Presentation is loading. Please wait.

Presentation is loading. Please wait.

PGE Chris Nolke, Director of Cybersecurity

Published byDouglas Aldous Waters Modified over 5 years ago

Similar presentations

Presentation on theme: "PGE Chris Nolke, Director of Cybersecurity"— Presentation transcript:

1 Cybersecurity@ PGE Chris Nolke, Director of Cybersecurity
Thursday, June 28, 2018

2 Our primary objective: protection
We protect against Cybersecurity threats to ensure: the reliability of customer power customer, employee, and PGE data remains protected the safety of PGE employees and customers We do this efficiently and effectively by: studying the tools, techniques, and procedures of current adversaries efficiently applying controls to protect, detect, and respond to those threats prioritizing talent and operational excellence over the latest technology Portland General Electric | Cybersecurity

3 Threat modeling practices
We study our adversaries through threat modeling We track hacktivism, internal fraud, advanced nation-states, and cyber-crime. Each of the four threat models follows a common process to achieve their goals, known as a kill-chain. By understanding each kill-chain, PGE actively protects against, detects, and responds to threats as efficiently and effectively as possible. While hacktivism, internal fraud, and cyber-crime has increased, advanced nation-state hacking of utilities has grown exponentially. Portland General Electric | Cybersecurity

4 Critical Infrastructure Attacks
STUXNET Nuclear, Iran, 2010 2010 DRAGONFLY Espionage, Middle East, 2013 2013 BLACK ENERGY 2 Various western power companies, reconnaissance, 2015 BLACK ENERGY 3 Ukraine on December 23rd, 2015 2015 CRASH OVERRIDE (ELECTRUM/RUSSIA) THREAT TO ELECTRIC GRID OPERATIONS Ukraine on December 17th, 2016 DRAGONFLY 2.0 US, Switzerland, Turkey OT assets 2016 DIMEALLOY US, utility reconnaissance 2017 TRISIS Power Safety Systems, 2017 Middle East 2017 Portland General Electric | Cybersecurity

5 Increasing threat landscape
In 2016 and 2017, the significance, volume, and sophistication of critical infrastructure threats from nation-states rapidly increased Utility Data Breaches Attacks Against PGE 900 800 700 600 500 400 300 200 100 25 20 21 15 16 10 10 7 5 China United States Russian Federation Germany Korea 2014 2015 2016 2017 data: Verizon Data Breach Investigation Report (worldwide). 2017: Estimate, Accenture “It’s tempting to believe that this increase in attacks is horizontal across industries, but the data shows that energy organizations are experiencing a disproportionately large increase when compared to other industries.” - Tim Erlin, Director of IT Security and Risk Strategy for Tripwire Portland General Electric | Cybersecurity

6 Information security roadmap
Portland General Electric | Cybersecurity

7 Quantifying our progress
By measuring what we do, we understand how effective our processes are. We measure the maturity of capabilities based on the CMMI model (0-5) We measure operational security and IT metrics We measure risk within our environment and in using vendors through assessment against policy We measure awareness of policy and best practice through training, testing, and surveys We measure our technical attack surface through assessments We measure employee engagement through surveys Portland General Electric | Cybersecurity

8 Challenges going forward
Skilled cyber security resources are in short supply and difficult to attract Aggressive timetable for the Information Security Roadmap Cyber security threats to utilities will continue to increase Change management challenges of instilling a security culture Portland General Electric | Cybersecurity

9 Thanks For questions please contact Chris Nolke

Download ppt "PGE Chris Nolke, Director of Cybersecurity"

Similar presentations

NOTE: To change the image on this slide, select the picture and delete it. Then click the Pictures icon in the placeholde r to insert your own image. Cybersecurity.

NOTE: To change the image on this slide, select the picture and delete it. Then click the Pictures icon in the placeholde r to insert your own image. Cybersecurity.
Lynn Ray ISO Towson University Strategic Planning for IT Security Copyright Lynn Ray, 2007. This work is the intellectual property rights of the author.

Lynn Ray ISO Towson University Strategic Planning for IT Security Copyright Lynn Ray, This work is the intellectual property rights of the author.
© 2013 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.

© 2013 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.
STOP.THINK.CONNECT™ NATIONAL CYBERSECURITY AWARENESS CAMPAIGN SMALL BUSINESS PRESENTATION.

STOP.THINK.CONNECT™ NATIONAL CYBERSECURITY AWARENESS CAMPAIGN SMALL BUSINESS PRESENTATION.
Security Offering. Cyber Security Solutions 2 Assessment Analysis & Planning Design & Architecture Development & Implementation O&M Critical Infrastructure.

Security Offering. Cyber Security Solutions 2 Assessment Analysis & Planning Design & Architecture Development & Implementation O&M Critical Infrastructure.
IT Security Readings A summary of Management's Role in Information Security in a Cyber Economy and The Myth of Secure Computing.

IT Security Readings A summary of Management's Role in Information Security in a Cyber Economy and The Myth of Secure Computing.
Framework for Improving Critical Infrastructure Cybersecurity Overview and Status Executive Order 13636 “Improving Critical Infrastructure Cybersecurity”

Framework for Improving Critical Infrastructure Cybersecurity Overview and Status Executive Order “Improving Critical Infrastructure Cybersecurity”
Resiliency Rules: 7 Steps for Critical Infrastructure Protection.

Resiliency Rules: 7 Steps for Critical Infrastructure Protection.
Thomas Hacker Barb Fossum Matthew Lawrence Open Science Grid May 19, 2011.

Thomas Hacker Barb Fossum Matthew Lawrence Open Science Grid May 19, 2011.
Don Von Dollen Senior Program Manager, Data Integration & Communications Grid Interop December 4, 2012 A Utility Standards and Technology Adoption Framework.

Don Von Dollen Senior Program Manager, Data Integration & Communications Grid Interop December 4, 2012 A Utility Standards and Technology Adoption Framework.
Trusted security for critical infrastructure. Utility companies face significant threats: Sabotage Terrorism Theft Fire.

Trusted security for critical infrastructure. Utility companies face significant threats: Sabotage Terrorism Theft Fire.
BOTSWANA NATIONAL CYBER SECURITY STRATEGY PROJECT

BOTSWANA NATIONAL CYBER SECURITY STRATEGY PROJECT
Securing Critical Chemical Assets: The Responsible Care ® Security Code Protection of Hazardous Installations from Intentional Adversary Acts European.

Securing Critical Chemical Assets: The Responsible Care ® Security Code Protection of Hazardous Installations from Intentional Adversary Acts European.
Jerry Cochran Principal Security Strategist Trustworthy Computing Group Microsoft Corporation.

Jerry Cochran Principal Security Strategist Trustworthy Computing Group Microsoft Corporation.
℠ Pryvos ℠ Computer Security and Forensic Services May 27, 2015 Copyright © 2015 Pryvos, Inc. 1.

℠ Pryvos ℠ Computer Security and Forensic Services May 27, 2015 Copyright © 2015 Pryvos, Inc. 1.
Mission: NCSA’s mission is to educate and therefore empower a digital society to use the Internet safely and securely at home, work, and school, protecting.

Mission: NCSA’s mission is to educate and therefore empower a digital society to use the Internet safely and securely at home, work, and school, protecting.
Cyber Insecurity Under Attack Cyber Security Past, present and future Patricia Titus Chief Information Security Officer Unisys Corporation.

Cyber Insecurity Under Attack Cyber Security Past, present and future Patricia Titus Chief Information Security Officer Unisys Corporation.
Weaving Security Blankets Make your own bespoke defensive toolkit Presentation by Max Cizauskas For BSides Toronto 2015.

Weaving Security Blankets Make your own bespoke defensive toolkit Presentation by Max Cizauskas For BSides Toronto 2015.
Cyber Security Architecture of Georgia Giorgi Tielidze 0 Current Challenges and Future Perspectives Tbilisi 2015.

Cyber Security Architecture of Georgia Giorgi Tielidze 0 Current Challenges and Future Perspectives Tbilisi 2015.
Reducing data loss by threats detection. InfoWatch Traffic Monitor & Workplace Security. Andrey Sokurenko Business Development Director.

Reducing data loss by threats detection. InfoWatch Traffic Monitor & Workplace Security. Andrey Sokurenko Business Development Director.

Similar presentations

Ads by Google