Securing Industrial Control Systems –
The challenge, and a common-sense solution
February 7, 2018
10:00 AM PST
Cyber attacks on critical infrastructure have risen more than 24% over the past year. More Intelligent Electronic Devices (IEDs) are being deployed in Bulk Electric Systems (BES), Oil & Gas, and Transportation in order to be able to gather more data and to help optimize efficiency. In turn, cybercriminals focus their attention on Industrial Controls Systems (ICS) as targets. In order for operators to be able to defend against these attacks, they must implement a Defense in Depth strategy utilizing standards such as IEC 624423 and ISO 27001 along with guidelines such as the NIST Cybersecurity Framework, and NCCOE Situational Awareness Planning Guide NIST SP 1800-7. While the implementation of any single strategy will not lead to full cybersecurity compliance, the adaptation of Defense in Depth and with the implementation of more than one of these standards, the likelihood of an attacker being successful can be greatly reduced.
Jeff Foley | Sr. Business Development Manager, SIEMENS
Steve Parker | President, EnergySec
Jeff joined Siemens in 1998 spending 13 years designing, architecting and deploying carrier grade IT networks for major telcos in North America focusing on networking, applications, and cyber security. The past 6 years have been spent specializing in bringing IT security and best practices into the OT environment for Industrial Control systems around Utilities, Oil & Gas and other industrial networks.
In 2015 hosted a Cyber Security NERC CIP Roadshow in 12 locations across the U.S. helping utilities prepare for the transition from CIP v3 to CIP v5.
Contributor to the National Cybersecurity Center of Excellence NIST SP 1800-7 Situational Awareness for Electric Utilities Practice Guide.
In the past several years, spoken on Cyber Security on the OT Environment conferences in 10 countries regarding NERC CIP, NERC 1300, NIST, ISO 27001, National Council of Operations: Article #733, IEC 62443, 61850, and IEEE SmartGridComm.
Steven Parker, CISA, CISSP, is a founding director of EnergySec. He has been engaged in critical infrastructure protection within the electric sector for more than 14 years, including eight years as a senior security staff member at a large west coast utility. He was also one of the original NERC CIP auditors for the WECC region. He has been with EnergySec full-time since 2010.