Presentation is loading. Please wait.

Presentation is loading. Please wait.

© 2012 IBM Corporation IBM Security Systems 1 © 2013 IBM Corporation Electric Sector Security Awareness Rising 1 May 2013 IBM Industry Security.

Similar presentations


Presentation on theme: "© 2012 IBM Corporation IBM Security Systems 1 © 2013 IBM Corporation Electric Sector Security Awareness Rising 1 May 2013 IBM Industry Security."— Presentation transcript:

1 © 2012 IBM Corporation IBM Security Systems 1 © 2013 IBM Corporation Electric Sector Security Awareness Rising 1 May 2013 IBM Industry Security

2 © 2012 IBM Corporation IBM Security Systems 2 © 2013 IBM Corporation 2 In the beginning...

3 © 2012 IBM Corporation IBM Security Systems 3 © 2013 IBM Corporation Presenting: the grid

4 © 2012 IBM Corporation IBM Security Systems 4 © 2013 IBM Corporation 4 The great convergence

5 © 2012 IBM Corporation IBM Security Systems 5 © 2013 IBM Corporation Grid operations and security

6 © 2012 IBM Corporation IBM Security Systems 6 Both sides of the aisle care about this

7 © 2012 IBM Corporation IBM Security Systems 7 Environment & Smart Grid security: connecting the dots 1) Environment improves when fossil fuel use is reduced 2) Utility-scale and DG wind, solar, hydro + EE + DR help reduce fossil fuel use 3) But the legacy grid can't tolerate the high levels of intermittency in wind and solar 4) So in the US and elsewhere we're modernizing the grid for this (and a number of other reasons) 5) However, if adversaries can reveal the Smart Grid to be susceptible to repeated, disruptive attacks, we won't trust it enough to deploy it 6) Many orgs and individuals are working to secure the Smart Grid 7) However, since we don't measure security it's hard to know how secure/insecure we are at present, and if/when it's secure enough based on risk tolerance 8) Developing and deploying mutually agreed version 1.0 security metrics and using them to identify gaps and roadmap to an improved state can get us back to the top

8 © 2012 IBM Corporation IBM Security Systems 8 –Presidential EO and NIST Crit Infra Cybersecurity Framework working group (Mar 2013) Developing metrics to baseline CI providers –DOE's Electricity Subsector Cybersecurity Maturity Model (Jun 2012) Metrics for utilities to use to baseline and gauge effectiveness –DOEs Electricity Subsector Risk Management Process (May 2012) Help translating cybersecurity into risk management framework –NARUC's Cybersecurity for State Regulators (Jun 2012, Feb 2013 update) Questions utilities will be asked by their state public utility commissions –NISTs NISTIR 7628 Assessment Guide (Aug 2012) –NRECA's Guide to Developing a Cybersecurity and Risk Mitigation Plan (June 2011) A measurement movement is forming

9 © 2012 IBM Corporation IBM Security Systems 9 Security Governance for utilities 1.Security as risk management 2.A fully integrated security enterprise 3.Security by design 4.Business-oriented security metrics and measurement 5.Change that begins at the top 6.IBMs 10 essential security actions

10 © 2012 IBM Corporation IBM Security Systems 10 Making security metrics – here's a start

11 © 2012 IBM Corporation IBM Security Systems 11 Ibm.com/energy ibm.com/security © Copyright IBM Corporation 2012. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and/or capabilities referenced in these materials may change at any time at IBMs sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others. Andy Bochman WW Energy Security Lead bochman@us.ibm.com Andy Bochman WW Energy Security Lead bochman@us.ibm.com


Download ppt "© 2012 IBM Corporation IBM Security Systems 1 © 2013 IBM Corporation Electric Sector Security Awareness Rising 1 May 2013 IBM Industry Security."

Similar presentations


Ads by Google