Download presentation
Presentation is loading. Please wait.
Published byMarybeth Williams Modified over 6 years ago
1
PacifiCorp Security Prevent – Detect – Respond - Recover
Choose from three different title slide designs by selecting “New Slide.” These slides are suitable for business and community presentations.
2
PacifiCorp Security Nancy Lahti Vice President, IT and Security
Devon Streed Director, Security and Information Protection Nancy has [xxx] years of executive leadership in Security and Business Continuity Devon is a former counter-terrorism officer at the CIA, and has managed security functions at PacifiCorp for 10 years.
3
Collaboration and Support
PacifiCorp IT: Integrating security principles into everyday practices PacifiCorp at-large: Operations, Human Resources, Customer Service, Communications, Compliance, Facilities, Legal Berkshire Hathaway Energy: Executive support and leadership: Bill Fehrman, Chairman and CEO of Berkshire Hathaway Energy Coordination and oversight: Michael Ball, Berkshire Hathaway Energy Chief Information Security Officer Collaboration with other Berkshire Hathaway Energy and Berkshire Hathaway businesses Cyber Mutual Assistance program within Berkshire Hathaway Energy and external Collaboration within the industry, within BHE and even within PacifiCorp is critical to ensuring effective security.
4
External Engagements National/International: FBI, DHS, CIA, Department of Defense Joint Intelligence Operations Centers, Centre for Energy Advancement through Technological Innovation, Electricity Information Sharing and Analysis Center. State: Washington: Fusion Center, FBI, DHS, Army/Air National Guard Oregon: Fusion Center, FBI, DHS, State Police, Army/Air National Guard California: Fusion Center, FBI, DHS, Army/Air National Guard Idaho: Fusion Center, DHS Utah: Fusion Center, FBI, DHS, Utah National Guard Wyoming: DHS, Wyoming National Guard Local: Many local law enforcement entities, other utilities Public: Rewards programs, community outreach Washington: Fusion Center - Jeff Cartwright, Intelligence Analyst DHS - Jonathan D. Richeson – Newly assigned to the Washington area. FBI – Trina C. Washington- Special Agent Air / Army National Guard – Camp Murray Oregon: Fusion Center - Chuck Cogburn, Diane Greenly – Newly reorganized DHS – Chass Jones FBI – Steven G. Palmer, Special Agent Portland Air National Guard Portland Army National Salem Army National Guard Klamath Falls Air National Guard California: Central California Fusion Center DHS - Frank Calvillo, Chief of Protective Security FBI – Stephen Woolery, Special Agent California Air national Guard in Fresno California National Guard in Sacramento Idaho: DHS – Scott Behunin Fusion Center – Mary Marsh Utah: Fusion Center – Matt Beaudry FBI – Derick Price Wyoming: Idaho Fusion Center (covering Wyoming) – Mary Marsh DHS – Kenny Longfritz
5
Core Principles Customer Service: Protect customer information and services from malicious attack and plan for continuity. Employee Engagement: Protect employees and their information from security threats. Environmental Respect: Protect environmental resources and limit impact from security threats. Regulatory Integrity: Ensure compliance with regulatory standards. Operational Excellence: Deliver best-in-class security operations and recovery planning. Financial Strength: Ensure security and recovery plans are prudent and efficient.
6
PacifiCorp Security Physical Security: 5 personnel
Security Operations Center: 2 personnel/shift 24x7 Incident Response and Investigations Protective Services and Technology: 44 contract security officers Critical Infrastructure Protection Standards Compliance (CIP-006, CIP-014) Cybersecurity: 5 personnel Security Operations Center Managed Security Services Provider (External threat tracking) Security Analysis / Threat Hunting PacifiCorp has had a mature physical security SOC since 2014, and in late 2017 expanded it to incorporate cybersecurity as an all-source integrated security center. Expansion of the SOC space, adding access to systems, and re-thinking staffing and training models nearly tripled capacity and capabilities. Increased number of physical sites monitored from 9 to over 20. New capabilities to monitor cyber threats New personnel and training so operators can address physical, cyber, or hybrid threats. Cybersecurity receives >1.5 Billion event logs per day from across the company.
7
PacifiCorp Security (cont’d)
Business Continuity: 2 personnel Technology Recovery Plans: 75 plans Business Recovery Plans: 53 plans Exercises (Physical/Cyber, Cascadia, GridEx): >122 exercises/year Compliance (CIP-008, CIP-009, CIP-014) Security Engineering: 9 personnel Security Technology / Controls Security Oversight of Operational Technology (OT) Security Controls and Compliance (CSCs, CIP-007) IT Support for Renewable Generation Fleet Business Continuity collaborates with security staff to design exercise scenarios and plans based on real-world threats and events. Security Engineering support for OT is new, allowing non-security field personnel to focus on their core-competencies.
8
Phishing Over 90% of personal and commercial data breaches nationwide are the result of a phishing scam. National and Industry average phishing click rates range from 12%-30% on test campaigns. September 2016: PacifiCorp implemented a Phishing Awareness and Improvement program. PacifiCorp click rates on test campaigns dropped from 16% in August to 1.2% average in 2017, and so far 0.3% YTD in 2018. Training Technical Controls Testing Accountability Technical controls include Disabling links from external Warning tags and text on external “Report Phish” button Approximately 4-5 phishing test campaigns per month
9
Integrated Threat 2016: An unannounced penetration test by an outside firm was unsuccessful at gaining domain administration rights. The attempt integrated physical access, social engineering, and sophisticated cyber attacks. Testers commented that PacifiCorp’s threat detection and response was in the top 10% of government and private entities they’ve tested. Implemented changes based on lessons learned. 2017: A security audit of PacifiCorp’s controls environments had a rating of “above average” with a risk score of “Low”. During this audit all detection and response measures stood down to allow the audit to proceed. 2018: Consolidating results of a Live Fire exercise to help tune logging and alerting capabilities. Test occurred only 2 weeks after integrating cyber and physical security departments; Highlighted the importance of collaboration since each department working alone may not have detected the testers in time to stop them.
10
Training All new personnel are required to complete pre-hire security training and all personnel, including contractors and vendors with access, are required to complete annual security training. Companywide quarterly security bulletins address a variety of current and relevant security topics. Training and bulletin content is updated regularly based on real-world events, new and developing threats, and new defensive tools and capabilities. Topics include: physical security, phishing, cybersecurity best practices, process and project requirements for security, information protection, recovery and resilience measures, and available security contacts and resources. Training and awareness efforts emphasize everyone’s individual responsibility for maintaining security.
11
SANS Top 20 Critical Security Controls
Formalized industry best practices based on data available from public and private threat sources. Evaluated existing business cybersecurity practices against the Critical Security Controls and closed gaps by December 31, 2017. 150 individual subcontrols Phased approach: Successfully implemented the largest security initiative in company history on-time. Massive effort on the part of all IT and security personnel. Significantly increased protection and controls with little or no impact to operations. Focus of CSC is on systems and assets
12
Top 20 Critical Security Controls
CSC 1: Inventory of Devices CSC 2: Inventory of Software CSC 3: Secure Configurations CSC 4: Continuous Vulnerability Assessment and Remediation CSC 5: Controlled Use of Administrative Privileges CSC 6: Maintenance, Monitoring, and Analysis of Audit Logs CSC 7: and Web Browser Protections CSC 8: Malware Defenses CSC 9: Limitation and Control of Network Ports, Protocols, and Services CSC 10: Data Recovery Capability CSC 11: Secure Configurations for Network Devices CSC 12: Boundary Defense CSC 13: Data Protection CSC 14: Controlled Access CSC 15: Wireless Access Control CSC 16: Account Monitoring and Control CSC 17: Security Skills Assessment and Appropriate Training to Fill Gaps CSC 18: Application Software Security CSC 19: Incident Response and Management CSC 20: Penetration Tests and Red Team Exercises Controls address nearly all aspects of cyber systems. Understanding what is in the environment Ensuring ass systems and assets are designed and configured securely Ensuring people, processes, and procedures are in place to protect assets and information Continuous improvement and verification
13
Information Security Management System
A benchmark framework of policies and procedures and cyber, physical and technical controls to manage an organization’s information risk. Information Security Management System plus 114 specific controls. Customized to the context of the organization. 2017 Scope: Residential Customer Personally Identifiable Information, 1x Thermal Generation Plant, Renewables Fleet, EMS. 2018 Scope: Employee Personally Identifiable Information, Generation Fleet, Third-Party Energy Interfaces Different than the CSCs which are focused on systems and assets regardless of any specific information on them, the ISMS is instead focused on information in all of its forms and locations. The system is cyclical and drives continuous improvement.
14
Mission 3 Enhance transmission and distribution substation cyber and physical security Apply baseline physical security standards Preventive controls Detective controls Response controls Inspections and Maintenance Apply relevant CSC controls Incorporate into ISMS
15
World-Class Security Surpass Compliance in Pursuit of Excellence:
Vision: Embrace security as an enabler of business operations to ensure the future of our customer, employee and stakeholder interests. Goals: Drive aggressive and continuous improvement that out-paces the constant evolution of threats and risks. Execution: Deliver meaningful results that meet or exceed expectations and capitalize on lessons-learned to fuel further improvement.
16
2018 Goals Activity Status Achieve no major cyber and physical security events On Track Operationalize Critical Security Controls Expand the Information Security Management System scope Conduct 2018 Network Vulnerability Assessment Implement revised and comprehensive Information Security Policy Complete Increase customer and employee awareness of security risks Maintain a phishing click rate <=1.5% Exceeding Implement additional CIP-014 substation physical security enhancements Implement resilience measures for security systems and processes Achieve net reduction in security system break/fix costs
Similar presentations
© 2025 SlidePlayer.com Inc.
All rights reserved.