Presentation is loading. Please wait.

Presentation is loading. Please wait.

IBM Industry Security Electric Sector Security Awareness Rising

Similar presentations

Presentation on theme: "IBM Industry Security Electric Sector Security Awareness Rising"— Presentation transcript:

1 IBM Industry Security Electric Sector Security Awareness Rising
1 May 2013

2 In the beginning ... 2

3 Presenting: the grid

4 The great convergence 4

5 Grid operations and security

6 Both sides of the aisle care about this

7 Environment & Smart Grid security: connecting the dots
Environment improves when fossil fuel use is reduced Utility-scale and DG wind, solar, hydro + EE + DR help reduce fossil fuel use But the legacy grid can't tolerate the high levels of intermittency in wind and solar So in the US and elsewhere we're modernizing the grid for this (and a number of other reasons) However, if adversaries can reveal the Smart Grid to be susceptible to repeated, disruptive attacks, we won't trust it enough to deploy it Many orgs and individuals are working to secure the Smart Grid However, since we don't measure security it's hard to know how secure/insecure we are at present, and if/when it's secure enough based on risk tolerance Developing and deploying mutually agreed version 1.0 security metrics and using them to identify gaps and roadmap to an improved state can get us back to the top

8 A measurement movement is forming
Presidential EO and NIST Crit Infra Cybersecurity Framework working group (Mar 2013) Developing metrics to baseline CI providers DOE's Electricity Subsector Cybersecurity Maturity Model (Jun 2012) Metrics for utilities to use to baseline and gauge effectiveness DOE’s Electricity Subsector Risk Management Process (May 2012) Help translating cybersecurity into risk management framework NARUC's Cybersecurity for State Regulators (Jun 2012, Feb 2013 update) Questions utilities will be asked by their state public utility commissions NIST’s NISTIR 7628 Assessment Guide (Aug 2012) NRECA's Guide to Developing a Cybersecurity and Risk Mitigation Plan (June 2011)

9 Security Governance for utilities
Security as risk management A fully integrated security enterprise Security by design Business-oriented security metrics and measurement Change that begins at the top IBM’s 10 essential security actions

10 Making security metrics – here's a start

11 Andy Bochman WW Energy Security Lead © Copyright IBM Corporation All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and/or capabilities referenced in these materials may change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others.

Download ppt "IBM Industry Security Electric Sector Security Awareness Rising"

Similar presentations

Ads by Google