NCCOE: Electric Utility Cybersecurity Workshop to Address Top Industry Concerns
Cyberattacks are on the rise, and a staggering 41% of them target the energy sector. In order to protect the nation’s critical infrastructure, the sector must contend with a diverse set of unique challenges, from aging and disparate networks to a lack of awareness of threats and vulnerabilities. The National Cybersecurity Center of Excellence (NCCoE), in collaboration with energy sector stakeholders and cybersecurity technology vendors, has developed example solutions that utilities can use to help bolster their security postures.
The NCCoE, a part of the National Institute of Standards and Technology (NIST), will host a workshop on October 18, 2016 at the North American Electric Reliability Corporation’s (NERC) Grid Security Conference (GridSecCon) in Quebec City, Canada. GridSecCon brings together cybersecurity and physical security experts from industry and government to share emerging security trends, policy advancements, and lessons learned related to the electric utility sector.
During this workshop, NCCoE engineers along with trade association members, integrators, and electric utility employees will discuss existing and potential future challenges in the industry. The NCCoE will also present the NIST Cyber Security Framework (CSF) and applied cybersecurity solutions from research conducted in NCCoE labs. The primary goal of this workshop is to educate the audience about the vast amount of NIST and NCCoE resources that can be leveraged to solve the electric utility subsector’s most pressing cybersecurity issues.
NIST CSF and NCCoE Example Solutions
NCCoE engineer Jim McCarthy will open the workshop with a presentation of the NIST Cybersecurity Portfolio, which will include a high level discussion of the Cybersecurity Framework, NCCoE energy sector projects, and other relevant NIST cybersecurity offerings. Jim will also share key features of the example energy sector solutions developed at the NCCoE: Identity and Access Management (IdAM) and Situational Awareness.
The IdAM project demonstrates how a converged IdAM platform can provide a comprehensive view of all users within the enterprise across all silos, and the access rights users have been granted. The Situational Awareness project aims to help electric utilities detect and remediate anomalous conditions, investigate the chain of events that led to the anomalies, and share findings with other energy companies from a converged, automated platform. The NCCoE builds modular example solutions using commercially-available, standards based products, aiding in large or small scale integration.
Following Jim’s presentation, representatives will speak on the various perspectives in the energy sector. Each speaker will give a 20-minute presentation, followed by 10 minutes of Q&A.
- Mike Meason of the Western Farmers Electric Cooperative, a generation and transmission cooperative headquartered in Anadarko, OK, will address the challenges facing utility companies in the energy sector.
- Mike Prescher of Black & Veatch, a leading global engineering, consulting, and construction company, will discuss challenges to practical cybersecurity operations from an integrator perspective.
- Bob Lockhart of the Utilities Technology Council, a global trade association dedicated to serving critical infrastructure providers, will discuss survey results on subjects ranging from risk perception to security awareness.
- Dr. Mike Cohen of The MITRE Corporation will present “Identifying and Mitigating Supply Chain Risks in the Electric Energy Sector’s Production and Distribution Networks.” Dr. Cohen is presenting as a member of the DHS–Office of the Director of National Intelligence Analytical Exchange Program team who prepared the report on which the presentation is based.