimagining Cyber Defense
 
Slide Griffin - Practical Attacks and Mitigations
Slide Griffin - Practical Attacks and MitigationsSlide Griffin - Practical Attacks and Mitigations
Slide Griffin - Practical Attacks and Mitigations
 
Patrick Miller - Tackling Tomorrow's Biggest Cybersecurity Problems with Real...
Patrick Miller - Tackling Tomorrow's Biggest Cybersecurity Problems with Real...Patrick Miller - Tackling Tomorrow's Biggest Cybersecurity Problems with Real...
Patrick Miller - Tackling Tomorrow's Biggest Cybersecurity Problems with Real...
 
Jack Whitsitt - Yours, Anecdotally
Jack Whitsitt - Yours, AnecdotallyJack Whitsitt - Yours, Anecdotally
Jack Whitsitt - Yours, Anecdotally
 
Steve Parker - The Internet of Everything: Cyber-defense in an Age of Ubiquit...
Steve Parker - The Internet of Everything: Cyber-defense in an Age of Ubiquit...Steve Parker - The Internet of Everything: Cyber-defense in an Age of Ubiquit...
Steve Parker - The Internet of Everything: Cyber-defense in an Age of Ubiquit...
 
Lessons Learned For NERC CIPv5 Compliance & Configuration Change Management
Lessons Learned For NERC CIPv5 Compliance & Configuration Change ManagementLessons Learned For NERC CIPv5 Compliance & Configuration Change Management
Lessons Learned For NERC CIPv5 Compliance & Configuration Change Management
 
Explore the Implicit Requirements of the NERC CIP RSAWs
Explore the Implicit Requirements of the NERC CIP RSAWsExplore the Implicit Requirements of the NERC CIP RSAWs
Explore the Implicit Requirements of the NERC CIP RSAWs
 
Wireless Sensor Networks: Nothing is Out of Reach
Wireless Sensor Networks: Nothing is Out of ReachWireless Sensor Networks: Nothing is Out of Reach
Wireless Sensor Networks: Nothing is Out of Reach
 
Please, Come and Hack my SCADA System!
Please, Come and Hack my SCADA System!Please, Come and Hack my SCADA System!
Please, Come and Hack my SCADA System!
 
Unidirectional Network Architectures
Unidirectional Network ArchitecturesUnidirectional Network Architectures
Unidirectional Network Architectures
 
NERC CIP Version 5 and Beyond – Compliance and the Vendor’s Role
NERC CIP Version 5 and Beyond – Compliance and the Vendor’s RoleNERC CIP Version 5 and Beyond – Compliance and the Vendor’s Role
NERC CIP Version 5 and Beyond – Compliance and the Vendor’s Role
 
Industrial Technology Trajectory: Running With Scissors
Industrial Technology Trajectory: Running With ScissorsIndustrial Technology Trajectory: Running With Scissors
Industrial Technology Trajectory: Running With Scissors
 
The Path to Confident Compliance and the Transition to NERC CIP Version 5 – A...
The Path to Confident Compliance and the Transition to NERC CIP Version 5 – A...The Path to Confident Compliance and the Transition to NERC CIP Version 5 – A...
The Path to Confident Compliance and the Transition to NERC CIP Version 5 – A...
 
ICS Cybersecurity: How to Protect the Proprietary Cyber Assets That Hackers C...
ICS Cybersecurity: How to Protect the Proprietary Cyber Assets That Hackers C...ICS Cybersecurity: How to Protect the Proprietary Cyber Assets That Hackers C...
ICS Cybersecurity: How to Protect the Proprietary Cyber Assets That Hackers C...
 
Where Cyber Security Meets Operational Value
Where Cyber Security Meets Operational ValueWhere Cyber Security Meets Operational Value
Where Cyber Security Meets Operational Value
 
Where Are All The ICS Attacks?
Where Are All The ICS Attacks?Where Are All The ICS Attacks?
Where Are All The ICS Attacks?
 
SAP’s Utilities Roadmap Overview, The Evolution of Regulatory Compliance and ...
SAP’s Utilities Roadmap Overview, The Evolution of Regulatory Compliance and ...SAP’s Utilities Roadmap Overview, The Evolution of Regulatory Compliance and ...
SAP’s Utilities Roadmap Overview, The Evolution of Regulatory Compliance and ...
 
Industry Reliability and Security Standards Working Together
Industry Reliability and Security Standards Working TogetherIndustry Reliability and Security Standards Working Together
Industry Reliability and Security Standards Working Together
 
What the Department of Defense and Energy Sector Can Learn from Each Other
What the Department of Defense and Energy Sector Can Learn from Each OtherWhat the Department of Defense and Energy Sector Can Learn from Each Other
What the Department of Defense and Energy Sector Can Learn from Each Other
 
Third Party Security Testing for Advanced Metering Infrastructure Program
Third Party Security Testing for Advanced Metering Infrastructure ProgramThird Party Security Testing for Advanced Metering Infrastructure Program
Third Party Security Testing for Advanced Metering Infrastructure Program
 

Último

Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfRankYa
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 

Último (20)

Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdf
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 

Next Generation Information Sharing for the Electric Sector

  • 1. Next Generation Information Sharing For The Electric Sector Patrick C Miller, President and CEO February 4, 2011 ERCOT CIPWG Meeting ERCOT Executive and Administrative Center
  • 2. History • 7/2004: EnergySec founded as E-Sec NW • 1/2008: SANS Information Sharing Award • 12/2008: Incorporated as EnergySec • 10/2009: 501(c)(3) nonprofit determination • 4/2010: EnergySec applied for National Electric Sector Cybersecurity Organization (NESCO) FOA • 7/2010: NESCO grant award from DOE • 10/2010: NESCO became operational The National Electric Sector Cybersecurity Organization (NESCO) is a DOE-funded EnergySec Program 1
  • 3. Now And Beyond • Over 460 members from 124 organizations – 74% of US electric distribution – 60% of US electric generation • The asset owners are already sharing • Challenges – Increase and improve asset-owner sharing – Establish two-way sharing from the government and vendor segments The National Electric Sector Cybersecurity Organization (NESCO) is a DOE-funded EnergySec Program 2
  • 4. What Is The NESCO? Two organizations received awards: – EnergySec was selected to form and lead the National Electric Sector Cybersecurity Organization (NESCO) – The Electric Power Research Institute (EPRI) was selected as a research and analysis resource to the NESCO (NESCOR) The National Electric Sector Cybersecurity Organization (NESCO) is a DOE-funded EnergySec Program 3
  • 5. What Is The NESCO? • Mission: Lead a broad-based, public-private partnership to improve electric sector energy systems cyber security; become the security voice of the electric industry • Goals: – Identify and disseminate common, effective cyber security practices – Analyze, monitor and relay infrastructure threat information – Work with federal agencies to improve electric sector cyber security – Encourage key electric sector supplier and vendor support / interaction The National Electric Sector Cybersecurity Organization (NESCO) is a DOE-funded EnergySec Program 4
  • 6. Key Differentiators • What is the difference between EnergySec and NESCO? – NESCO is a DOE-funded program under the EnergySec non-profit umbrella • What is the difference between NESCO and NESCOR? – NESCO is the lead role, NESCOR is a technical resource to the NESCO The National Electric Sector Cybersecurity Organization (NESCO) is a DOE-funded EnergySec Program 5
  • 7. Key Differentiators • Is EnergySec a product or service vendor? – EnergySec has no for-profit products and/or services • Is NESCO a government agency? – No; the NESCO is funded by a DOE grant but managed by EnergySec, a private non-profit 501(c)(3) organization • Is NESCO involved in regulation? – No; the NESCO has no regulatory capacity The National Electric Sector Cybersecurity Organization (NESCO) is a DOE-funded EnergySec Program 6
  • 8. Key Differentiators • What is the difference between NESCO and the NERC ES-ISAC? – NESCO: Non-regulatory; participation and reporting are not required (voluntary); industry funded; supports ISAC – NERC ES-ISAC: Regulatory, participation and reporting is mandatory; statutorily funded The National Electric Sector Cybersecurity Organization (NESCO) is a DOE-funded EnergySec Program 7
  • 9. Key Differentiators • What is the difference between NESCO and the DHS ICS-CERT? – NESCO: Electric sector focus; discretionary classification of information; near real-time; informal – DHS ICS-CERT: Control systems focus (all sectors); extended duration before information is classified and released; formal The National Electric Sector Cybersecurity Organization (NESCO) is a DOE-funded EnergySec Program 8
  • 10. Key Differentiators • Is NESCO another trade association? – No; NESCO spans all trade associations • Is NESCO another National Energy Lab? – No, however NESCO works closely with all National Labs • NESCO makes every effort to avoid duplicating already existing successful programs The National Electric Sector Cybersecurity Organization (NESCO) is a DOE-funded EnergySec Program 9
  • 11. Infosharing Characteristics US Government Industry • Deliberate and • Often more ad hoc and authoritative much more agile • Often highly • 100% accuracy isn’t compartmentalized always required • Classifies threats and • Difficult to handle incidents for CI/KR classified information • Holds only some of the • Can share more freely relevant information without needing authorization The National Electric Sector Cybersecurity Organization (NESCO) is a DOE-funded EnergySec Program 10
  • 12. How Does This Work? • Sharing requires trust • Trust is built on relationships • NESCO fosters trustworthy relationships – Bringing people together – Flexible technology options The National Electric Sector Cybersecurity Organization (NESCO) is a DOE-funded EnergySec Program 11
  • 13. NESCO Outreach • NESCO outreach programs – Annual Summit – Town Hall Meetings (April 27th, Austin TX) – Voice Of The Industry Meeting – Interest Groups – Webinars – Portal/Forums – Email distribution lists – Social media The National Electric Sector Cybersecurity Organization (NESCO) is a DOE-funded EnergySec Program 12
  • 14. NESCO Technology • Email distribution lists • Secure portal with forums • Secure instant messaging • Rapid notification mechanisms • Web collaboration • Resource repository • Most technologies have non- attribution (anonymous) options The National Electric Sector Cybersecurity Organization (NESCO) is a DOE-funded EnergySec Program 13
  • 15. Free Like A Puppy • NESCO grant contains a cost-share requirement – Must be fully funded by industry after 3 years • 20/80 Year One • 40/60 Year Two • 60/40 Year Three – DOE has an expectation that industry will support the NESCO The National Electric Sector Cybersecurity Organization (NESCO) is a DOE-funded EnergySec Program 14
  • 16. Sponsorship Benefits • Sponsorships are tax deductible • Less expensive than headcount and/or training • Access to industry peers – What works, what doesn’t – Informal benchmarking – Situational awareness – Threat and vulnerability analysis – Mentoring The National Electric Sector Cybersecurity Organization (NESCO) is a DOE-funded EnergySec Program 15
  • 17. Sponsorship Benefits • Access to Resource Repository [coming soon] – Code snippets – IDS signatures – Audit templates – Reference architectures – Attack signatures – System configurations – Policy, process, procedure templates – Compliance practices The National Electric Sector Cybersecurity Organization (NESCO) is a DOE-funded EnergySec Program 16
  • 18. Secure Collaboration Options Asset Owners Product and Academia Service Vendors Government Entities The National Electric Sector Cybersecurity Organization (NESCO) is a DOE-funded EnergySec Program 17
  • 19. Conclusion • Unique non-profit, independent, public-private information sharing organization • Focused on building trust through relationships • Flexible technology facilitates and catalyzes information sharing efforts • Security voice of the electric sector • NESCO’s success depends on participation and sponsorship from the asset-owners and vendors The National Electric Sector Cybersecurity Organization (NESCO) is a DOE-funded EnergySec Program 18
  • 20. Plug In www.energysec.org The National Electric Sector Cybersecurity Organization (NESCO) is a DOE-funded EnergySec Program 19
  • 21. Questions? Non-profit. Independent. Trusted. Patrick C Miller, President and CEO patrick@energysec.org 503-446-1212 The National Electric Sector Cybersecurity Organization (NESCO) is a DOE-funded EnergySec Program 20