7
FOR MORE INFORMATION, VISIT WWW.FECINC.COM THE GRID A PUBLICATION OF FINLEY ENGINEERING | SPRING 2014 WELCOME TO THE GRID Threats come in many forms. Whether physical, virtual, or perceived, security concerns rob the energy and communications markets by diverting valuable resources to prevent, protect and prosecute those behind such events. The world in which we live has become dependent and therefore vulnerable to attacks on the very systems we have grown so dependent. Recent headlines in the mainstream media have been filled with reports of Governments tracking phone calls, businesses tracking our browsing as well as buying habits, commercial airliners that seemingly disappear without a trace. We are awash with mountains of data, but fewer answers. There are plenty of opportunities to find sources of worry. We at Finley recognize that our valued business partners have much to be concerned with. It is our goal to be at the leading edge providing value added solutions to our end users in an effort to bring more peace and security to your lives. Enjoy this issue and visit our Blog at our website to weigh in with your feedback. Phil Carroll Vice President Finley Engineering is pleased to announce the opening of our Overland Park office location in the greater Kansas City area. Having worked with a number of energy organizations near and around Kansas City, Finley feels it is poised to be more accessible with this additional location and prepared for continued growth as it adds clients and professional staff. The Overland Park location is one of ten Finley Engineering locations. “We’re excited to become part of the greater Kansas City community,” said Phil Carroll, Vice President of Finley’s Energy Business based in Missouri. “This new office, as well as the addition of engineering staff to our team, augments our ability to serve clients with its central location.” For over 60 years, Finley Engineering has been a leader in the design, engineering and construction of electrical power and broadband systems. Finley has over 300 employees located in ten offices throughout the U.S. and is a multi- disciplined organization offering professional, engineering, project management, surveying, mapping, environmental and right-of-way services to the electric power transmission and distribution, telecommunications, cable television, fiber optics, gas pipeline, and related industries. Kansas City Office Opens

WELCOME TO THE GRID - Finley Engineeringfinleyusa.com/wp-content/uploads/2015/11/Spring_Grid_2014.pdf · Cybersecurity Threats "When it comes to hacking, the hackers often don't care

  • Upload
    others

  • View
    3

  • Download
    0

Embed Size (px)

Citation preview

Page 1: WELCOME TO THE GRID - Finley Engineeringfinleyusa.com/wp-content/uploads/2015/11/Spring_Grid_2014.pdf · Cybersecurity Threats "When it comes to hacking, the hackers often don't care

FOR MORE INFORMATION, VISIT WWW.FECINC.COM

THEGRID A PUBLICATION OF FINLEY ENGINEERING | SPRING 2014

WELCOME TO THE GRIDThreats come in many forms. Whether physical, virtual, or perceived, security concerns rob the energy and communications markets by diverting valuable resources to prevent, protect and prosecute those behind such events. The world in which we live has become dependent and therefore vulnerable to attacks on the very systems we have grown so dependent.

Recent headlines in the mainstream media have been filled with reports of Governments tracking phone calls, businesses tracking our browsing as well as buying habits, commercial airliners that seemingly disappear without a trace. We are awash with mountains of data, but fewer answers. There are plenty of opportunities to find sources of worry.

We at Finley recognize that our valued business partners have much to be concerned with. It is our goal to be at the leading edge providing value added solutions to our end users in an effort to bring more peace and security to your lives.

Enjoy this issue and visit our Blog at our website to weigh in with your feedback.

Phil CarrollVice President

Finley Engineering is pleased to announce the opening of our Overland Park office location in the greater Kansas City area.

Having worked with a number of energy organizations near and around Kansas City, Finley feels it is poised to be more accessible with this additional location and prepared for continued growth as it adds clients and professional staff. The Overland Park location is one of ten Finley Engineering locations.

“We’re excited to become part of the greater Kansas City community,” said Phil Carroll, Vice President of Finley’s Energy Business based in Missouri.

“This new office, as well as the

addition of engineering staff to our team, augments our ability to serve clients with its central location.”

For over 60 years, Finley Engineering has been a leader in the design, engineering and construction of electrical power and broadband systems. Finley has over 300 employees located in ten offices throughout the U.S. and is a multi-disciplined organization offering professional, engineering, project management, surveying, mapping, environmental and right-of-way services to the electric power transmission and distribution, telecommunications, cable television, fiber optics, gas pipeline, and related industries.

Kansas City Office Opens

Page 2: WELCOME TO THE GRID - Finley Engineeringfinleyusa.com/wp-content/uploads/2015/11/Spring_Grid_2014.pdf · Cybersecurity Threats "When it comes to hacking, the hackers often don't care

Substation Attack Gains National Attention

A lot of attention is being paid to security initiatives designed to prevent cyber attacks on utilities. However, not as much seems to be paid to the prevention of physical attacks; until now.

It was not widely publicized until The Wall Street Journal reported it in early February 2014, but, on April 16, 2013, there was a physical attack on PG&E's Metcalf transmission substation in San Jose, California. Multiple gunmen fired between 100 and 150 rounds into the fins of the transformers, draining the oil from the fins and subsequently disabling 17 of the 20 transformers. Because the substation was protected only by chain link fence, the snipers had clear shots at the fins.

There were no outages as a result of the attack, because PG&E was able to reroute power. However, the assault resulted in $15 to $16 million in damage, and the substation was disabled for almost four weeks. No arrests have been made, but the FBI is leading the investigation.

In response to the attack, Jon Wellinghoff, Chairman of the Federal Energy Regulatory Commission (FERC) until November 2013, and now a San Francisco energy law attorney, called it "the most significant incident of modern terrorism involving the U.S. power grid that has ever occurred." He expressed concern that it might have been a test for a larger strike, possibly terrorism, and is

calling for federal involvement to ensure greater security around electrical substations, which he describes as "barely protected with a chain link fence and cameras. And even those cameras don't capture details outside the fence, because they are more focused inside it."

One proposal being discussed in Congress would give FERC the power to write and impose interim rules on grid defenses. But the utility industry would still be able to influence any permanent requirements. However, some utility executives have responded that it would be difficult to come up with rules to improve security that would work in urban and rural environments.

"One size fits all may not get you

Page 3: WELCOME TO THE GRID - Finley Engineeringfinleyusa.com/wp-content/uploads/2015/11/Spring_Grid_2014.pdf · Cybersecurity Threats "When it comes to hacking, the hackers often don't care

true resiliency," said Lisa Barton, Executive Vice President of transmission for Electric Power, in an interview with The Wall Street Journal.

While the PG&E incident is now garnering national attention, it is not isolated. Substation break-ins and destruction occur on a regular basis around the nation. Most of it is the result of thieves trying to steal copper for profit. However, some of it seems to be for reasons other than theft. In October 2013, an Arkansas man was charged with multiple attacks on the rural power grids of at least two utilities, including high-voltage power lines and a substation, over a period of several months.

Earlier this year, the Department of Energy (DOE) and the Department of Homeland Security (DHS), in coordination with the Federal Bureau of Investigation (FBI), FERC, North American Electric Reliability Corporation (NERC) and other industry experts, announced plans to conduct a series of briefings across the country with electricity sector owners and operators, as well as local law enforcement, on the physical security of electricity substations.

For more whitepapers and

case studies, visit fecinc.com/resources

THEGRID

FOR MORE INFORMATION, VISIT WWW.FECINC.COM

Page 4: WELCOME TO THE GRID - Finley Engineeringfinleyusa.com/wp-content/uploads/2015/11/Spring_Grid_2014.pdf · Cybersecurity Threats "When it comes to hacking, the hackers often don't care

According to a 2013 survey of power and utility company executives by EY (formerly Ernst & Young), only 11 percent of respondents reported feeling that their current data security measures fully met their needs. In addition, 60 percent of respondents reported that they were running no assessments or just informal threat assessments. And, 64 percent agreed with the statement that their security strategy "is not aligned with today's risk environment."

Such a scenario is problematic in and of itself. However, it is even more problematic when one considers that 80 percent of the respondents noted that they had witnessed an increase in external threats, such as malware and phishing.

In commenting on the report, Fraser Nichol, director of EY's Information Security practice, noted, "A more proactive approach, greater employee awareness, innovative security solutions, and an integrated information security program will enhance a company's defenses against inevitable cyber attacks and protect it from potential reputational damage, regulatory action and higher costs."

Cybersecurity Threats

"When it comes to hacking, the hackers often don't care what they are hacking - an electric utility, a phone company, or anything else," said Laren Metcalf, Director, IP Services, for Finley Engineering (St. Louis

Park, Minn.). "For a lot of them, it's a 'glory attack' - just trying to show they can do something and then brag about it." Of course, the most serious attacks are the targeted ones - those that are malicious and are designed to "mine out" data, financial, business, and/or personal.

"The ones we are seeing the most of are 'denial of service' attacks," said Metcalf. In these attacks, "bots," which are remote programs on different systems, are deployed, allowing the hackers to gain control of the systems. In many cases, the users don't even know their systems are being controlled. "This type of attack involves going into a network and repeatedly making requests to systems for acknowledgement of service.

“ If you can identify a risk, you can mitigate it.”

Strategies to Improve Cybersecurity

Page 5: WELCOME TO THE GRID - Finley Engineeringfinleyusa.com/wp-content/uploads/2015/11/Spring_Grid_2014.pdf · Cybersecurity Threats "When it comes to hacking, the hackers often don't care

Ultimately, all of these requests can't be fulfilled, because there are so many coming in," he said. As a result, the systems either fill up trying to track all of these outside connections, or they reboot or fail due to the inability to keep up with the requests. Larger provider networks have systems that are built to handle this, or offload the traffic, so they can maintain some level of service. However, in the smaller networks, it can become a major problem, ultimately cutting service.

There are also NTP (network time protocol) server attacks. A request comes in for information or data. "Here, you are not only dealing with a 'denial of service' attack, but massive amounts of data are trying to be sent back to the requester, which immediately locks up the service," said Metcalf.

Strategies to Improve Cybersecurity

"Security is critical for utilities, because they provide essential services," he said. If there are attacks, there are disruptions of critical services, as well as legal issues, such as failing to meet regulatory and other compliance requirements. These days, though, just having a firewall and anti-virus software on your system isn't enough anymore.

The first step to addressing cybersecurity issues, according to Metcalf, involves focusing on employee behavior in terms of how they interact on the Internet. This can be done through training. "For example, if employees receive suspicious e-mails, they should be trained not to click on them," he said.

The next step is to arrange for a cybersecurity assessment, via a formal audit, conducted by an experienced third party. Such an audit will identify possible areas where security is lax. Having an outside firm conduct the audit is important, because someone from the outside who has worked on these issues before can provide a lot more insights than you will have on your own, as well as being updated on the most current attacks and other vulnerabilities, and the solutions to these.

Such an audit should cover everything end to end, not just systems that the utility thinks are the only important ones. "For example, an audit can identify systems on the network that haven't been identified as critical, but, if a hacker can gain access to them, they can load something on there," said Metcalf.

In addition, an audit should identify systems that aren't up to date. For example, patches are being offered these days to solve intrusion problems. If you apply these patches, you have some protection. However, a lot of users don't bother to apply new patches." Hackers can exploit this," he said. Once a patch is released and publicized, the hackers identify it and begin to exploit it. Then, the users who haven't done the security updates and applied the patches become targets.

A good audit will also use probes as a way to monitor the type of traffic that is on the network and identify a distribution of the most common types of traffic that you have, and whether these are valid.

Overall, an audit involves identifying all of a network's

systems, tracking them, and identifying what is needed to make sure they are up to date on security protection initiatives. "The most important thing to remember is that, if you can identify a risk, you can mitigate it," said Metcalf. "A comprehensive audit will identify all of these risks. It will identify everything on your network and how it is set up, where the systems are connecting on the network, and what access they have."

The audit should also include the creation of a formal cybersecurity policy, which will include information on who in the organization will have access to what.

Once the audit is complete, the results should become part of your day to day operations.

"For example, any time you have a project, there will automatically be a security component to it that must be addressed," he said.

Is there a need for third-party cybersecurity expertise after an initial audit? Yes. For example, you should call in the outside firm when you are not sure of something and feel you need an outside expert to help you address it, such as a recent incident. You should also call in the expert when there is a change in your network, such as adding a new service or new location with new users. Finally, it can be a good idea to arrange for short, quarterly update audits, to make sure your cybersecurity program continues to run smoothly and effectively.

THEGRID

FOR MORE INFORMATION, VISIT WWW.FECINC.COM

Page 6: WELCOME TO THE GRID - Finley Engineeringfinleyusa.com/wp-content/uploads/2015/11/Spring_Grid_2014.pdf · Cybersecurity Threats "When it comes to hacking, the hackers often don't care

Client Satisfaction Climbs

Recently we asked a number of clients to participate in our client survey to help us gather feedback and better understand how we can provide you exceptional service and shape the services needed to support your success. I want to take this opportunity to share with you the high level results of this survey conducted by Diedrich RPM.

First of all, we are pleased that our Overall Satisfaction has climbed to 95%. We could not achieve these results without the dedication of our Finley employees and the trusting relationship we have with our clients.

Secondly, we learned that the key drivers of that overall satisfaction rating are Quality, Planning, Communication, and Issue Resolution. These attributes have the greatest impact on customer Overall Satisfaction and this information tells us we need to continue to be diligent in our work in these areas.

Next, we were very pleased to learn the evaluation of Finley employees who work with our clients was quite high. All attributes measured (Ethical, Knowledgeable, Responsive, and Professional) for Corporate Management, Senior Local Management, and Onsite Project

Staff were strong – generally above 90%. We have extended our thanks internally to our associates and we will remain focused on these behaviors.

We see areas of opportunity to keep clients up to date on technology and industry developments per your feedback and as such are working on plans to further develop our blog, newsletters and white papers. Please watch for more invites to access this information. We will also continue to bring forward information at industry events and sponsored webinars.

Page 7: WELCOME TO THE GRID - Finley Engineeringfinleyusa.com/wp-content/uploads/2015/11/Spring_Grid_2014.pdf · Cybersecurity Threats "When it comes to hacking, the hackers often don't care

Laren Metcalf, Director IP Services

Laren Metcalf joined Finley Engineering’s leadership team as Director of IP Services in 2013. Metcalf is responsible for strategic planning and implementation projects for clients in both the communications and the energy industries. Prior to joining Finley, Metcalf gained invaluable experience in his extensive career with Hewlett Packard Networking, and a number of recognizable companies as a Senior Network Engineer in his consulting business.

Metcalf draws on his experience and Finley expertise and resources to provide clients with network design consulting services, network management, network troubleshooting and critical network infrastructure security. He has worked as a Senior Systems Engineer for Cisco, HP, Enterasys, Lexmark, Sonicwall and Nortel/Bay.

FINLEY WELCOMES

John Ham, P.E. Senior Engineer

We are pleased to announce that John Ham, P.E., has joined Finley Engineering’s team as Senior Engineer, Energy Technical Services based out of our newly opened Kansas City location. John has a wealth of experience, specializing in electrical engineering, substation automation, distribution automation, SCADA systems and RTU. His project management skills are proven and impressive, as well as his strategic approach to creating and implementing project solutions.

John earned his B.S. Degree in Electrical Engineering from the University of Missouri, Kansas City. He comes to us from Black & Veatch and prior to that Kansas City Power and Light.

THEGRID

FOR MORE INFORMATION, VISIT WWW.FECINC.COM


COMPUTER HACKING Cybercrime (1). Table of Contents What is Computer Hacking? Types of Computer Hackers

COMPUTER HACKING Cybercrime (1). Table of Contents What is Computer Hacking? Types of Computer Hackers

Documents
What are hackers hacking

What are hackers hacking

Documents
A Seminar report On Ethical Hacking · hat hacking, involves the same tools, tricks, and techniques that hackers use, but with one major difference that Ethical hacking is legal

A Seminar report On Ethical Hacking · hat hacking, involves the same tools, tricks, and techniques that hackers use, but with one major difference that Ethical hacking is legal

Documents
HR E A T T ET R THREAT ALERTS HACKING THE HACKERS

HR E A T T ET R THREAT ALERTS HACKING THE HACKERS

Documents
Tom Brooke - Legal Hackers: Hacking the Future of the Law

Tom Brooke - Legal Hackers: Hacking the Future of the Law

Business
Técnicas avanzadas de penetración a sistemas. HACKING ETICO Los hackers éticos son profesionales de la seguridad que aplican sus conocimientos de hacking

Técnicas avanzadas de penetración a sistemas. HACKING ETICO Los hackers éticos son profesionales de la seguridad que aplican sus conocimientos de hacking

Documents
Kiosk Security · Why Kiosk Security ... Conference,Presentations,Technology,Phreaking,lockpicking,Hackers,Hardware Hacking,Physcial Security,RFID,InfoSec,Bio Hacking

Kiosk Security · Why Kiosk Security ... Conference,Presentations,Technology,Phreaking,lockpicking,Hackers,Hardware Hacking,Physcial Security,RFID,InfoSec,Bio Hacking

Documents
Hacking 2020 Hackers

Hacking 2020 Hackers

Documents
Ethical Hacking Countermeasures - KAMBING.ui.ac.idkambing.ui.ac.id/onnopurbo/library/library-ref-eng/ref-eng-3... · Ethical Hacking and Countermeasures Who are Ethical Hackers? “One

Ethical Hacking Countermeasures - KAMBING.ui.ac.idkambing.ui.ac.id/onnopurbo/library/library-ref-eng/ref-eng-3... · Ethical Hacking and Countermeasures Who are Ethical Hackers? “One

Documents
Aaron Bayles DC101 @ DEF CON 22 - DEF CON® Hacking Conference · Aaron Bayles DC101 @ DEF CON 22 ... //media.blackhat.com/us ... Lockpicking, Hackers, Infosec, Hardware Hacking,

Aaron Bayles DC101 @ DEF CON 22 - DEF CON® Hacking Conference · Aaron Bayles DC101 @ DEF CON 22 ... //media.blackhat.com/us ... Lockpicking, Hackers, Infosec, Hardware Hacking,

Documents
Handbook Hacking Piratage Securite Hackers Anglais Francais Program Mat Ion Illegal Hacking Exposed Linux Windows Scan Os

Handbook Hacking Piratage Securite Hackers Anglais Francais Program Mat Ion Illegal Hacking Exposed Linux Windows Scan Os

Documents
Introduction to Hacking, Hackers & Hacktivism

Introduction to Hacking, Hackers & Hacktivism

Technology
Introduction to Ethical Hacking · ethical hackers, job trends in India, advantages and disadvantages of ethical hacking is covered in this paper. Keywords: - Hackers, Ethical Hacker,

Introduction to Ethical Hacking · ethical hackers, job trends in India, advantages and disadvantages of ethical hacking is covered in this paper. Keywords: - Hackers, Ethical Hacker,

Documents
Crime Chapter 5. Hacking – some definitions Hacker Trophy hacking Phone phreaking Cracker White-hat hackers & black-hat hackers Script kiddies Sniffers

Crime Chapter 5. Hacking – some definitions Hacker Trophy hacking Phone phreaking Cracker White-hat hackers & black-hat hackers Script kiddies Sniffers

Documents
Hack the Hackers 2012 - EC-Council the Hackers 2012 Sofia, Bulgaria On June 7th, 2012 New Horizons Bulgaria hold Hack the Hackers 2012 – a free seminar with live hacking demos, organized

Hack the Hackers 2012 - EC-Council the Hackers 2012 Sofia, Bulgaria On June 7th, 2012 New Horizons Bulgaria hold Hack the Hackers 2012 – a free seminar with live hacking demos, organized

Documents
Postdigital Anthropology: Hacks, Hackers, and the Human ... · of computer hacking. She has written two books on computer hackers, Coding Freedom (2013) and Hacker, Hoaxer, Whistleblower,

Postdigital Anthropology: Hacks, Hackers, and the Human ... · of computer hacking. She has written two books on computer hackers, Coding Freedom (2013) and Hacker, Hoaxer, Whistleblower,

Documents
Hackers vs. Testers: A Comparison of Software …dvotipka/posters/Hackers...15 hackers and 10 testers recruited through bug bounty platforms, related interest groups, and hacking teams

Hackers vs. Testers: A Comparison of Software …dvotipka/posters/Hackers...15 hackers and 10 testers recruited through bug bounty platforms, related interest groups, and hacking teams

Documents
The Rise of China's Hacking Culture: Defining Chinese Hackers

The Rise of China's Hacking Culture: Defining Chinese Hackers

Documents
Hacking Techniques - Security d.attaques . Failles... · Hacking Techniques Attackers Hackers Spies ... -- receive information about IP address ranges

Hacking Techniques - Security d.attaques . Failles... · Hacking Techniques Attackers Hackers Spies ... -- receive information about IP address ranges

Documents
Hacking the Hackers: Strategic Analysis in Cyber Defense · Hacking the Hackers: Strategic Analysis in Cyber Defense Kenneth Geers Senior Research Scientist, Comodo NATO Cyber Centre,

Hacking the Hackers: Strategic Analysis in Cyber Defense · Hacking the Hackers: Strategic Analysis in Cyber Defense Kenneth Geers Senior Research Scientist, Comodo NATO Cyber Centre,

Documents
MOTIVATION AND DEMOTIVATION OF HACKERS IN · PDF filemotivation and demotivation of hackers in the selection of a hacking task – a contextual approach . ... and general deterrence

MOTIVATION AND DEMOTIVATION OF HACKERS IN · PDF filemotivation and demotivation of hackers in the selection of a hacking task – a contextual approach . ... and general deterrence

Documents
Hackers and Hacking a brief overview 5-26-2016

Hackers and Hacking a brief overview 5-26-2016

Internet
Mathematical Model and Unitization for the Behaviour of ...19).pdf · B. Motivation and Hackers: The motivation of the hackers or the motives behind hacking are heterogeneous and

Mathematical Model and Unitization for the Behaviour of ...19).pdf · B. Motivation and Hackers: The motivation of the hackers or the motives behind hacking are heterogeneous and

Documents
Hack - Apprendre Le Hacking - 2020 Hackers

Hack - Apprendre Le Hacking - 2020 Hackers

Documents
-Ajay Babu.D y5cs022.. Contents Who is hacker? History of hacking Types of hacking Do You Know? What do hackers do? - Some Examples on Web application

-Ajay Babu.D y5cs022.. Contents Who is hacker? History of hacking Types of hacking Do You Know? What do hackers do? - Some Examples on Web application

Documents
Hacking You Mind - How you are being exploited by hackers of all sorts!

Hacking You Mind - How you are being exploited by hackers of all sorts!

Presentations & Public Speaking
eBook Fr - 2020 Hackers - 214 Pages Pour Apprendre Le Hacking en Franais - Cours de Hacking--- By Koras

eBook Fr - 2020 Hackers - 214 Pages Pour Apprendre Le Hacking en Franais - Cours de Hacking--- By Koras

Documents
Crime Chapter 5. Hacking Hacker Trophy hacking Phone phreaking Cracker White-hat hackers & black-hat hackers Script kiddies Sniffers Social engineering

Crime Chapter 5. Hacking Hacker Trophy hacking Phone phreaking Cracker White-hat hackers & black-hat hackers Script kiddies Sniffers Social engineering

Documents
Case Study: Hacking the Hackers - CSID · PDF fileCase Study: Hacking the Hackers Demonstrating how cyber criminals easily target and breach small businesses

Case Study: Hacking the Hackers - CSID · PDF fileCase Study: Hacking the Hackers Demonstrating how cyber criminals easily target and breach small businesses

Documents
Hands-on Hacking Unlimited - ICT Ticino · Hands-on Hacking Unlimited Whitehat Hackers. Good technical skills, good programmers, enjoy the intellectual challenge but no damages on

Hands-on Hacking Unlimited - ICT Ticino · Hands-on Hacking Unlimited Whitehat Hackers. Good technical skills, good programmers, enjoy the intellectual challenge but no damages on

Documents