1. Edison Electric Institute Cybersecurity 101 October 24, 2014 www.pwc.com/cybersecurity

2. PwC 2 Cybersecurity represents many things to many different people Key characteristics and attributes of cybersecurity: ─ Broader than just information technology and extends beyond the enterprise ─ Increasingly vulnerable due to technology connectivity and dependency ─ An ‘outside-in view’ of the threats and business impact facing an organization ─ Shared responsibility that requires cross functional disciplines in order to plan, protect, defend, react and respond No longer an IT challenge – its a business imperative

3. PwC PwC Global State of Information Security Survey The Global State of Information Security ® Survey 2015, a worldwide study by PwC, CIO, and CSO, was conducted online from March 27 to May 25, 2014. PwC’s 17th year conducting the survey, 12th with CIO and CSO magazines Includes readers of CIO and CSO and clients of PwC from 154 countries More than 9,700 responses from executives including CEOs, CFOs, CIOs, CISOs, CSOs, VPs, and directors of IT and security 38% of respondents from companies with revenue of $500M+ 35% of respondents from North America, 34% from Europe, 14% from Asia Pacific, 13% from South America, and 4% from the Middle East and Africa 3

4. PwC 2014 Global State of Information Security Survey Highlights 4 Incidents Detected The total number of security incidents detected by survey respondents climbed to 42.8 million this year, an increase of 48% 48% Financial Losses Globally, the annual reported average cybersecurity incident financial loss was $2.7 million, a jump of 34% 34% Cyber attacks a serious global concern 49% of CEO’s are somewhat or extremely concerned by cyber attacks 49% Insiders Current and former employees are once again the most-frequent culprits of security incidents, cited by 38% and 30% respectively 38%

5. PwC Despite elevated risks, security budgets decline in 2014 5 Many organizations are undoubtedly worried about the rising tide of cybercrime, yet most have not increased their investment security initiatives. In fact, global IS budgets decreased 4% compared with 2013. And security spending as a percentage of the total IT budget has remained stalled at 4% or less for the past five years. * * * Worth noting, Power and Utilities security spending in 2014 increased by 9%.

6. PwC Incidents attributed to insiders rises while security preparedness falls 6 Current and former employees are the most-cited culprits of security incidents, but implementation of key insider-threat safeguards is declining. 56% have privileged user-access tools (65% in 2013). 51% monitor user compliance with security policies (58% last year). 51% have an employee security training and awareness program (60% in 2013). Compromises attributed to third parties with trusted access increases while due diligence weakens. 55% have security baselines for external partners, suppliers, and vendors (60% in 2013). 50% perform risk assessments on third-party vendors (53% in 2013).

7. PwC WHY: The Global Business Ecosystem 7 Technology-led innovation has enabled business models to evolve The extended enterprise has moved beyond supply chain and consumer integration Connectivity and collaboration now extends to all facets of business Enterprise Consumer Suppliers JV/ Partners Service Providers Customer Industry/ Competitors Regulatory Legal Socio-Cultural Technology Geo-Political Environmental Global Economic A dynamic environment that is increasingly interconnected, integrated, and interdependent Where changing business drivers create opportunity and risk Leading to: The Evolution:

8. PwC WHO: Profiles of threat actors 8 Nation State Insiders Organized Crime Hacktivists Economic, political, and/or military advantage Immediate financial gain Collect information for future financial gains Personal advantage, monetary gain Professional revenge Patriotism Influence political and /or social change Pressure business to change their practices Motives Adversary Trade secrets Sensitive business information Emerging technologies Critical infrastructure Financial / Payment Systems Personally Identifiable Information Payment Card Information Protected Health Information Sales, deals, market strategies Corporate secrets, IP, R&D Business operations Personnel information Corporate secrets Sensitive business information Information related to key executives, employees, customers & business partners Targets Loss of competitive advantage Disruption to critical infrastructure Costly regulatory inquiries and penalties Consumer and shareholder lawsuits Loss of consumer confidence Trade secret disclosure Operational disruption Brand and reputation National security impact Disruption of business activities Brand and reputation Loss of consumer confidence Impact

9. PwC WHAT: Assets being targeted 9 Input from Office of the National Counterintelligence Executive, Report to Congress on the Foreign Economic Collection and Industrial Espionage, 2009-2011, October 2011. Emerging technologies Energy data Advanced materials and manufacturing techniques Healthcare, pharmaceuticals, and related technologies Business deals information What’s most at risk? Health records and other personal data Industrial Control Systems (SCADA) R&D and/or product designs Payment card and related information / financial markets Information and communication technology and data Motives and tactics evolve and what adversaries target vary depending on the organization and the products and services they provide. Motives and tactics evolve and what adversaries target vary depending on the organization and the products and services they provide. Power & Utilities targets

10. PwC HOW: Common Attacks – Explained! 10 Security Strategy Sustainable Security Behaviors Security Governance and Compliance Cyber Threat Assessment Technology Cyber Crisis Response Keystroke Loggers Spoofing Watering Holes Phishing/ Spear- phishing Advanced Persistent Threat (APT) Zero Days Ransom- ware DDOS Attackers mask their computer or personal identity by changing the IP address or email sender to evade detection Attempt to acquire sensitive information such as usernames, passwords, and credit card details Attacks that exploits a previously unknown vulnerability in a computer application: Heartbleed, Shellshock, POODLE Using a common access point on a business partner or supplier’s network to gain access to its many customers who come to login Focused, motivated to aggressively and successfully penetrate a network while achieving a well- developed, multi-level foothold in the environment A type of malware that will disable a computer unless a “fee” is paid to unlock the computer Attempt to make a machine or network resource unavailable to its intended users A type of malware that captures every keyboard movement and screenshots of user activity Tactics Sniffing Utilize a network tool to monitor network traffic (packets) and capture usernames, passwords, and confidential information as they travel between computers Malware Malicious software, script or code added to an asset that alters its state or function without permission ranks in the top two threat actions, since it is effective. Examples - Trojan horses, Rootkits, Backdoors, Computer Viruses, etc.

11. PwC 11 Questions? © 2014 PricewaterhouseCoopers LLP, a Delaware limited liability partnership. All rights reserved. PwC refers to the US member firm, and may sometimes refer to the PwC network. Each member firm is a separate legal entity. Please see www.pwc.com/structure for further details. This content is for general information purposes only, and should not be used as a substitute for consultation with professional advisors.

12. PwC Thank you! Emily Stapf PwC, Forensic Technology (703) 868-0269 emily.stapf@us.pwc.com 12