14th Annual Security
& Compliance Summit

Abstracts and Bios

We are pleased to welcome our 2018 presenters and speakers! Click each title to view the abstract and speaker bios.

Click individual topics to view more details.

Summit 2018 - Speaker

Abstract

The digitalization of utilities promises to optimize the supply and demand of electricity, manage the increasing number of renewable sources of energy and micro grids while offering efficiency improvements for consumers.  Furthermore, the large volumes of data generated, combined with predictive analytics allows utilities to transition to a proactive mode of asset management. Such a far-reaching digital transformation comes with many challenges for critical infrastructures, with cyber security near the top of the list. Although NERC CIP compliance is essential to ensure a common baseline across the industry, it cannot be the only measure used by power utilities to manage their security risks. To keep the electric grid secure and reliable, a proactive security program must be put in place, taking full advantage of modern technology, up to date processes and a highly trained workforce.


Gaétan Houle

As part of his 30 years of experience in all aspects of security, Gaétan has held several senior positions in the Canadian Federal Government, including Chief Engineer Communications Security with the Department of National Defence, Director Corporate Security with the Department of Foreign Affairs and Consul at the Canadian Embassy in Peru, following the 1996-97 terrorist crisis in Lima.

In the private sector, he has worked as Chief Security Officer for several multinational corporations such as Bombardier Aerospace, Airbus Group (Paris, France) and Bell Canada, where he personally wrote the security plan to protect the telecom infrastructure for the 2010 Winter Olympics in Vancouver. In 2016, after having worked for four years as the National Cybersecurity Practice Leader for Ernst & Young Canada, Gaétan joined SNC Lavalin as the Principal Security Architect where he and his team help clients in the energy industry protect their critical infrastructure.

Gaétan has a Bachelor’s degree in Electrical Engineering from the Royal Military College of Canada and an MBA from the Jones International University.  He is a member of the Professional Engineers of Ontario, and is also an active member of the IEC TC57 WG 15, an international working group dedicated to the development of advanced security standards used by power utilities.

Abstract

Historically, NERC CIP compliance has been a manually intensive, complex process. This talk will share ideas on how to ease the process of patch and vulnerability management and outline how asset owners can automate asset inventory (identification of device part number, firmware version, vendor, model, serial number) in a passive way for all their substation assets, thus eliminating site visits and manual processes, while ensuring a more accurate inventory without the risk of data entry errors.


Brian Proctor

Brian has spent most of his career (13+ years) as a ICS/SCADA cybersecurity engineer and cybersecurity team lead working for two progressive California Investor Owned Utilities (IOUs). He holds a variety of technical certifications, including the Global Industrial Control System Professional (GICSP), Certified Information Systems Security Professional (CISSP), Certified in Risk and Information Systems Control (CRISC), and is certified in project management from University of California at Irvine. In 2013, Brian was presented with the Critical Infrastructure Private Sector award from Securing our eCity, a San Diego based cybersecurity non-profit organization. In 2016, Brian was a co-inventor of a R&D magazine top 100 award winner for one of the top inventions of the year relating to a GPS anti-spoofing mitigation technology.


Brandon Workentin

Brandon Workentin joined SecurityMatters as an ICS Security Engineer in 2017. Prior to that, Brandon worked for EnergySec, where he started as an intern in 2014 and finished as a Cybersecurity Analyst II. At EnergySec, Brandon focused on security regulations, including the NERC CIP cybersecurity standards, as well as threats, research, and news affecting the electric industry. He was also involved in the creation of the EnergySec Information Sharing and Analysis Organization (ISAO), as well as a member of multiple ISAO Standards Organization Working Groups. Prior to joining the cybersecurity field, Brandon spent several years teaching math and English in Idaho and Oregon.

Brandon also enjoys public speaking, having presented at BSides Tampa 2017, regularly providing briefings to electric industry groups, and working with !NTERRUPT, a non-profit focused on introducing cybersecurity to high school students. He has a Bachelors of Arts in Mathematics and English Education from Northwest Nazarene University and an Associates of Science in Cybersecurity and Networking from Mt. Hood Community College.

Abstract

Top Concerns for the ICS manager: What’s missing in ICS environments? Top security gaps in an ICS network.

1. Understanding what you have in your network

2. Threat Detection in the OT environment

3. Blindspots of physical access to devices


Joe Scotto

Joe is a senior marketing executive with broad experience building and leading marketing teams for a variety of global B2B organizations in the technology, defense, telecom and publishing industries. As Chief Marketing Officer at Indegy, he is defining the Industrial Control Systems market category and creating breakthrough programs to drive market awareness and thought leadership. Prior to Indegy, Joe held a number of sales, channel and marketing roles with organizations, including BAE Systems, Avaya and Time Warner. Joe is a graduate of NYU Stern School of Business with an MBA in Marketing.

Thomas Nuth

Nozomi Networks

 

 

 

 

 


 

Gabe Authier

Tripwire

 

 

 

 

 

 

 

 

 

Abstract

In this presentation Ben Winslet will explore Building an education pipeline to satisfy industry needs. He will look at the state of education as it relates to producing qualified and competent security analysts the industry currently needs and will need in ever increasing numbers over the coming years. Exploring current offerings, potential avenues of cooperation between industry and academia, and compensating measures that industry can take until the academic programs are built and take hold, there is a rather grim outlook on the interim supply of security professionals interested and educated in industrial controls security in general and power systems in particular.


Ben Winslet

Ben Winslet is a Senior Security Analyst for critical infrastructure for Arizona Public Service (APS). Based in Phoenix, APS is Arizona’s largest electric company and serves nearly 1.2 million customers around the state. Ben is responsible for information system and industrial control security and compliance in corporate and process control networks throughout the APS enterprise. He began his career at APS in 2016 coming to the company from Lockheed Martin, where he served in a variety of roles throughout Lockheed, including staff network engineer for Public Service Enterprises Group – Long Island (PSEG-LI), Information Technology manager for Department of Energy physical security operations at the Nevada National Security Site, and senior systems engineer for advanced ground systems development and operations. He is engaged in the community, currently expanding the information security offerings at local community colleges as adjunct faculty teaching courses in power systems security, Linux, and information security fundamentals. A Georgia native, Ben earned a Bachelor’s of Science degree from Arizona State University in Technical Writing and a Master’s of Science in Information Assurance, with an emphasis on Digital Forensics, from Norwich University and is a Certified Information Systems Security Professional (CISSP). In addition to cyber security and collegiate teaching, Ben writes for a number of national publications on topics of cyber security, arms development, and defense.

Abstract

The DOE Cyber Defense Competition (CDC) is a competition that focuses on the defensive/hardening nature of cyber security. Similar to other industry competitions the CDC has a Blue Team (defenders) that protects a network infrastructure from the Red Team (attackers). The teams consist of college students who secure and harden their competition system. A red team consists of students or industry professionals that work to cause cyber destruction to the blue teams’ network infrastructures. The competition is scored utilizing a point system. Nate Evans will discuss the aspects and benefits of the DOE CDC.


Nate Evans

Nate Evans currently serves as the lead for the Cyber Operations, Analysis and Research group at Argonne National Laboratory. Nate received his Doctorate in Computer Engineering with a specialty in Cybersecurity from Iowa State University. Prior to joining Argonne, Nate managed cybersecurity and cyber defense activities at several private-sector companies. He is considered a key asset by the Department of Homeland Security (DHS) in several cybersecurity capabilities including the development of a cybersecurity vulnerability assessment for field use, analysis of cybersecurity consequence and threat studies, and leading the pilot cyber-physical regional assessment. Nate along with the team have also developed an R&D 100 wining operational instance of moving target defense (MTD) and he has led the Department of Energy in the development of a Cyber Defense Competition for workforce development.

Abstract

On February 15, 2017 a fault combined with a critical component of a protection scheme being disabled contributed to the catastrophic loss of a distribution substation in Ephrata, WA. Through a forensic review the root cause analysis team was able to determine when the component was taken out of service but the long-standing security protections of a mechanically-keyed padlock and paper log book lacked the capability to show who was in the substation at that time. A further investigation found a staggering number of keys unaccounted for. The Security and Operations teams sought a solution to address the forensic shortcomings of the existing security scheme as well as a cost-effective option to maintain key control. With CIP Low Impact requirements on the horizon, the time was right for a fresh approach. This sessions provides greater detail on the process Grant PUD used to meet operational, security, and compliance requirements leveraging the emerging technology of electronic locks.


Nick Weber

Nick Weber has worked in the security field for over 15 years. He currently serves as the Security Manager at Grant County PUD. Prior to joining Grant, he served as a Cyber and Physical Security Auditor at the Western Electricity Coordinating Council (WECC). Mr. Weber also worked for the U.S. Department of Homeland Security as a Critical Infrastructure Assessment Team Leader and later an Energy Sector Specialist. As an Assessment Team Leader he conducted security and resilience assessments at critical infrastructure sites across the United States. As an Energy Sector Specialist he worked to develop and leverage relationships with critical infrastructure stakeholders and government agencies to increase the resilience of the nation’s most critical assets. Nick has served as a Cavalry officer for 14 years in the Army Reserve and National Guard, most recently leading a Cyber Network Defense team. He holds the Master of Science in Organizational Leadership from Quinnipiac University and has earned a Bachelor of Science degree from the University of Idaho. He was selected as a member of the Security Systems News 20 Under 40 class of 2014 and currently holds the Certified Protection Professional (CPP), Physical Security Professional (PSP), Professional Certified Investigator (PCI), CompTIA Security+, Certified Business Resilience Manager, and Certified Business Resilience Auditor certifications.

Abstract

When an intrusion happens, it is often hard to know when sharing intrusion data is appropriate. Additionally, it is often hard to know what to share. As a result, a majority of data sharing revolves around indicators usually at the expense of keeping critical behavioral signs of the attack internal. In this talk, we will look at how asset owners can share behavioral data observed during an intrusion with other asset owners. We will talk about what data might be valuable to other asset owners and how asset owners can sanitize data as not to leak inappropriate intrusion details. Finally, we will look at how the asset owner receiving the data can use the behavioral data in both a threat hunting and incident response scenario. Quicker sharing of information means less dwell time for an adversary in a victim network.


Dan Gunter

Dan Gunter is a Principal Threat Analyst at the industrial cyber security company Dragos, Inc. where he discovers, analyzes and neutralizes threats inside of ICS/SCADA networks. In this capacity, he performs threat hunting, incident response, and malware analysis mission for the industrial community. Previous to his role at Dragos, Dan served in a variety of Information Security roles as a Cyber Warfare Officer in the United States Air Force with duties ranging from Incident Response at the Air Force Computer Emergency Response Team to developing innovative capabilities for multiple Department of Defense partners. Dan previously presented at Blackhat, s4x18, and Shmoocon.

 

 

 

 


Marc Seitz

Marc Seitz is a Threat Analyst, Threat Operations Center, at the industrial cyber security company Dragos, Inc. where he coordinates industrial control system cyber test lab functions as well as performing threat hunting services in ICS networks. Marc is a specialist in designing and implementing innovative simulated industrial environments to provide a safe and realistic training and attack simulation experience for internal and external analysts. He also conducts onsite vulnerability assessments and threat hunting services for customers in a variety of verticals.

Abstract

In February 2018, a malware was found using SCADA HMI computer in a water facility for crypo-mining. The malware was using extensive computing and networking resources risking the operation of the local automation process. The presentation will start give an overview of IT malwares impacting OT networks and give details of the specific cryptojacking attack, the way it was detected and the results of the forensic activities. We will conclude with lessons learned and how to prevent such attacks in the future.


Ilan Barda

Ilan Barda is the founder and CEO of Radiflow, a leading provider of ICS/SCADA cyber security solutions. Ilan has an extensive cyber-security experience from his service in an elite technology division in the Israeli Defense Forces. Following his army service, Ilan worked in various R&D and Business development positions in cyber-security and communicaKon companies. Prior to founding Radiflow, Mr. Barda was the CEO of a Siemens subsidiary with world-wide annual business of about $100M.

Abstract

Industrial facilities utilize many of the same security practices and procedures that are used in a traditional IT environment, but are originally tailored for IT not for OT. While similar work is being done, the consequences of the work can be vastly different. This means that operations and security/OT/IT personnel can be at odds, fighting over how best to perform a task and leading to the misconception that security personnel may move forward without usual regard for the systems affected. Work at industrial facilities is conducted under carefully controlled work management processes, more so for heavily regulated industries like nuclear power or chemical. These processes allow many different types of work to be done in and around equipment, incorporating safety, reliability, and sound engineering judgement. By integrating with this existing process, OT Security personnel can take advantage of the existing plant work
processes to ensure their own work is done in a secure, reliable and safe manner, combating the entropy that invariably follows introduction of security into a facility. This talk with share what the work management process is in broad strokes, how work is scheduled and approved at an industrial facility, the benefits of using the process, and how ICS security work can be integrated into the process for better efficiency, risk reduction, andconsistency.


Mike Toecker

Michael Toecker is the Chief Technical Officer of inspekt.us and a security engineer specializing in the cyber security of electric power systems. Mr. Toecker has spent 13 years working in electric power and control system security, first at a Big 5 power engineering firm, then at the power generation arm of a major utility, and later at control system security firm Digital Bond. Toecker then started the boutique consulting firm, Context Industrial Security, in April of 2014 to continue his work in control systems security. While at Context,
Toecker has worked with electric utilities, manufacturing, chemical, and water on implementation of quality cyber security practices. After several years of practical experience, Toecker has developed several product ideas based on his observations of industry and cyber security and last year formed inspekt.us with Elisabeth Stephany to translate those ideas into practical products for the industrial security community.

Abstract

If you think an air gap prevents communication out of and into your industrial control system, you are wrong. We’ll be exploring various ways to send data across an air-gap in Industrial Control Systems and other environments, including a live demo. Is it really possible to send data across an air-gap where no network has been connected? (No we’re not talking about wifi, bluetooth, wirelessHART etc.) Can it be done without physical modification to your existing plant? Can we get that paragon of virtue- a data diode -to pass information in both directions without physically touching it? Find out.


Monta Elkins

Monta Elkins is currently “Hacker-in-Chief” for FoxGuard Solutions, an ICS patch provider.  He is a security researcher / consultant and BFF’s with the elusive #TrooperBR549.  Considered by many of his friends to be the Chuck Norris of ICS Cybersecurity, Rackspace enjoyed his tenure a Security Architect and Radford University hired him as their first Information Security Officer.

As the World’s Foremost Cordless Drill Hacker/Musician, Monta has been a speaker at more security and ICS conferences than even his enormous ego can remember including: DEFCON, EnergySec, GE Digital Energy, ICSJWG, Toshiba ICS, GridSecCon, CIP Emerging Technology Roundtable, ICS CyberSecurity, UTC Telecom, SANS ICS Summit, and Nuke CIP Pyongyang.  In his spare time Monta is the creator of a totally-safe-for-work YouTube channel, solving all the worlds IoT and IIoT problems using cold war era technologies.

Known for having once discovered ALL the devices on an ICS network, Monta is the author and instructor of “Defense against the dark arts” a series of hands-on hacker tools and techniques classes.  He has served as a guest lecturer for colleges, universities and elsewhere teaching Arduino programming / circuit design, SDR, and rapid prototyping techniques.  As a small child he entertained himself by memorizing Pi; all of it

David Reinecke

David Reinecke is the Sr. Manager of Cyber Security Engineering (CSE) at Xcel Energy. Based in Minneapolis, Xcel Energy’s operations include four utility subsidiaries that serve electricity and natural gas customers across eight states. He leads a team of 13 Cyber Security Engineers that support Information Technology, Cyber Security Tools, Network Security, and Operational Technology efforts.

David has over 20 years’ experience in the electric utility sector, with the past 14 managing compliance, infrastructure services, cyber security and technical staff. He joined Xcel Energy in 2013 and has held a variety of roles revolving around NERC CIP compliance and Cyber Security. He holds a Bachelor’s in Communications from the University of Colorado and a GSLC/GIAC Security Leadership certification.

 

 

 

 

 

 

 

Abstract

Often we fall back on examples of penalties to explain our justifications. But what if we could talk about it as a market mover? What if, much as vault salesmen of the 30’s, we could explain that our customers are looking for safety and security, and that if we show them that we may get their business? Equally as important is that when we tackle a compliance requirement, we fail to see how it touches on other regimes. By using a central guidance document such as the critical security controls, we can both see how the work we are doing is improving our security posture and also how it can satisfy other requirements. This way, whether a regulator is looking for NIST or ISO, we can say “Yes we can” to either one. The CIS Controls are our free guidance document and while they will be a part of this presentation, it will not be a sales pitch for them (although can you really sell free?)


Ryan Spelman

Ryan is a Senior Director at the Center for Internet (CIS), a nonprofit organization focused on improving cyber security for public and private sector entities. Ryan is responsible for identifying new opportunities to improve global cyber security and new partnerships for sharing CIS best practices and resources. Ryan also advises the membership on key areas such as insurance, regulation, and new developments around compliance.  As part of those responsibilities, Ryan led the development of template policy for NYS DFS regulations that are being used by hundreds of exempted entities across the North East. Prior to his work at CIS, Ryan served as Director of the New York State Senate’s CommiWee on Homeland Security. While serving as CommiWee Director, Ryan led and advised state legislators in developing statewide policies and legislation pertaining to homeland security and veterans, established the Homeland Security Business Roundtable, which brought together leaders of Fortune 500 companies and senior state public safety officials to collaborate on the development of security and disaster preparation policies, and represented the State Senate on the development of legislation that established New York State’s Division of Homeland Security and Emergency Services (DHSES). Ryan holds a Masters of Public Administration (MPA) from the University at Albany’s Nelson A. Rockefeller College of Public Affairs & Policy, specializing in Public Safety, a GIAC Critical Controls Certification, and a GIAC Security Leadership Certification. While he has presented in over 25 states and traveled to almost all 50, he prefers being home in upstate New York with his beautiful wife, wonderful kids and crazy dog.

Abstract

This talk will focus on the importance of collaboration between industry, government and academia to mitigate the growing cyber threats faced by the Energy Delivery Systems (EDS). It will identify past initiatives where cutting edge research had transitioned to industry adoption and explore how academic research consortiums (such as CREDC) could be part of the solution in the future.


Dilhan Rodrigo

Dilhan Rodrigo is the Managing Director for CREDC. He has wide utility experience, having worked at multiple Independent System Operators in progressive roles in Transmission Settlement, Market & Customer Information Systems Management, Market Systems & Process Design, Regulatory and Program Management. Prior to joining CREDC, Dilhan led electricity system operation and market impact studies related to renewables integration & coal generation retirements, non-generating resources providing grid support/ancillary services and managed interjurisdictional electricity transfer capability enhancements. Dilhan holds an MBA from De Monaort University, United Kingdom.

 

 

 

 

 

 

 

 

 

Abstract

The EPRI Cyber Security Program has formally kicked off collaboration on the ICS Forensics Working Group. This group is joined to foster collaborate efforts in forensics transition to practice for ICS practitioners; initially focusing on those in the electric sector. This working group will be a source for future EPRI project guidance and an opportunity for technology transfer. The working group leverages work performed by participating utilities, other stake holders, and by EPRI to: Provide a forum for the exchange of knowledge and best practices for forensics in electric sector ICS information technology and operational environments, sharing and analysis of current and next-generation concepts and technologies for improving utility security postures through the use of forensics science and techniques, increasing collaboration and information sharing between utilities, and the development of a detailed knowledge base repository supporting forensics analysis.


Glen Chason

Glen is a Principal Technical Leader – Cyber Security in Power Delivery and Utilization at EPRI. In this role at EPRI, Glen leads numerous projects in the areas of Threat Assessment, Incident Response, Forensics, and the analysis of security for embedded systems. He also provides technical leadership for other projects in the areas of, Malware Analysis, Timing Security, and Security Architecture. Glen also participates in working groups and technical committees on cyber security for the electric sector.

Abstract

The presentation will begin by briefly immersing the audience with a visual and descriptive analysis of significant past and present physical and cyber threats to the energy grid before reinforcing the need for building resilience into not only grid infrastructure but corporate infrastructure as well. To emphasize the importance of this need, specific examples will be offered where damage was mitigated by building resilience into the grid to withstand catastrophic events. The discussion will then shift slightly to explore some of the driving motivations behind threat actors (namely Russia and China) activities with regard to cyber warfare and how the activities we see today fit into the publicly stated intentions and goals of these entities. Tying into this, the discussion will then explore what may be potentially uncommon threats that have the capacity to create far greater problems than attendees may realize. In conclusion, the presentation will advocate a proactive and aggressive approach to planning for emergency and catastrophic events in which planners should view planning from a different perspective at all points, including the pre-planning phase, event activities phase and post-recovery and reconstitution phases.


Ronald Keen

Currently the Senior Advisor for Energy issues to the Assistant Secretary for Infrastructure Protection at the U.S. Department of Homeland Security, Ronald Keen is a distinguished and decorated retired Air Force officer with an extensive background in intelligence, as well as ballistic missile and space systems operations. After retiring from the Air Force, Ron briefly worked developing and testing next generation satellite command and control systems before taking a position as a Division Director with the Indiana State government where he directed a staff of economists, accountants, engineers, analysts and lawyers researching issues within the utility regulatory environment. Retiring after an illustrious career and having personally provided over 150 instances of expert written and oral testimony before local, state and Federal regulatory bodies on energy and telecommunication issues, Ron accepted the opportunities and challenges of his current position. A published author of science fiction novels, Ron is a graduate of Embry Riddle Aeronautical University with a Masters in Aeronautical Science and earned his Bachelors at the University of Texas Southwest. He is married to the former Susan Boyll and is the father of five children.

 

 

 

 

 

 

 

Abstract

This talk will explore tools and metrics to evaluate the coverage of security monitoring techniques (e.g., netflows, event logs, IDS alerts) within energy delivery system networks. It will demonstrate how the proposed techniques can be used by utilities and vendors to evaluate the can be used by utilities and vendors to evaluate the effectiveness of their monitoring strategies to ensure they have sufficient coverage of potential attacks. Case-studies of this work will be demonstrated on real system platforms at WSU.


Adam Hahn

Adam Hahn is currently an Assistant Professor in the Department of Electrical Engineering and Computer Science at Washington State University. His research interests include cybersecurity of the smart grid and cyber-physical systems (CPS), including intrusion detection, risk modeling, vulnerability assessment, and secure system architectures. He received M.S. and Ph.D. degrees from the Department of Electrical and Computer Engineering at Iowa State University in 2006 and 2013. Previously, he worked as a Senior Information Security Engineer at the MITRE Corporation, supporting numerous cybersecurity assessments within the federal government and leading research projects in CPS security.

Abstract

Power generation reliability metrics are positively impacted by effective operational risk management. The plant manager’s reliability strategy can be summarized as finding ways to minimize the frequency of outages and / or the duration of outages within a budget that supports the CFO’s target generating costs. It is within this context that cyber risk to the digital plant infrastructure must be understood and managed. For a plant manager to adopt and support new cyber security policies that require O&M resources, he must understand the relative positive impact these will have on reliability as compared to applying these same resources to other preventive maintenance measures. The information required to make this comparison to support a rational, well-informed risk management decision is the subject of this presentation. To make effective comparisons between cyber risk and operational risk, it is necessary to normalize the analysis results through the use of a common model that generates quantitative financial metrics. Once quantified in a common metric, cyber risk can be de-mystified and evaluated against other high-priority operational risk issues. The result of applying limited budget in appropriate amounts to properly prioritized risk issues results in optimal risk management and therefore more reliable and safe operations.


Mike Radigan

Mike Radigan has a 17 year career in the cyber risk management and network security industries. His subject matter expertise in expressing cyber risk in financial or “business terms” provides a unique and highly valued perspective to decision makers. Mike joined Leidos Cyber, Inc. in December of 2017 and is responsible for the Operational Technology (OT) / Industrial Control System (ICS) cyber security strategy and managing the partner relationships that enable the OT strategy. Mike came to Leidos from ABB Power Generation where he held the role of Sr. Advisor of Cyber Risk Management providing customers guidance on managing the cyber and compliance risk posed to their operations.

Abstract

The definition of cooperation is involving mutual assistance in working toward a common goal. We as a Cooperative community rely on the 7 cooperative principles, we are guided by these principles. I see a strong effort on the military side as well as the Cooperative side to strengthen our nation. I also see some real obstacles in the way. I’m proposing an effort to build a “cooperation” between the two in attempts to streamline or simplify the overall goal. Our mission is clear and that is to do whatever it takes to defend this great nation. This is why I think our efforts are so important. With that being said I’d like to suggest we begin an operation for cooperation between the Army National Guard and Cooperatives, Operation Coop.


Ryan Newlon

A System and Network Administrator for Co-Mo Electric Cooperative Inc. located in Tipton, Missouri for the past 2 years. In addition, Ryan has had the honor of serving our country for the past 17 years as part of the Missouri Army National Guard as a Signal Chief Warrant Officer 3 (CW3) for the MOCyber Unit.

Abstract

The CIP presentation will provide industry with a status update on the current CIP project (Project 2016-02). Main points covered during this presentation will be the CIP-003 (FERC Order 843), CIP-002 (IROL changes) and the virtualization and future technology upgrade being made to the CIP standards.


Scott Klauminzer

Scott is currently the CIP Program Manager for Tacoma Power, and has over 28 years of IT and Security experience. He is currently participating in the development of the DOE’s ES-C2M2 updates, and the NERC CIP Standards as a Drafting Team Member. He has participated in the development of the NIST Cyber Security Framework and the ISO 27019 ICS Security Controls. He has extensive experience in developing and delivering security programs for NERC CIP, HIPAA, PCI, and ISO 27K. He loves to tinker with technology, but being outdoors with family, and coaching and paddling with dragon boat and outrigger canoe teams is what keeps him happy.


 

Jake Brown

Jake Brown is the Lead Systems Architect for the Electric Reliability Council of Texas (ERCOT), and is a member of the NERC CIP Standards Drafting Team that is working on changes to the CIP standards, including Virtualization. At ERCOT, Jake is responsible for the architecture of all IT Infrastructure as well as the development of implementation guidance and governing principles for the organization. He has been implementing CIP Standards at ERCOT since Version 1. Prior to ERCOT, Jake held various Sr. Engineer level positions in several different industries including manufacturing, healthcare, education and IT Services. He has over 25 years of experience in IT, with the last 13 in the Energy industry and over 15 years of experience implementing various virtualization technologies, including VMWare, IBM Hardware Virtualization, and Microsoft Hyper-V.

Abstract

When an intrusion happens, it is often hard to know when sharing intrusion data is appropriate. Additionally, it is often hard to know what to share. As a result, a majority of data sharing revolves around indicators usually at the expense of keeping critical behavioral signs of the attack internal. In this talk, we will look at how asset owners can share behavioral data observed during an intrusion with other asset owners. We will talk about what data might be valuable to other asset owners and how asset owners can sanitize data as not to leak inappropriate intrusion details. Finally, we will look at how the asset owner receiving the data can use the behavioral data in both a threat hunting and incident response scenario. Quicker sharing of information means less dwell time for an adversary in a victim network.


Rita Foster

Rita Foster is the energy sector infrastructure security strategic advisor for Infrastructure Security department at the Idaho National Laboratory. Her focus has been research direction for the electric sector including insights to all-hazard threats (cyber, electro-magnetic, and physical). She identifies strategy and direction of research, testing and assessment activities at the Supervisory Control and Data Acquisition (SCADA) and control systems test beds and contributes in thought leadership. She serves on technical lead for multiple projects creating agile response capabilities. Department of Homeland Security Secretary, Janet Napolitano, appointed her to the strategic advisory council on cyber skills in 2012. Rita has been national recognized for research leadership in control system cyber security (Department of Defense Team of the Year 2016, SANS Innovation Award 2011, SCADA Leadership Award 2009) and control systems development (White House’s “2001 Closing the Circle’” and DOE 2001 National P2 Pollution Prevention Award). She has been invited to brief legislators, regulators (state and federal), and international policy makers on the cyber security issues with critical infrastructure. Rita has worked with the Federal Energy Regulatory Commission, Department of Homeland Security, Department of Energy, and industry (vendors and asset owners), participated in military exercises and other entities as a subject matter expert for cyber security of control systems for 13 years. She has worked at the lab for 28 years and has served as a technical lead for integrating control systems into a supervisory control for the certification and transport of transuranic waste which resulted in three national awards for products developed and vision. Her process control experience includes integrating over a dozen control systems for supervisory control, the training simulator for the advanced test reactor, HVAC for nuclear waste storage facilities, and command and control for military projects.


 

Abstract

The evolution of the Utility industry over the last 20 years has been remarkable. What once was an industry focused on the efficient production of power from fossil fuels has now evolved into a competitive market place with a focus on renewables, big data, aging workforce and now, more than ever, cybersecurity. Identifying and prioritizing cybersecurity strategies, fit for your environment, can be difficult as we are asked to manage more with less. This presentation will explore the complex challenges of the power industry, present the basics of cybersecurity that should be adopted by all organizations and how adopting solutions while partnering with key vendors can help reduce the overall complexity of implementing and maintaining a strong cybersecurity and compliance program.


Dave Foose

David Foose is Emerson’s Manager of Ovation Security Products. He has worked for Emerson’s development team for the last 8 years evaluating, developing and integrating multiple security solutions for usage in Emerson’s Ovation control system. David’s previous roles include over 20 years of experience at all phases of IT support and administration in multiple industries. He holds a Master’s Degree in Information Security and various certifications including the GICSP. This combined experience has given him the perspective needed to provide practical solutions for the multiple role professionals in today’s ICS community.

 

 

 

 


Glenn Heinl

Glenn Heinl, is the Vice President of North America Lifecycle Services for Power & Water Solutions. In this role, he has responsibility the overall leadership and direction of the Lifecycle Services organization including Regional Operations, Lifecycle and Educational Services, Security Solutions, and SureService and Lifecycle Proposals. Glenn also actively participates on the Emerson’s Global Lifecycle Services Council to facilitate knowledge sharing, collaboration and best practices for Lifecycle Services across business units and world areas. With more than 25 years of service at Emerson, Glenn is an integral part of the Power & Water Solutions organization focused on ensuring a high level of customer satisfaction while working to bring innovative project and service solutions to Power and Water customers nationwide.

Abstract

The challenges of an exponential rise in cyber risks, sophisticated cyberattacks, and a growing shortage of cybersecurity skills are now being felt in Operational Technology (OT) environments. Greg Villano, Industrial Automation and Control Cybersecurity Superintendent, is responsible for building Diamond Offshore’s innovative OT security program. He will discuss the business drivers and technical solution they implemented over now for nearly 4 years. Villano achieved executive support and funding, real-time anomaly detection, 24×7 security monitoring and global security operations in an efficient and OT-run Security Operations Center (SOC). This talk is relevant to many field applications.


Greg Villano

Greg Villano, IACS Cybersecurity Supervisor, Diamond Offshore Drilling has 30+ years working with industrial automation and control systems as a hands-on electrical engineer and supervisor as well as building concentrated skills in cybersecurity. He is responsible to quickly evaluate and accurately assess information and situational awareness factors for operations and cybersecurity in global drilling rigs and a fleet of support vessels. Greg’s experience leading the OT SOC for the past 4 hears has been requested by many as one of the early success stories for an OT SOC built by OT, for OT.

Join Our Fast Growing Membership Base Today!

Memberships Start At

$1,195/YR

Contact Us

Send us an email and we'll get back to you, asap.

Not readable? Change text. captcha txt