Town Hall Meeting

EnergySec Town Hall, Online Event, November 10, 2020, 10:00-4:00PM ET, Panels and presentations discussing the cybersecurity challenges of smaller utilities and practical approaches to meet these head on. Sponsored by Archer, Tripwire and Waterfall

Registration is now open for our EnergySec Town Hall. This webinar will feature a town hall format, welcoming questions and discussion from all attendees where we will look at ways that organizations inside and outside the industry can work together to strengthen security in our industry.

The Zoom platform for this webinar is being graciously provided by Archer, register at the link below to reserve your seat.

The topic of cybersecurity for smaller utilities has been gaining prominence over the last several years. What has and is being done to grow and support cyber defense capabilities in this industry segment? What challenges remain to be tackled? What opportunities and pitfalls might lie ahead? We will hear from individuals that have been on the front lines of this issue and solicit input from Town Hall attendees to gain a broader perspective on the topic.

Moderator:

Panelists:

Steven Parker
Steven Parker
President of EnergySec
Steven Parker, CISA, CISSP, is a founding director of EnergySec. He has been engaged in critical infrastructure protection within the electric sector for more than 14 years, including eight years as a senior security staff member at a large west coast utility. He was also one of the original NERC CIP auditors for the WECC region. He has been with EnergySec full-time since 2010.

Panelists:

Jaret Pfluger
Jaret Pfluger
Tigsus
Jaret Pfluger (CIPT) is the Co-Host of EnergySec Distribution Chats. He has been an independent IT Consultant for 19 years and a Cybersecurity Consultant since 2012. Past work includes Fortune 500 and Energy Sector companies, particularly smaller distribution entities. Field experience includes enterprise, network, database and software architectures, edge microservice programming, game development, cloud and mobile platforms, ERP, CIS, SCADA, AVL, AMI, custom Maps (Google/OSM), and various integration projects. He codes in multiple computer languages and collaborates on GitHub (github.com/jpfluger). He has lived long-term in China, Ukraine and Spain but now resides in the United States. Jaret has served as President of the ILLOWA ISACA Chapter (2017-2018) and is the originator of the Cyber-Chats continued learning format, which he open-sourced under a Creative Commons license.
Cynthia Hsu
Cynthia Hsu
Cybersecurity Program Manager, NRECA
Cynthia develops user-defined projects and programs that build stronger cybersecurity practices across NRECA’s member utilities. She ran the Rural Cooperative Cybersecurity Capabilities (RC3) Program, a $7.5 million program funded by the DOE, which has created tools and resources used by more than 720 utilities. She believes cybersecurity is best accomplished using a strategy that is simultaneously focused on people, process and technology. Previously she worked for the U.S. House of Representatives’ Committee on Science, Space, and Technology, and for the U.S. Department of Energy’s Office of Electricity Delivery and Energy Reliability.
APPA Representative – Invited
APPA Representative – Invited

Critical infrastructure sector owners, operators, and supervisors are part of an evolving operating environment that has proved to be beneficial with more advanced technology investment, but also challenging because of looming asymmetrical and sophisticated threats – cyber and physical in nature. Not one single entity can manage such complexity alone, because of the interdependencies and overall gaps in capacity. Therefore, it is vital that critical infrastructure stakeholders understand and appreciate this changing risk landscape and build resilient strategies to reduce the negative consequences.

Over the course of 2019, Toffler Associates helped NYPA and other New York State (NYS) critical infrastructure stakeholders establish a collaborative partnership amongst each other for the security and resilience of the NYS power grid. This presentation will provide an overview of the efforts, key milestones, and value for utility providers of any size across the U.S.

Speakers:

Caitlin Durkovich
Caitlin Durkovich
Director at Toffler Associates
Caitlin’s expertise in critical infrastructure security and resilience, including cybersecurity, makes her a uniquely valuable asset to clients navigating the complex operational challenges posed by our increasingly interconnected and interdependent global economy. Prior to joining Toffler Associates, Caitlin served as Assistant Secretary for Infrastructure Protection with the Department of Homeland Security under President Obama. She led the mission to protect critical infrastructure and redefined public-private risk management for emerging issues like complex mass attacks, electric grid security, cybersecurity, GPS resilience, and climate adaptation planning. Over the course of nearly two decades of developing physical and cyber risk management approaches, she has successfully advanced public-private partnerships that drive thought leadership, influence policy, and evolve industry practices to manage security and operational risks
Kenneth (KC) Carnes
Kenneth (KC) Carnes
Electric Sector Chair for InfraGard National
KC is a dynamic security executive that enjoys working in a complex critical infrastructure environment. He understands and articulates risk, compliance and organizational strategy to individuals at all levels. His focus is on ensuring compliance with well-designed controls, processes and policies. He is passionate about increasing security in critical infrastructure along with building the partnerships that foster great information sharing. KC currently serves as the Electric Sector Chair for InfraGard National.
Dave Baber
Dave Baber
Director at Toffler Associates
Dave brings an approach to managing transformational change through strategic foresight, design, and risk management. He brings a future-focused approach to develop an understanding of the key drivers that will impact organizations. In addition, he builds stakeholder consensus for the strategic efforts necessary to produce lasting value. He has demonstrated this through his leadership in the Army National Guard for his 18 years of service to his community and Nation completing combat tours in Iraq and Afghanistan. He is currently assigned as a Brigade Operations Officer and an active member of the Chief, National Guard Bureau's Innovation Team (NGIT). In this role, Dave advises the Chief and his leadership team on key challenges facing the National Guard.

Carter Manucy from Florida Municipal Power Authority (FMPA) will discuss shared services models being deployed through Hometown Connections to provide security assessments and similar services to small public power entities.

Speaker:

Carter Manucy
Carter Manucy
IT/OT & Cybersecurity Director for Florida Municipal Power Agency
Carter Manucy is the IT/OT & Cybersecurity Director for Florida Municipal Power Agency, a joint-action agency in Orlando, Florida. At FMPA his responsibility over all of corporate Information Technology as well as the Operational Technology as it relates to FMPA’s generation assets. With more than 25 years of experience, Carter has held numerous roles in the IT/OT domain while maintaining a passion for cybersecurity. Carter often advises for the interests of APPA (American Public Power Association) and other municipal trade organizations in regard to cybersecurity, policy and NERC CIP compliance. Carter is currently the chair for the Cyber Mutual Assistance Coordinator Committee, was a voting member for NERC CIPC, and acts as chair/author/member/participant/contributor for numerous other committees, groups and publications in the cyber security and compliance arenas.

Resource constraints create inherent limitations to the extent of capabilities that can be internally developed at smaller utilities. In contrast, many large utilities have built comprehensive cybersecurity capabilities across a broad range of disciplines. In what ways might larger utilities provide assistance to smaller utilities? Can collaboration between organizations of different sizes strengthen all parties? These questions and more will be discussed in this panel along with questions and ideas from Town Hall participants.

Moderator:

Panelists:

Navroop Mitter
Navroop Mitter
CEO of ArmorText
Prior to launching ArmorText, the world’s first secure collaboration and teams platform designed for critical infrastructure and secure cross-enterprise information sharing, Navroop was a senior manager at Accenture’s North American Security Practice. He spent a significant portion of his career identifying opportunities in the governance, risk, compliance, business continuity, and cyber resilience fields in emerging markets. Navroop led international engagements and successfully built profitable cyber security practices in the United States, Sweden, and Argentina. Navroop is routinely sought after for his advice on how to safeguard sensitive communications and strengthen system-wide emergency response preparedness throughout the critical infrastructure community. He has presented at major industry events sponsored by the National Council of Information Sharing and Analysis Centers, Florida Institute for Human & Machine Cognition, American Turkish Council’s International Business and Technology Forum, Northwestern University Law School, and Williamson College Business School. He serves on several technology advisory boards, and has repeatedly been called upon to brief state and presidential campaigns as well as legislators and congressional staffers on the nuts and bolts of encryption, cyber threats to national security, and public policy.

Panelists:

Ryan Burkett
Ryan Burkett
Threat Intelligence Analyst at Xcel Energy
Ryan is a Threat Intelligence Consultant at Xcel Energy. They stay up to date on any and all threats to the company and the different operating companies, covering all 10 states, 15,000+ employees and contractors, and 5 million+ customers. He recently joined Xcel after his eight years in the Army where he served as a Threat Lead and a Cyber Security Subject Matter Expert within three-letter agencies for the U.S. government. In his free time, he attempts to avoid digital frequencies and head outside to do something with his wife and two children.
Matt Anglin
Matt Anglin
CISO at New York Independent System Operator
Matt Anglin is the Director, Enterprise Security & Chief Information Security Officer for the New York Independent System Operator (NYISO), which operates New York’s high-voltage transmission system, manages the state’s competitive wholesale electricity markets, and conducts comprehensive power system planning. In this role, Matt oversees the cyber & physical security programs for the NYISO, which is designated as national critical infrastructure by the Department of Homeland Security. Matt has also led the NYISO’s IT infrastructure, operations and software development teams, and served as Acting Chief Information Officer in 2015.
Prior to joining the NYISO, Matt held senior IT leadership roles at healthcare and financial services organizations, and he began his career as a member of the United States Army Signal Corps, serving at various locations throughout the world.
Matt holds a Bachelor of Science in Telecommunications Management from the State University of New York, and a Master of Science in Technology Management from the University of Maryland.
Phil Clark
Phil Clark
Director of Corporate Security for AECC
Phil Clark is the Director of Corporate Security for Arkansas Electric Cooperative Corporation (AECC).
AECC is a Generation and Transmission Cooperative, serving seventeen (17) Electric Distribution Cooperatives that provide power to over half a million homes, farms, and businesses across two-thirds of the State of Arkansas.
His responsibilities include cyber and physical security as well as leadership on CIP compliance efforts.
He is active in security and reliability working groups at both regional and national levels.
He believes collaboration within the industry is an important aspect of securing the reliability of the Bulk Electric System.
Marc Child
Marc Child
Marc A. Child CISSP, GICSP
Marc Child is an information security professional with twenty-three years’ experience in cyber, physical, personnel, and data security. As Information Security Program Manager for Great River Energy, he has responsibility for managing the design and implementation of a security program for Minnesota’s second largest electric utility, including ensuring compliance with NERC Critical Infrastructure Protection regulations. From 2016-2020, Marc served as Chairman of the Critical Infrastructure Protection Committee at the North American Electric Reliability Corporation (NERC) – and has volunteered in various security roles with the regional reliability authority, the Midwest Reliability Organization. He serves on the Advisory Board at Thomas Edison State University for their graduate course in critical infrastructure cybersecurity, which he helped develop. Marc earned his CISSP certification in 2000 and completed his GICSP certification in 2014 (Industrial Cyber Security). Marc lives in central Minnesota with his wife Lisa and two teenagers, who look up from their phones once in a while.
Branndon Kelley
Branndon Kelley
Senior vice-president of Technology & Innovation / CIO
Branndon is the proud father to Jackson and a nationally recognized innovative CIO that has spent the last 20 years providing vision, leadership, governance and execution for technology programs, projects and departments. He brings a diverse background leading the development and deployment of enterprise-level technology solutions in a wide variety of business environments including education, government, financial services, energy, healthcare and manufacturing. His experience spans technology operations, infrastructure, application development, project management, cyber security, executive leadership, strategy, and business development. His technology skills and businessacumen allow him to communicate to individuals from a technical to executive-level and help organizations transform and realize business value through the implementation of strategic technology solutions. Those solutions range in size, complexity and scope including projects in both the private and public sector(s); up to 100 million in total contract value. As the senior vice-president of Technology & Innovation / CIO Branndon is a member of American Municipal Power’s executive team, where since 2009 he has lead a complete technology transformation, was named Intelligent Utility's 2012 CIO of the Year, recognized in 2014 as one of the 20 Most Innovative CIOs, awarded the 2015 Frost & Sullivan CIO Impact Award & inductee in the 2017 Smart50, 2018 & 2019 Tech Power Players. Branndon oversees information technology, operation technology / SCADA and enterprise cyber security functions, projects and people. He is responsible forsetting, facilitating and leading technology strategy and tactical execution. In addition to his role at Branndon is a member of the Hometown Connections, Inc. board of directors. Branndon has a BS in Computer Information Systems, and a MBA focused in Finance. In addition to the recognition and awards mentioned above Branndon has been included in the DeVry Wall of Fame, awarded the DeVry Pinnacle, honored with Keller's top 40 for 40th & has been a graduation commencement keynote speaker several times. He holds a number of certifications and is an adjunct college professor.

Thank-you to our sponsors