SlideShare uma empresa Scribd logo

NERC CIP Cyber Security Standards V4 – Is it getting better or worse?

Transferir como PPTX, PDF
Tripwire
Tripwire

The Federal Energy Regulatory Commission (FERC) will likely soon approve version 4 of the North American Electricity Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) Cyber Security Standards. The new standards replace the traditional risk-based approach of identifying critical cyber assets with more prescriptive Bright Line criteria. How can those subject to the NERC CIPs comply with these new criteria and adopt them in a way that balances their business needs and risks? In addition, how does the adoption and spread of the smart grid impact business practices, privacy issues, threats, vulnerabilities and the need for security controls? In this webcast, Paul Reymann, security and compliance expert and CEO of ReymanGroup joins Jim Stanton, Senior Energy Consultant at ReymannGroup to address those questions, and specifically discuss: How operational characteristics of each asset help determine the security and reliability controls required. The potential risk of adopting a prescriptive controls model that is tied to the bright-line criteria. The current struggles between FERC, NERC, and the industry around updating the standards. Possible future scenarios and legal implications of a new regulatory structure that might improve the process. The pros and cons of the evolution of the smart grid. So tune in and learn how to prepare for the latest version of the NERC CIP standards, and discover what changes may be coming for the complex regulatory structure that surrounds it.

TecnologiaNegócios
1 de 23
NERC CIP Cyber Security Standards V4: Is it getting better or worse? Join the conversation: #CIPv4Webcast
NERC CIP Cyber Security Standards V4 – Is it getting better or worse? Join the conversation: #CIPv4Webcast
We will cover… The New Prescriptive Bright-line Criteria Struggles between FERC, NERC, & Industry Practices for Security, Reliability, and Compliance Smart Grid Evolution Benefits & Challenges Visibility, Intelligence, and Automation are Key Join the conversation: #CIPv4Webcast
Energy’s Inverted Security Model One Big Network Open to Cyber-Threats Join the conversation: #CIPv4Webcast
Cyber Security is a Priority! Join the conversation: #CIPv4Webcast
CIP Version 4 Vetting Process Industry • Majority vote of the Ballot Pool of Registered Ballot Body participants. Approval NERC • NERC Board of Trustees. • Dissenting & minority positions highlighted with the Approval drafting. team’s and NERC staff’s comments. FERC • Elect to approve as written; • Approve conditionally; or Approval • Reject the standards. • Opportunity for industry to file comments. FERC NOPR • Comments addressed in the Final Rule. Join the conversation: 6 #CIPv4Webcast
Potential FERC Timeline Scenario Final Order NOPR in Industry Published in Effective Federal Comments Federal Date Register Due Register 120 150 0 Days 30 Days Days Days + 24 months per NERC proposed implementation plan Join the conversation: #CIPv4Webcast
CIP Version 4 Bright-line Criteria Bright-line • Risk-based Examples • Required. Assessment is Out. • Identify Compliance • Prescriptive Criteria to • 1500 MW Generators. Milestones. Define Criticality of • Transmission Facilities • Follow Specific Criteria. Assets is In. at 500kv or Higher. • Reliability Coordinator Control Centers. Bright-line Implementation Criteria Plan Join the conversation: 8 #CIPv4Webcast
Next Practices for Security, Reliability, & Compliance Categorize All Prescriptive Identify All Assets with Risk Assets Bright-line Assessment Criteria Business Prescriptive Validate Decision: “How Controls: “What Security to implement to do” Controls controls” Collect & Retain Document All Continuously Data to Identify & Steps & Manage & Respond to Corrective Monitor Security Actions Incidents Join the conversation: 9 #CIPv4Webcast
Smart Grid Evolution – Benefits & Challenges Rethink: Consumer Participation Business Practices Privacy Issues Enables New Optimize Products, Se Asset Threats rvices, & Utilization & Markets Efficiency Vulnerabilities Security Controls Provides Proactive Quality Response to Power for System Digital Disturbances Economy Accommodate s all generation & storage options Join the conversation: 10 #CIPv4Webcast
How do you get started? Visibility Intelligence Automation • • • • Join the conversation: #CIPv4Webcast
Tripwire Solutions Join the conversation: #CIPv4Webcast
More Prescriptive Guidance Join the conversation: #CIPv4Webcast 13
What Needs To Change? Join the conversation: #CIPv4Webcast 14
Tripwire Solutions for NERC change auditing, configuration control log management SCADA and other mission critical systems monitor and review logs on a number of different platforms:  AIX PowerPC 5.3 systems  Windows 2003 servers  HP-UX (PA-RSIC) v11 systems  Win XP Desktops  Red Hat Linux  Windows 2003 and Active  Solaris SPARC Directory domain controllers SuSE Linux systems Join the conversation:   Windows Server 2000 #CIPv4Webcast
Tripwire and Relevant CIPs Critical Cyber Asset Identification Security Management Controls Electronic Security Perimeters Systems Security Management Join the conversation: #CIPv4Webcast
Tripwire and Relevant CIPs Critical Cyber Asset Identification • Security Management Controls • • Electronic Security Perimeters • • • Systems Security Management • • • • • Join the conversation: #CIPv4Webcast
VIA: Simply Compliant, More Secure. Join the conversation: #CIPv4Webcast 18
Tripwire VIA: Intelligent Threat Control Tripwire VIATM VISIBILITY  INTELLIGENCE  AUTOMATION Join the conversation: #CIPv4Webcast
www.tripwire.com/energy-compliance Join the conversation: #CIPv4Webcast
• Summarizes key points • Describes the affect of CIP compliance vs. noncompliance • Offers a Due Diligence Checklist • Complimentary copy Join the conversation: #CIPv4Webcast
Questions Paul Reymann James Stanton (410) 956-7336 (410) 956 7334 paul@reymanngroup.com jim@reymanngroup.com Cindy Valladares cvalladares@tripwire.com Twitter: @cindyv Join the conversation: #CIPv4Webcast
THANK YOU! Cindy Valladares www.tripwire.com cvalladares@tripwire.com @cindyv Join the conversation: #CIPv4Webcast

Recomendados

The Top Skills That Can Get You Hired in 2017
The Top Skills That Can Get You Hired in 2017The Top Skills That Can Get You Hired in 2017
The Top Skills That Can Get You Hired in 2017LinkedIn
 
Mind the Cybersecurity Gap - Why Compliance Isn't Enough
Mind the Cybersecurity Gap - Why Compliance Isn't EnoughMind the Cybersecurity Gap - Why Compliance Isn't Enough
Mind the Cybersecurity Gap - Why Compliance Isn't EnoughTripwire
 
Data Privacy Day 2022: Tips to Ensure Data Privacy
Data Privacy Day 2022: Tips to Ensure Data PrivacyData Privacy Day 2022: Tips to Ensure Data Privacy
Data Privacy Day 2022: Tips to Ensure Data PrivacyTripwire
 
Key Challenges Facing IT/OT: Hear From The Experts
Key Challenges Facing IT/OT: Hear From The ExpertsKey Challenges Facing IT/OT: Hear From The Experts
Key Challenges Facing IT/OT: Hear From The ExpertsTripwire
 
Tripwire Energy Working Group: TIV Demo
Tripwire Energy Working Group: TIV Demo Tripwire Energy Working Group: TIV Demo
Tripwire Energy Working Group: TIV Demo Tripwire
 
Tripwire Energy Working Group Session w/Dale Peterson
Tripwire Energy Working Group Session w/Dale PetersonTripwire Energy Working Group Session w/Dale Peterson
Tripwire Energy Working Group Session w/Dale PetersonTripwire
 
Tripwire Energy Working Group: CIP Solutions and Baseline Walk-Through
Tripwire Energy Working Group: CIP Solutions and Baseline Walk-Through Tripwire Energy Working Group: CIP Solutions and Baseline Walk-Through
Tripwire Energy Working Group: CIP Solutions and Baseline Walk-Through Tripwire
 
Tripwire Energy Working Group: Customer Session with Chase Cole
Tripwire Energy Working Group: Customer Session with Chase ColeTripwire Energy Working Group: Customer Session with Chase Cole
Tripwire Energy Working Group: Customer Session with Chase ColeTripwire
 

Recomendados

The Top Skills That Can Get You Hired in 2017
The Top Skills That Can Get You Hired in 2017The Top Skills That Can Get You Hired in 2017
The Top Skills That Can Get You Hired in 2017LinkedIn
 
Mind the Cybersecurity Gap - Why Compliance Isn't Enough
Mind the Cybersecurity Gap - Why Compliance Isn't EnoughMind the Cybersecurity Gap - Why Compliance Isn't Enough
Mind the Cybersecurity Gap - Why Compliance Isn't EnoughTripwire
 
Data Privacy Day 2022: Tips to Ensure Data Privacy
Data Privacy Day 2022: Tips to Ensure Data PrivacyData Privacy Day 2022: Tips to Ensure Data Privacy
Data Privacy Day 2022: Tips to Ensure Data PrivacyTripwire
 
Key Challenges Facing IT/OT: Hear From The Experts
Key Challenges Facing IT/OT: Hear From The ExpertsKey Challenges Facing IT/OT: Hear From The Experts
Key Challenges Facing IT/OT: Hear From The ExpertsTripwire
 
Tripwire Energy Working Group: TIV Demo
Tripwire Energy Working Group: TIV Demo Tripwire Energy Working Group: TIV Demo
Tripwire Energy Working Group: TIV Demo Tripwire
 
Tripwire Energy Working Group Session w/Dale Peterson
Tripwire Energy Working Group Session w/Dale PetersonTripwire Energy Working Group Session w/Dale Peterson
Tripwire Energy Working Group Session w/Dale PetersonTripwire
 
Tripwire Energy Working Group: CIP Solutions and Baseline Walk-Through
Tripwire Energy Working Group: CIP Solutions and Baseline Walk-Through Tripwire Energy Working Group: CIP Solutions and Baseline Walk-Through
Tripwire Energy Working Group: CIP Solutions and Baseline Walk-Through Tripwire
 
Tripwire Energy Working Group: Customer Session with Chase Cole
Tripwire Energy Working Group: Customer Session with Chase ColeTripwire Energy Working Group: Customer Session with Chase Cole
Tripwire Energy Working Group: Customer Session with Chase ColeTripwire
 
Tripwire Energy Working Group: Keynote w/Patrick Miller
Tripwire Energy Working Group: Keynote w/Patrick Miller Tripwire Energy Working Group: Keynote w/Patrick Miller
Tripwire Energy Working Group: Keynote w/Patrick Miller Tripwire
 
World Book Day: Cybersecurity’s Quietest Celebration
World Book Day: Cybersecurity’s Quietest CelebrationWorld Book Day: Cybersecurity’s Quietest Celebration
World Book Day: Cybersecurity’s Quietest CelebrationTripwire
 
Tripwire Retail Security 2020 Survey: Key Findings
Tripwire Retail Security 2020 Survey: Key FindingsTripwire Retail Security 2020 Survey: Key Findings
Tripwire Retail Security 2020 Survey: Key FindingsTripwire
 
Key Findings: Tripwire COVID-19 Cybersecurity Impact Report
Key Findings: Tripwire COVID-19 Cybersecurity Impact ReportKey Findings: Tripwire COVID-19 Cybersecurity Impact Report
Key Findings: Tripwire COVID-19 Cybersecurity Impact ReportTripwire
 
The Adventures of Captain Tripwire: Coloring Book!
The Adventures of Captain Tripwire: Coloring Book!The Adventures of Captain Tripwire: Coloring Book!
The Adventures of Captain Tripwire: Coloring Book!Tripwire
 
Industrial Cybersecurity: Practical Tips for IT & OT Collaboration
Industrial Cybersecurity: Practical Tips for IT & OT CollaborationIndustrial Cybersecurity: Practical Tips for IT & OT Collaboration
Industrial Cybersecurity: Practical Tips for IT & OT CollaborationTripwire
 
The Adventures of Captain Tripwire #1: Captain Tripwire Faces the Indefensibl...
The Adventures of Captain Tripwire #1: Captain Tripwire Faces the Indefensibl...The Adventures of Captain Tripwire #1: Captain Tripwire Faces the Indefensibl...
The Adventures of Captain Tripwire #1: Captain Tripwire Faces the Indefensibl...Tripwire
 
Tripwire 2019 Skills Gap Survey: Key Findings
Tripwire 2019 Skills Gap Survey: Key FindingsTripwire 2019 Skills Gap Survey: Key Findings
Tripwire 2019 Skills Gap Survey: Key FindingsTripwire
 
A Look Back at 2018: The Most Memorable Cyber Moments
A Look Back at 2018: The Most Memorable Cyber MomentsA Look Back at 2018: The Most Memorable Cyber Moments
A Look Back at 2018: The Most Memorable Cyber MomentsTripwire
 
Time for Your Compliance Check-Up: How Mercy Health Uses Tripwire to Pass Audits
Time for Your Compliance Check-Up: How Mercy Health Uses Tripwire to Pass AuditsTime for Your Compliance Check-Up: How Mercy Health Uses Tripwire to Pass Audits
Time for Your Compliance Check-Up: How Mercy Health Uses Tripwire to Pass AuditsTripwire
 
Tripwire State of Cyber Hygiene 2018 Report: Key Findings
Tripwire State of Cyber Hygiene 2018 Report: Key FindingsTripwire State of Cyber Hygiene 2018 Report: Key Findings
Tripwire State of Cyber Hygiene 2018 Report: Key FindingsTripwire
 
Defend Your Data Now with the MITRE ATT&CK Framework
Defend Your Data Now with the MITRE ATT&CK FrameworkDefend Your Data Now with the MITRE ATT&CK Framework
Defend Your Data Now with the MITRE ATT&CK FrameworkTripwire
 
Defending Critical Infrastructure Against Cyber Attacks
Defending Critical Infrastructure Against Cyber AttacksDefending Critical Infrastructure Against Cyber Attacks
Defending Critical Infrastructure Against Cyber AttacksTripwire
 
Jumpstarting Your Cyberdefense Machine with the CIS Controls V7
Jumpstarting Your Cyberdefense Machine with the CIS Controls V7 Jumpstarting Your Cyberdefense Machine with the CIS Controls V7
Jumpstarting Your Cyberdefense Machine with the CIS Controls V7Tripwire
 
Hunting for Cyber Threats Using Threat Modeling & Frameworks
Hunting for Cyber Threats Using Threat Modeling & Frameworks Hunting for Cyber Threats Using Threat Modeling & Frameworks
Hunting for Cyber Threats Using Threat Modeling & Frameworks Tripwire
 
Most RSAC Attendees Favor Shorter Vulnerability Disclosure Timelines
Most RSAC Attendees Favor Shorter Vulnerability Disclosure TimelinesMost RSAC Attendees Favor Shorter Vulnerability Disclosure Timelines
Most RSAC Attendees Favor Shorter Vulnerability Disclosure TimelinesTripwire
 
ICS Security in the Energy Industry
ICS Security in the Energy IndustryICS Security in the Energy Industry
ICS Security in the Energy IndustryTripwire
 
Protecting Your POS Systems from the Next Big Ransomware Threat
Protecting Your POS Systems from the Next Big Ransomware ThreatProtecting Your POS Systems from the Next Big Ransomware Threat
Protecting Your POS Systems from the Next Big Ransomware ThreatTripwire
 
Top 10 Dream Jobs in Information Security
Top 10 Dream Jobs in Information SecurityTop 10 Dream Jobs in Information Security
Top 10 Dream Jobs in Information SecurityTripwire
 
DevOps Security: A New Paradigm
DevOps Security: A New ParadigmDevOps Security: A New Paradigm
DevOps Security: A New ParadigmTripwire
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 

Mais conteúdo relacionado

Mais de Tripwire

Tripwire Energy Working Group: Keynote w/Patrick Miller
Tripwire Energy Working Group: Keynote w/Patrick Miller Tripwire Energy Working Group: Keynote w/Patrick Miller
Tripwire Energy Working Group: Keynote w/Patrick Miller Tripwire
 
World Book Day: Cybersecurity’s Quietest Celebration
World Book Day: Cybersecurity’s Quietest CelebrationWorld Book Day: Cybersecurity’s Quietest Celebration
World Book Day: Cybersecurity’s Quietest CelebrationTripwire
 
Tripwire Retail Security 2020 Survey: Key Findings
Tripwire Retail Security 2020 Survey: Key FindingsTripwire Retail Security 2020 Survey: Key Findings
Tripwire Retail Security 2020 Survey: Key FindingsTripwire
 
Key Findings: Tripwire COVID-19 Cybersecurity Impact Report
Key Findings: Tripwire COVID-19 Cybersecurity Impact ReportKey Findings: Tripwire COVID-19 Cybersecurity Impact Report
Key Findings: Tripwire COVID-19 Cybersecurity Impact ReportTripwire
 
The Adventures of Captain Tripwire: Coloring Book!
The Adventures of Captain Tripwire: Coloring Book!The Adventures of Captain Tripwire: Coloring Book!
The Adventures of Captain Tripwire: Coloring Book!Tripwire
 
Industrial Cybersecurity: Practical Tips for IT & OT Collaboration
Industrial Cybersecurity: Practical Tips for IT & OT CollaborationIndustrial Cybersecurity: Practical Tips for IT & OT Collaboration
Industrial Cybersecurity: Practical Tips for IT & OT CollaborationTripwire
 
The Adventures of Captain Tripwire #1: Captain Tripwire Faces the Indefensibl...
The Adventures of Captain Tripwire #1: Captain Tripwire Faces the Indefensibl...The Adventures of Captain Tripwire #1: Captain Tripwire Faces the Indefensibl...
The Adventures of Captain Tripwire #1: Captain Tripwire Faces the Indefensibl...Tripwire
 
Tripwire 2019 Skills Gap Survey: Key Findings
Tripwire 2019 Skills Gap Survey: Key FindingsTripwire 2019 Skills Gap Survey: Key Findings
Tripwire 2019 Skills Gap Survey: Key FindingsTripwire
 
A Look Back at 2018: The Most Memorable Cyber Moments
A Look Back at 2018: The Most Memorable Cyber MomentsA Look Back at 2018: The Most Memorable Cyber Moments
A Look Back at 2018: The Most Memorable Cyber MomentsTripwire
 
Time for Your Compliance Check-Up: How Mercy Health Uses Tripwire to Pass Audits
Time for Your Compliance Check-Up: How Mercy Health Uses Tripwire to Pass AuditsTime for Your Compliance Check-Up: How Mercy Health Uses Tripwire to Pass Audits
Time for Your Compliance Check-Up: How Mercy Health Uses Tripwire to Pass AuditsTripwire
 
Tripwire State of Cyber Hygiene 2018 Report: Key Findings
Tripwire State of Cyber Hygiene 2018 Report: Key FindingsTripwire State of Cyber Hygiene 2018 Report: Key Findings
Tripwire State of Cyber Hygiene 2018 Report: Key FindingsTripwire
 
Defend Your Data Now with the MITRE ATT&CK Framework
Defend Your Data Now with the MITRE ATT&CK FrameworkDefend Your Data Now with the MITRE ATT&CK Framework
Defend Your Data Now with the MITRE ATT&CK FrameworkTripwire
 
Defending Critical Infrastructure Against Cyber Attacks
Defending Critical Infrastructure Against Cyber AttacksDefending Critical Infrastructure Against Cyber Attacks
Defending Critical Infrastructure Against Cyber AttacksTripwire
 
Jumpstarting Your Cyberdefense Machine with the CIS Controls V7
Jumpstarting Your Cyberdefense Machine with the CIS Controls V7 Jumpstarting Your Cyberdefense Machine with the CIS Controls V7
Jumpstarting Your Cyberdefense Machine with the CIS Controls V7Tripwire
 
Hunting for Cyber Threats Using Threat Modeling & Frameworks
Hunting for Cyber Threats Using Threat Modeling & Frameworks Hunting for Cyber Threats Using Threat Modeling & Frameworks
Hunting for Cyber Threats Using Threat Modeling & Frameworks Tripwire
 
Most RSAC Attendees Favor Shorter Vulnerability Disclosure Timelines
Most RSAC Attendees Favor Shorter Vulnerability Disclosure TimelinesMost RSAC Attendees Favor Shorter Vulnerability Disclosure Timelines
Most RSAC Attendees Favor Shorter Vulnerability Disclosure TimelinesTripwire
 
ICS Security in the Energy Industry
ICS Security in the Energy IndustryICS Security in the Energy Industry
ICS Security in the Energy IndustryTripwire
 
Protecting Your POS Systems from the Next Big Ransomware Threat
Protecting Your POS Systems from the Next Big Ransomware ThreatProtecting Your POS Systems from the Next Big Ransomware Threat
Protecting Your POS Systems from the Next Big Ransomware ThreatTripwire
 
Top 10 Dream Jobs in Information Security
Top 10 Dream Jobs in Information SecurityTop 10 Dream Jobs in Information Security
Top 10 Dream Jobs in Information SecurityTripwire
 
DevOps Security: A New Paradigm
DevOps Security: A New ParadigmDevOps Security: A New Paradigm
DevOps Security: A New ParadigmTripwire
 

Mais de Tripwire (20)

Tripwire Energy Working Group: Keynote w/Patrick Miller
Tripwire Energy Working Group: Keynote w/Patrick Miller Tripwire Energy Working Group: Keynote w/Patrick Miller
Tripwire Energy Working Group: Keynote w/Patrick Miller
 
World Book Day: Cybersecurity’s Quietest Celebration
World Book Day: Cybersecurity’s Quietest CelebrationWorld Book Day: Cybersecurity’s Quietest Celebration
World Book Day: Cybersecurity’s Quietest Celebration
 
Tripwire Retail Security 2020 Survey: Key Findings
Tripwire Retail Security 2020 Survey: Key FindingsTripwire Retail Security 2020 Survey: Key Findings
Tripwire Retail Security 2020 Survey: Key Findings
 
Key Findings: Tripwire COVID-19 Cybersecurity Impact Report
Key Findings: Tripwire COVID-19 Cybersecurity Impact ReportKey Findings: Tripwire COVID-19 Cybersecurity Impact Report
Key Findings: Tripwire COVID-19 Cybersecurity Impact Report
 
The Adventures of Captain Tripwire: Coloring Book!
The Adventures of Captain Tripwire: Coloring Book!The Adventures of Captain Tripwire: Coloring Book!
The Adventures of Captain Tripwire: Coloring Book!
 
Industrial Cybersecurity: Practical Tips for IT & OT Collaboration
Industrial Cybersecurity: Practical Tips for IT & OT CollaborationIndustrial Cybersecurity: Practical Tips for IT & OT Collaboration
Industrial Cybersecurity: Practical Tips for IT & OT Collaboration
 
The Adventures of Captain Tripwire #1: Captain Tripwire Faces the Indefensibl...
The Adventures of Captain Tripwire #1: Captain Tripwire Faces the Indefensibl...The Adventures of Captain Tripwire #1: Captain Tripwire Faces the Indefensibl...
The Adventures of Captain Tripwire #1: Captain Tripwire Faces the Indefensibl...
 
Tripwire 2019 Skills Gap Survey: Key Findings
Tripwire 2019 Skills Gap Survey: Key FindingsTripwire 2019 Skills Gap Survey: Key Findings
Tripwire 2019 Skills Gap Survey: Key Findings
 
A Look Back at 2018: The Most Memorable Cyber Moments
A Look Back at 2018: The Most Memorable Cyber MomentsA Look Back at 2018: The Most Memorable Cyber Moments
A Look Back at 2018: The Most Memorable Cyber Moments
 
Time for Your Compliance Check-Up: How Mercy Health Uses Tripwire to Pass Audits
Time for Your Compliance Check-Up: How Mercy Health Uses Tripwire to Pass AuditsTime for Your Compliance Check-Up: How Mercy Health Uses Tripwire to Pass Audits
Time for Your Compliance Check-Up: How Mercy Health Uses Tripwire to Pass Audits
 
Tripwire State of Cyber Hygiene 2018 Report: Key Findings
Tripwire State of Cyber Hygiene 2018 Report: Key FindingsTripwire State of Cyber Hygiene 2018 Report: Key Findings
Tripwire State of Cyber Hygiene 2018 Report: Key Findings
 
Defend Your Data Now with the MITRE ATT&CK Framework
Defend Your Data Now with the MITRE ATT&CK FrameworkDefend Your Data Now with the MITRE ATT&CK Framework
Defend Your Data Now with the MITRE ATT&CK Framework
 
Defending Critical Infrastructure Against Cyber Attacks
Defending Critical Infrastructure Against Cyber AttacksDefending Critical Infrastructure Against Cyber Attacks
Defending Critical Infrastructure Against Cyber Attacks
 
Jumpstarting Your Cyberdefense Machine with the CIS Controls V7
Jumpstarting Your Cyberdefense Machine with the CIS Controls V7 Jumpstarting Your Cyberdefense Machine with the CIS Controls V7
Jumpstarting Your Cyberdefense Machine with the CIS Controls V7
 
Hunting for Cyber Threats Using Threat Modeling & Frameworks
Hunting for Cyber Threats Using Threat Modeling & Frameworks Hunting for Cyber Threats Using Threat Modeling & Frameworks
Hunting for Cyber Threats Using Threat Modeling & Frameworks
 
Most RSAC Attendees Favor Shorter Vulnerability Disclosure Timelines
Most RSAC Attendees Favor Shorter Vulnerability Disclosure TimelinesMost RSAC Attendees Favor Shorter Vulnerability Disclosure Timelines
Most RSAC Attendees Favor Shorter Vulnerability Disclosure Timelines
 
ICS Security in the Energy Industry
ICS Security in the Energy IndustryICS Security in the Energy Industry
ICS Security in the Energy Industry
 
Protecting Your POS Systems from the Next Big Ransomware Threat
Protecting Your POS Systems from the Next Big Ransomware ThreatProtecting Your POS Systems from the Next Big Ransomware Threat
Protecting Your POS Systems from the Next Big Ransomware Threat
 
Top 10 Dream Jobs in Information Security
Top 10 Dream Jobs in Information SecurityTop 10 Dream Jobs in Information Security
Top 10 Dream Jobs in Information Security
 
DevOps Security: A New Paradigm
DevOps Security: A New ParadigmDevOps Security: A New Paradigm
DevOps Security: A New Paradigm
 

Último

Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 

Último (20)

Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 

NERC CIP Cyber Security Standards V4 – Is it getting better or worse?

  • 1. NERC CIP Cyber Security Standards V4: Is it getting better or worse? Join the conversation: #CIPv4Webcast
  • 2. NERC CIP Cyber Security Standards V4 – Is it getting better or worse? Join the conversation: #CIPv4Webcast
  • 3. We will cover… The New Prescriptive Bright-line Criteria Struggles between FERC, NERC, & Industry Practices for Security, Reliability, and Compliance Smart Grid Evolution Benefits & Challenges Visibility, Intelligence, and Automation are Key Join the conversation: #CIPv4Webcast
  • 4. Energy’s Inverted Security Model One Big Network Open to Cyber-Threats Join the conversation: #CIPv4Webcast
  • 5. Cyber Security is a Priority! Join the conversation: #CIPv4Webcast
  • 6. CIP Version 4 Vetting Process Industry • Majority vote of the Ballot Pool of Registered Ballot Body participants. Approval NERC • NERC Board of Trustees. • Dissenting & minority positions highlighted with the Approval drafting. team’s and NERC staff’s comments. FERC • Elect to approve as written; • Approve conditionally; or Approval • Reject the standards. • Opportunity for industry to file comments. FERC NOPR • Comments addressed in the Final Rule. Join the conversation: 6 #CIPv4Webcast
  • 7. Potential FERC Timeline Scenario Final Order NOPR in Industry Published in Effective Federal Comments Federal Date Register Due Register 120 150 0 Days 30 Days Days Days + 24 months per NERC proposed implementation plan Join the conversation: #CIPv4Webcast
  • 8. CIP Version 4 Bright-line Criteria Bright-line • Risk-based Examples • Required. Assessment is Out. • Identify Compliance • Prescriptive Criteria to • 1500 MW Generators. Milestones. Define Criticality of • Transmission Facilities • Follow Specific Criteria. Assets is In. at 500kv or Higher. • Reliability Coordinator Control Centers. Bright-line Implementation Criteria Plan Join the conversation: 8 #CIPv4Webcast
  • 9. Next Practices for Security, Reliability, & Compliance Categorize All Prescriptive Identify All Assets with Risk Assets Bright-line Assessment Criteria Business Prescriptive Validate Decision: “How Controls: “What Security to implement to do” Controls controls” Collect & Retain Document All Continuously Data to Identify & Steps & Manage & Respond to Corrective Monitor Security Actions Incidents Join the conversation: 9 #CIPv4Webcast
  • 10. Smart Grid Evolution – Benefits & Challenges Rethink: Consumer Participation Business Practices Privacy Issues Enables New Optimize Products, Se Asset Threats rvices, & Utilization & Markets Efficiency Vulnerabilities Security Controls Provides Proactive Quality Response to Power for System Digital Disturbances Economy Accommodate s all generation & storage options Join the conversation: 10 #CIPv4Webcast
  • 11. How do you get started? Visibility Intelligence Automation • • • • Join the conversation: #CIPv4Webcast
  • 12. Tripwire Solutions Join the conversation: #CIPv4Webcast
  • 13. More Prescriptive Guidance Join the conversation: #CIPv4Webcast 13
  • 14. What Needs To Change? Join the conversation: #CIPv4Webcast 14
  • 15. Tripwire Solutions for NERC change auditing, configuration control log management SCADA and other mission critical systems monitor and review logs on a number of different platforms:  AIX PowerPC 5.3 systems  Windows 2003 servers  HP-UX (PA-RSIC) v11 systems  Win XP Desktops  Red Hat Linux  Windows 2003 and Active  Solaris SPARC Directory domain controllers SuSE Linux systems Join the conversation:   Windows Server 2000 #CIPv4Webcast
  • 16. Tripwire and Relevant CIPs Critical Cyber Asset Identification Security Management Controls Electronic Security Perimeters Systems Security Management Join the conversation: #CIPv4Webcast
  • 17. Tripwire and Relevant CIPs Critical Cyber Asset Identification • Security Management Controls • • Electronic Security Perimeters • • • Systems Security Management • • • • • Join the conversation: #CIPv4Webcast
  • 18. VIA: Simply Compliant, More Secure. Join the conversation: #CIPv4Webcast 18
  • 19. Tripwire VIA: Intelligent Threat Control Tripwire VIATM VISIBILITY  INTELLIGENCE  AUTOMATION Join the conversation: #CIPv4Webcast
  • 21. • Summarizes key points • Describes the affect of CIP compliance vs. noncompliance • Offers a Due Diligence Checklist • Complimentary copy Join the conversation: #CIPv4Webcast
  • 22. Questions Paul Reymann James Stanton (410) 956-7336 (410) 956 7334 paul@reymanngroup.com jim@reymanngroup.com Cindy Valladares cvalladares@tripwire.com Twitter: @cindyv Join the conversation: #CIPv4Webcast
  • 23. THANK YOU! Cindy Valladares www.tripwire.com cvalladares@tripwire.com @cindyv Join the conversation: #CIPv4Webcast

Notas do Editor

  1. Because companies are still having so many problems, more prescriptive guidance and stronger compliance ensues.
  2. Attacks are more real than everStuxnet as an exampleIndustry is running as fast as possible to “hardened shell” strategy.Blind side not working – it’s the server and the data2 problems – The technical solution – harden from the inside outGetting people to acknowledge this as a better way and begin to adopt this new approachWhere are we?Battle between configurations and events+perimeterDavid vs. GoliathSecurity industry: events and perimeterEmerging compliance mandates: ConfigurationsCompliance: ConfigurationsVerizon: ConfigurationsSANs: ConfigurationsFederal government: Configurations and monitoringOrganizations are getting a false sense of security, because they are investing in reactive controls but not getting the benefit of their investment.At an inflection point. Our focus is on hardening and defending the server.Standards can’t evolve fast enough and no single compliance requirement will be enough.Hardened shell – embrace and extendEmbrace and extend the hard shellHard shell is necessary but not sufficientInside-out strategy
  3. Leverage compliance to proactively get ahead of threatsDeliver context others cannotDemonstrate the value of your compliance and security investmentSimply Compliant. More Secure.Simplify IT compliance and securityShorten the time to detect IT RiskReduce our customers’ costs
  4. Tripwire VIA delivers intelligent threat control by providing…Visibility across your infrastructure to know what is happening at all times.Intelligence to know which changes or events are suspect and may put your infrastructure and data at risk of compromise.Automation to help you to categorize high risk changes and events, remediate certain conditions, and automate compliance requirements such as reporting.
  5. Tripwire VIA delivers intelligent threat control by providing…Visibility across your infrastructure to know what is happening at all times.Intelligence to know which changes or events are suspect and may put your infrastructure and data at risk of compromise.Automation to help you to categorize high risk changes and events, remediate certain conditions, and automate compliance requirements such as reporting.
  6. Tripwire VIA delivers intelligent threat control by providing…Visibility across your infrastructure to know what is happening at all times.Intelligence to know which changes or events are suspect and may put your infrastructure and data at risk of compromise.Automation to help you to categorize high risk changes and events, remediate certain conditions, and automate compliance requirements such as reporting.