Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is.

Slides:



Advertisements
Similar presentations
Federal Energy Regulatory Commission July Cyber Security and Reliability Standards Regis F. Binder Director, Division of Logistics & Security Federal.
Advertisements

Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is.
Cyber Security and the Smart Grid George W. Arnold, Eng.Sc.D. National Institute of Standards and Technology (NIST) U.S. Department of Commerce
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is.
Security Controls – What Works
(Geneva, Switzerland, September 2014)
SMART GRID: Privacy Awareness and Training – A Starting Point for Utilities October 2011 SGIP-CSWG Privacy Group 1.
1 ACTA R1 Smart Grid Communications Overview Trone Bishop Service Provider Representative (Verizon) September 9, 2010.
Advanced Metering Infrastructure
1 Oil & Gas Market and Core Operations Overview Oil & Gas Market and Core Operations Overview Ram Mistry M (214)
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is.
Terry Chandler Power Quality Inc, USA Power Quality Thailand LTD Sept /6/20091www.powerquality.org all rights reserve.
IOT5_ GISFI # 05, June 20 – 22, 2011, Hyderabad, India 1 Privacy Requirements of User Data in Smart Grids Jaydip Sen Tata Consultancy Services Ltd.
Confidential and proprietary material for authorized Verizon Business personnel only. Use, disclosure or distribution of this material is not permitted.
ELECTRICAL CRITICAL INFRASTRUCTURE SECURITY Charles Hookham, P.E., M.ASCE, VP, Utility Projects HDR Engineering 1.
Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.
Confidential and proprietary material for authorized Verizon Wireless personnel only. Use, disclosure or distribution of this material is not permitted.
BITS Proprietary and Confidential © BITS Security and Technology Risks: Risk Mitigation Activities of US Financial Institutions John Carlson Senior.
Federal Energy Regulatory Commission June Cyber Security and Reliability Standards Regis F. Binder Director, Division of Logistics & Security Federal.
Frankfurt (Germany), 6-9 June 2011 IT COMPLIANCE IN SMART GRIDS Martin Schaefer – Sweden – Session 6 – 0210.
Confidential and proprietary material for authorized Verizon personnel only. Use, disclosure or distribution of this material is not permitted to any unauthorized.
Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.
Privacy of Home Energy Usage Data Jim Williams June 26, 2012 Jim Williams June 26, 2012.
ISO17799 Maturity. Confidentiality Confidentiality relates to the protection of sensitive data from unauthorized use and distribution. Examples include:
An Overview of the Smart Grid David K. Owens Chair, AABE Legislative Issues and Public Policy Committee AABE Smart Grid Working Group Webinar September.
The Smart Grid: A Brief Introduction Qinran Hu Ph.D. Candidate Jun 12 th, 2014 Knoxville, Tennessee.
1 Smart Grid Cyber Security Annabelle Lee Senior Cyber Security Strategist Computer Security Division National Institute of Standards and Technology June.
FCC Field Hearing on Energy and the Environment Monday November 30, 2009 MIT Stratton Student Center, Twenty Chimneys Peter Brandien, Vice President System.
Project co-funded by the European Commission within the 7th Framework Program (Grant Agreement No ) Business Convergence WS#2 Smart Grid Technologies.
Confidential and proprietary material for authorized Verizon Wireless personnel only. Use, disclosure or distribution of this material is not permitted.
Welcome to the 3 rd Plenary Meeting February 5-7 th, 2013.
Frankfurt (Germany), 6-9 June 2011 Iiro Rinta-Jouppi – Sweden – RT 3c – Paper 0210 COMMUNICATION & DATA SECURITY.
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is.
Private Branch eXchange (PBX)
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is.
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is.
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is.
Texas Competitive Market & Governance October 4, 2015.
IoT Standards Harm Jan Arendshorst Head of Product Management Professional Services Confidential and proprietary materials for authorized Verizon personnel.
Sicherheitsaspekte beim Betrieb von IT-Systemen Christian Leichtfried, BDE Smart Energy IBM Austria December 2011.
Myongji University HMCL
March 23, 2015 Missouri Public Service Commission | Jefferson City, MO.
Primary and Backup Connectivity. Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or.
Travel & Hospitality. Guest services Digital signage Automated retail Mobile operations management Remote monitoring Learn how new technologies pave the.
Data Breach ALICAP, the District Insurance Provider, is Now Offering Data Breach Coverage as Part of Our Blanket Coverage Package 1.
Federal Civilian. Mobile health Private network traffic management Remote monitoring Field force automation Fleet management See how to go from aging.
Construction. Asset management Field force management Fleet management Mobile job site Automated maintenance Learn how to turn job site chaos into choreography.
Manufacturing. Mobile workforce management Asset management Intelligent track and trace Condition-based maintenance Remote monitoring Learn how to ramp.
K-12 Education. Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of.
Why Verizon. Network performance Breadth of solutions See why better matters when doing business: Confidential and proprietary materials for authorized.
Retail. Business connectivity Asset management Fleet management Mobile POS Automated retail Learn how to expand your business with better technology:
Automotive. Intelligent lighting Lot management Intelligent video Business continuity Remote monitoring Learn how to increase productivity through innovative.
Department of Defense. Business continuity Private network traffic management Logistics automation Fleet management Field force automation See how to.
Energy & Utilities. Smart metering Demand response Meter data management Distribution monitoring Fleet management Find out what Verizon can do for utilities.
Why Verizon. Network performance Breadth of solutions See why better matters when doing business: Confidential and proprietary materials for authorized.
Verizon Intelligent Track and Trace: Serialization and Cold Chain
Radio Frequency (RF) Safety When Working Near Cellular Antennas
Deliver cloud to the enterprise—simply,
How Secure Is Our Power Grid?
Iowa Communications Alliance
2016 Data Breach Investigations Report
Professional Services
Finance Speaker notes:
State and Local Government Speaker notes:
Agriculture Speaker notes:
Give priority to your critical communications.
One Talk from Verizon One TalkSM offers a flexible, scalable phone system that combines employees’ desk phones and mobile phones using the same number.
Cybersecurity Special Public Meeting/Commission Workshop for Natural Gas Utilities September 27, 2018.
Presentation slide for courses, classes, lectures et al.
Presentation transcript:

Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. PID# Four Layers of Smart Grid Security Session: Energy Cybersecurity II Ernie Hayden CISSP CEH Managing Principal – Critical Infrastructure Protection/Cyber Security Verizon Risk Team Feb 13, 2013

Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.2 Smart Grid Security: Who’s Worried and Why? “Layers” of Concern – Physical Layer – Cyber Layer – Privacy Layer – Storage Layer Just What To Do? Question & Answer

Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.3

4 Acknowledged by: – European Network and Information Security Agency (ENISA) – National Institute of Standards and Technology (NIST) – North American Electric Reliability Corporation (NERC) – Department of Homeland Security (DHS) – Department of Energy (DOE) – Federal Energy Regulatory Commission (FERC) – Government Accountability Office (GAO) – Selected Nations and US State Public Utility Commissions

Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.5 Increasing Complexity of the Grid Interconnected Networks Can Introduce Common Vulnerabilities Increasing Vulnerabilities to Communications Introduction of Malicious Software Increased Number of Entry Points and Paths for Potential Adversaries to Exploit Potential for Compromise of Data Confidentiality, Including Breach of Customer Privacy

Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.6

7 Physical Cyber Privac y Storage

Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.8 Natural Disasters – Snow Storms – Hurricanes – Solar Flares – Geomagnetic Storms – Earthquakes – Flooding – Volcanoes Recognize that Location of the Smart Grid Components Can Be Affected by the Surrounding Environment US Case – Overheating Meters

Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.9 The Biggest Opportunity for Trouble “The Last Mile” Issues Remember – Added Complexity Causes Concerns

Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.10 Broadband Power Line Systems Power Line Carrier Systems Public Switched Telephone Network (PSTN) Cat5/6 Network Connection Radio Frequency – WiMax – ZigBee – 6LoWPAN – x – Cellular (CDMA/EVDO, GSM, LTE)

Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.11 Remember C I A – Confidentiality Attacks Reading, “Sniffing” the data – Integrity Attacks Changing the Data – Availability Attacks Denial of Service – Prevent Use of Service

Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.12

Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.13 Very Emotional Discussion State of California – Smart Grid and IOU’s Theoretical Impacts But…Demographic Data has Value

Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.14 “Data Avalanche!” – Numerous Data Fields and Classes Simple Data Fields – KWH Used Since Last Reading Read Every ~15 Minutes or More Frequently Minimal Data Accumulation Automatic ReadingRead Monthly (or Less Frequently) “Smart” Digital Meters & “Smart” Sensors Analog Meters or Simple Digital Meters Manually Read or Use “Drive By” Reading The Future Smart Grid Today’s Environment Microsoft Clip Art Online Used with Permission – E N Hayden

Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.15 Lux Research: Utilities Manage 9x Current Data if Go to Smart Grid (Boston: Jan 26, 2011) Types of Data from Smart Meters – Broadcast Data – Billing Interval Data – Detailed Consumption Data – Aggregate Statistical Data Predictions – Prediction for U.S. by 2019  100M Meters  100 Petabytes generated during the next 10 years (West Coast Utility) – Utilities spent $356M on Smart Grid data analytics tools in 2010  $4.2B in 2015 (Pike Research) – 300 TB per year of meter data by 2012 (Southeast U.S. Utility) (as of 2011) pic.jpg 1 Petabyte is 1000 Terabytes!

Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.16 #1: Start with the NISTIR 7628 and ENISA #2: Begin with Security in Mind #3: Work with Your Meter Vendors #4: Establish Incident Response Team and Practice #5: Include Security Experts in Design, Build and Operate Phases #6: Have a Dedicated Security Team for SG #7: Monitor Regulations Affecting the SG #8: Ensure Code Includes Security (Ref: OWASP) #9: Beware of Remote Connections #10: Ultimate Job: Protect the Data!

Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.17

Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.18 Ernie Hayden CISSP CEH Managing Principal Critical Infrastructure Protection/Cyber Security Verizon Risk Team