Upload
amber-gorman
View
236
Download
2
Tags:
Embed Size (px)
Citation preview
© 2012 IBM Corporation
IBM Security Systems
1© 2013 IBM Corporation
Electric Sector Security Awareness Rising
1 May 2013
IBM Industry Security
© 2012 IBM Corporation
IBM Security Systems
2© 2013 IBM Corporation2
In the beginning ...
© 2012 IBM Corporation
IBM Security Systems
3© 2013 IBM Corporation
Presenting: the grid
© 2012 IBM Corporation
IBM Security Systems
4© 2013 IBM Corporation4
The great convergence
© 2012 IBM Corporation
IBM Security Systems
5© 2013 IBM Corporation
Grid operations and security
© 2012 IBM Corporation
IBM Security Systems
6
Both sides of the aisle care about this
© 2012 IBM Corporation
IBM Security Systems
7
Environment & Smart Grid security: connecting the dots
1) Environment improves when fossil fuel use is reduced
2) Utility-scale and DG wind, solar, hydro + EE + DR help reduce fossil fuel use
3) But the legacy grid can't tolerate the high levels of intermittency in wind and solar
4) So in the US and elsewhere we're modernizing the grid for this (and a number of other reasons)
5) However, if adversaries can reveal the Smart Grid to be susceptible to repeated, disruptive attacks, we won't trust it enough to deploy it
6) Many orgs and individuals are working to secure the Smart Grid
7) However, since we don't measure security it's hard to know how secure/insecure we are at present, and if/when it's secure enough based on risk tolerance
8) Developing and deploying mutually agreed version 1.0 security metrics and using them to identify gaps and roadmap to an improved state can get us back to the top
© 2012 IBM Corporation
IBM Security Systems
8
– Presidential EO and NIST Crit Infra Cybersecurity Framework working group (Mar 2013)• Developing metrics to baseline CI providers
– DOE's Electricity Subsector Cybersecurity Maturity Model (Jun 2012)• Metrics for utilities to use to baseline and gauge effectiveness
– DOE’s Electricity Subsector Risk Management Process (May 2012)• Help translating cybersecurity into risk management framework
– NARUC's Cybersecurity for State Regulators (Jun 2012, Feb 2013 update)• Questions utilities will be asked by their state public utility commissions
– NIST’s NISTIR 7628 Assessment Guide (Aug 2012)
– NRECA's Guide to Developing a Cybersecurity and Risk Mitigation Plan (June 2011)
A measurement movement is forming
© 2012 IBM Corporation
IBM Security Systems
9
Security Governance for utilities
1. Security as risk management
2. A fully integrated security
enterprise
3. Security by design
4. Business-oriented security metrics
and measurement
5. Change that begins at the top
6. IBM’s 10 essential security
actions
© 2012 IBM Corporation
IBM Security Systems
10
Making security metrics – here's a start
© 2012 IBM Corporation
IBM Security Systems
11
Ibm.com/energyibm.com/security
© Copyright IBM Corporation 2012. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and/or capabilities referenced in these materials may change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others.
Andy Bochman
WW Energy Security Lead
Andy Bochman
WW Energy Security Lead