Moderated and Presented by Andy Bochman
Discussion Topic: Workforce Development in the ICS WorkPlace
Discussion Abstract: Ask anyone working in the field at an electric utility about cybersecurity and the conversation will inevitably turn to the shortage of a qualified security staff with knowledge of our industry. The need to comply with NERC CIP standards, secure the rapidly proliferating smart grid technologies, and defend against the threat of cyber attacks targeting control systems, makes the short supply of cybersecurity talent is a critical issue.
5. Aim High
• Many of the most critical security challenges are
actively created by business initiatives and leaders
who do not consider security
• So: business leaders should stop making decisions that
make security harder
• Organizational acceptance of security values are
greatly enhanced when senior management
champions those values and shows willingness to
support the appropriate actions, even when painful.
See: UHCL - Cybersecurity for Decision Makers
5
6. Perception and a Prize
for Utilities
• Utilities (could) control their cybersecurity destiny
• By demonstrating more proactive approach to
security, in ways regulators can understand, that
positive shift in perception would give Congress, the
Administration, and other oversight agencies the
assurance they need to slow down on new rules
• Our workforce work can help
6
7. Agenda
3. Candidate Next Steps
• a
• b
• c
1. Current State &
Trajectory
2. Desired Future
State
• d
• e
• f
• g
• h
• i
7
9. There’s more
bad news
The people that really understand
policy generally do not understand control
systems.
The IT community, who develop cybersecurity
solutions, generally don’t understand the unique
issues association with control systems.
And the people that operate the control
systems, don’t understand security. Other than
that, we’re fine!
9
10. Slade Responds
The number of talented individuals is not
what is lacking, rather the ability to discern,
hire, and retain the available talent is what
the workforce is missing.
http://www.us-nesco.org/guest-blog/where-is-the-workforce-we-need/
10
13. Orgs promoting OT
cyber WF Development
• NBISE
• SANS
• DoE
• ISC-ISAC
• Universities (let’s name some)
• Center of Energy Workforce Development
• More please
13
15. WPI’s Industry
Education Initiative
•To reduce risk, ISO-NE and PJM
asked WPI to deliver an
industry-specific cybersecurity
program in 2013
•Goal: Improve capabilities to
prevent, detect, analyze and
effectively respond to cyber
15
16. WPI Program Courses
• Computer Network Security (including
NERC CIPs)
• Software Security
• Operational Risk Management
• Intrusion Detection (for OT)
• Forensics (for OT)
• Power Industry Case Studies
POC:
Mike Ahern
mfahern@wpi.edu
16
17. DOE C2M2 and WF
The Workforce Management (WORKFORCE)
domain comprises five objectives:
1.Assign Cybersecurity Responsibilities
2. Control the Workforce Lifecycle
3. Develop Cybersecurity Workforce
4. Increase Cybersecurity Awareness
5. Manage WORKFORCE Activities
17
18. C2M2 - What do you think?
We can feed: ES and O&G C2M2 2.0
18
19. Free for All:
Questions round
• What are the skills and new skills required
to secure the Smart Grid?
19
20. Question
• Thinking about control room
environments, what training programs are
needed for
• Utility security pro’s?
• Engineers?
• IT staff ?
20
21. Question
• “Programs” that would “encourage”
young people to pursue careers in
electric sector cybersec?
• PSAs?
• Can we start with things that already
exist?
21
30. Question
• SUPPLIER FOCUSED: What
knowledge and cybersec skills do
engineers need for planning and
designing industrial systems and the
operational technologies necessary to
support them?
NBISE/PNNL
30
31. Question
• INTERPLAY BETWEEN SPECIALISTS:
How do engineering job roles and
cybersecurity roles engage to maximize
constructive overlap and differences to
address security for these systems?
NBISE/PNNL
31
32. Question
• ASSESSMENT: How should we design
and conduct tests to differentiate
between simple understanding of
concepts and skilled performance of
actions that effectively resolve
problems quickly and despite
distractions or the stress surrounding
an attack?
NBISE/PNNL
32
33. Question
• CERTIFICATIONS:What is the best
framework for general cybersecurity
certifications that integrate both
knowledge and experience?
• And do we need OT-or industry
specific certifications?
NBISE/PNNL
33
34. Question
• COMMUNITY SUPPORT: How do we best
support the certified cybersecurity professional
and cyber-informed operations and engineering
professionals?
• Advanced problem-solving tools
• Communities of practice
• Canonical knowledge bases
• Other performance support tools?
• Prayer and positive thoughts?
NBISE/PNNL
34