Category

Event

Important events from critical infrastructure industries.

Colonial Pipeline Incident: NP Statement

By Event

The cyberattack against Colonial Pipeline that was discovered on May 7 underscores the growing impact of cyberthreats on industrial sectors. While the investigation is ongoing and important lessons from this attack will be extracted in the coming weeks, the fact that Colonial Pipeline had to proactively take their OT systems offline after learning about which IT systems were impacted by the ransomware is significant. This decision has halted all pipeline operations, making this attack the most disruptive incident against US energy infrastructure to date. 

Our dependency on connected cyber systems keeps increasing and it is vital to gain and maintain accurate visibility on which communications are allowed between our IT and OT systems. Incident response teams need this visibility immediately when an attack is discovered in order to make informed decisions. Without clear situational awareness, organizations are often unable to fully understand the impact of cyberattacks on their infrastructure and may be forced to take action with significant operational and financial impact.

We recommend every organization with industrial systems to start a network architecture review today in order to understand which communication paths are allowed into their critical assets. We also recommend incident response teams to leverage this current event to conduct a tabletop exercise by evaluating the impact of an IT-targeted ransomware on their OT environment. The network architecture review and the scenario assessment will have a major impact on enabling your organization to become cyber resilient. The team at Network Perception will continue to monitor this incident and to keep you informed. Please contact us if you have questions or need support, we are here to help. It is critical to update and exercise your incident response plans immediately.


Access the Colonial Pipeline Incident Briefing Center

The Road Ahead: Reflections from SANS ICS 2021

By Event

My Experience with ICS Security and Compliance in an Electric Utility Environment

After spending some time reflecting on the recent SANS ICS Security Summit with virtual meetings around ICS and IT/OT security, I’ve come to the conclusion that the industry has made significant progress and very good ideas and valuable techniques were discussed. However, the frequency and severity of cyber threats keep accelerating and we still have a lot to do before reaching the level of resiliency needed to protect our environments.

Here are my insights, after 15 years working directly in the utility environment, into the challenges we face and how to overcome them. I believe the ability to fully assess environments and apply the security and compliance standards and controls to ICS systems is extremely difficult because of: 1) legacy systems, 2) lack of resources, and 3) insufficient training. Below is a hypothetic scenario to illustrate those challenges.

Scenario:

A utility has 5 states of coverage and it took several mergers and acquisitions over 40 years to achieve the coverage they currently have.

  • Environment and culture are not standard – I have visited many utility substations and plants doing security and compliance assessment and the utility environment and culture can be very different from State to State or even among business units. The operational team from one site may not have the ability to support and maintain legacy equipment or have the knowledge of which systems are running on a different site.
  • Visibility remains a critical challenge – Mandatory regulations that cover the OT assets can assist cyber security team in gaining the visibility but only to a certain extent. The North American Electric Reliability Corporation (NERC) has a number of requirements that govern the utility environment, and the United States Nuclear Regulatory Commission (USNRC) has implemented the 2013 Cyber Security Directorate to centralize oversight and protect digital computers, communications systems and networks. Elements of a compliance program that are key to document the environment and verify security controls include:
      • Asset management: this function is a must for any assessment but is difficult to maintain up-to-date.
      • Identity and access management: this is also a must-have but often take years to integrate into an OT substation environment since it is expensive and the large number of substations and plants with dissimilar systems creates integration issues.
      • Risk assessments, vulnerability management, and change management: these functions involve identifying threats, vulnerabilities, and managing patches. The core challenge is that vulnerability scanners can rarely be launched in a substation or plant environment due to the risk of breaking equipment. Also, the presence of legacy systems is a major roadblock when implementing a change management program.
      • Security controls: these functions include network segmentation and monitoring, which is often made difficult by the lack of logging capabilities.
      • Physical security: this is one of the primary security control and is often a challenge due to the large number of physical keys and people who have to access them.

Solution:

Addressing those challenges requires investments and a multi-faceted approach. In particular, I would recommend:

  • Understanding how vast the environment is and spending the time to capture the specificities of each site and system
  • Developing a strong training program to address the short supply of OT engineers
  • Leveraging regulations as a forcing function to align different teams behind the same objective. It is also important to know that NERC CIP allows for Technical Feasibility Exceptions (TFE) to address the limitations of legacy equipment.
  • Building incentive for business owners to upgrade their environment
  • Expanding system and network visibility through logging and alerting in order to eliminate blind spots and to develop situational awareness

In summary, we have a long road to travel to make our ICS environments resilient to cyber attacks, but we can start by addressing the following challenges:

  • Hiring the right people with the right skills
  • Leveraging independent monitoring technology that does not impact the operation of the systems during an assessment
  • Progressively replacing legacy systems and requiring vendors to have their base systems assessed prior to implementation and turnover

 

 

The Future of Cyber Compliance: Insights from the 2019 Utility Cyber Security Forum

By Event

Conference experts share their insights and opinions on future investments and trends to ensure future NERC CIP compliance.

With the holiday season on full display in downtown Chicago, perched high above the legendary Michigan Avenue, a diverse group of ~50 cyber security experts and leaders from around the country convened to discuss the latest trends, challenges and best practices on digital security and compliance in the modern utility environment at the 2019 Utility Cyber Security Forum (UCSF).

This year’s UCSF showcased an impressive panel of speakers, ranging from utility professionals, white-hat hackers, vendors, and thought leaders. Each speaker had unique perspectives, practical applications and value-added insights on how modern-day utilities are combating cyber threats and navigating the complexity of ensuring NERC CIP compliance.

Speaking to this year’s event, UCSF organizer Dan Coran, said “This was a focused opportunity for professionals in the utility cyber security space to network and share experiences and insights.  It can be challenging for utility people to interact in a meaningful way on this topic, as there is highly sensitive information being discussed. So, I am happy to be able to provide a venue in which meaningful conversations can take place, toward securing the network. Cyber security is a constantly moving target and increasingly important in today’s interconnected world, so it’s imperative for utilities to continue sharing notes, strategies and insight into what works and what doesn’t. Meeting face to face like this is a critical piece of the solution, and it was great to be able to provide this.”

The importance and relevance for this conference can’t be understated. In a recent study performed by KPMG, 49% of power and utility CEOs say that becoming a victim of a cyber-attack is now a case of ‘when’, and not ‘if’. Given this reality, only 51% of the CEOs say their utility is prepared to deal with cyber-attacks.

As a platinum sponsor for the 2019 UCSF, Network Perception is a strong participant and contributor to the dialogue on empowering utilities to manage network security uncertainty, and compliance.  Our CEO & President, Robin Berthier, presented at the conference, demonstrating how both NP-View and NP-Live enable users to simplify compliance management and achieve real-time network visibility to prevent future attacks.

In continued effort to pursue valuable insights from these top cyber security industry leaders, I spoke with a handful of the speakers to gain their feedback on five underlying challenges facing the utility industry in 2020. In the following section, I highlight a few notable quotes from the featured UCSF speakers, Todd Chwialkowski (Sr. NERC Compliance Specialist, EDF Renewables, Michael Rothschild (Director of Marketing, Indegy), and Robin Berthier (CEO & President, Network Perception).

Here is what the experts told us:

1. What initiatives or risk mitigation needs are currently driving investment spend in 2020?

Michael Rothschild: “Generally speaking, I’m seeing more budget being allocated towards security & compliance solutions, with a particular emphasis on reducing risk in the area of OT and IT convergence.”

Todd Chiwialkowski: “NERC requirements on our Low Impact generation facilities are driving our efforts at the sites. Physical Security, Electronic Access Controls, and TCA/RM are some of the driving initiatives.”

Robin Berthier: “The different groups inside each organization are maturing and we observe more strategic investments being made to equip IT, compliance, and security with the resources they need to be more productive and to better collaborate with each other.”

2. Any notable, current trends related to technology investments solving specific cyber security needs?

Michael Rothschild: “We are seeing increased interest in organizations deploying active detection in addition to simple passive scanning to better secure and reduce the risk associated with IT/OT convergence strategies”

Todd Chiwialkowski: “Network segmentation (control networks from business networks) are driving network costs this year. Updating our equipment (firewalls, routers, switches) are also budgeted items for 2020.”

Robin Berthier: “Platforms that emphasize integration through standard API to easily share data with each other for better visibility are on the rise. We also see solutions to monitor security and compliance on hybrid environments, such as IT/OT or on premise/cloud-based data centers.”

3. What are your current organizational or operational issues that impact your ability to achieve NERC compliance?

Michael Rothschild: “Many people that we talk to  have come to understand that you can’t secure or achieve NERC or any other compliance on things which  you can’t see. Understanding what is in your OT environment and what it is doing is an ongoing challenge for most utilities. Navigating this the complexity requires organization-wide accountability and a granular view into what is happening in the OT environment.”

Todd Chiwialkowski: “ Change can be difficult, and generation sites are extremely cost conscious. Any change requires justification, analysis and approval. The biggest hurdle that we face is the time involved with making changes.”

Robin Berthier: “Getting everyone on the same page with respect to best practices and internal processes can be a significant challenge. This requires training, awareness of compliance objectives, and continuous visibility over what need to be done and who is doing it.”

4. Where do you see the future of best practices and standards going for NERC compliance?

Michael Rothschild: “I see the future of compliance and regulations becoming much more holistic in approach and encompassing more than just OT and may include IT and IoTs play in the bigger picture.”

Todd Chiwialkowski: “I see NERC continuing to review other standards to improve our strategies for the energy industry (eg., IEEE, IEC, FISMA, NIST, etc.)”

Robin Berthier: “I think we are on the path to develop a standard set of best practices and workflows that organizations will all adopt and follow. Today, we never drive a car without a seatbelt or fly a plane without a checklist. Tomorrow, we won’t deploy a firewall without running a security and compliance checker on its configuration.”

5. What key organizational elements are needed to ensure a company culture around compliance?

Michael Rothschild: “Companies that educate their employees in best security and compliance practices is step number one. Step number two is ensuring that both security and compliance are intertwined across both IT and OT is essential given these converging environments.”

Todd Chiwialkowski: “The culture of compliance starts at the top of the organization. Having a solid compliance “charter” is important so that all divisions of the organization know the importance of compliance efforts. Also, implementing Control Self-Assessment strategies help individual departments play a role in maintaining compliance. In essence, they “buy in” to the program better, because they are part of the program. Finally, balancing operations and compliance is key to the implementation of solid compliance program.”

Robin Berthier: “Adopting a culture of cyber compliance in which IT, security, and compliance can work together while maintaining their independence is becoming the norm. It is key for companies to first: equip each team with the resources they need to be efficient, and second: measure progresses made towards adopting best practices.”

The Bottom Line: Greater Visibility Improves Security and Compliance

To address the complex, varied and dynamic considerations with cyber security and compliance, developing technology that allows visibility into your network, devices, methods and firewall is of paramount importance.

This year’s UCSF conference ultimately highlighted the value the industry is placing on pursuing solutions, methods and processes to help move utilities towards an environment that embraces visibility and ensures regulatory compliance.

Please mark your calendars for next year’s UCSF conference in July 2020.  Details will be coming soon on location and conference dates. Questions about cyber compliance or how to secure your network in the future? Please get in touch with us.

 

Don't miss the next article by subscribing to the NP newsletter

 

 

Network Perception Joins Industry Leaders at GridSecCon 2019

By Event

NERC’s annual Grid Security Conference, GridSecCon, brought together cyber security and physical security experts from around the nation to share the latest policy advancements and lessons learned in throughout the electricity industry over the past year. Network Perception was excited to attend the largest GridSecCon yet, joining industry and government leaders October 22nd – 25th in Atlanta, GA to collaborate on the analysis and advancements of security information in the industry.

Managing risk and uncertainty is an ongoing concern for many utility professionals, which makes the GridSecCon conference an important forum for cyber and physical security experts to learn, share, and identify new solutions for their tool kit. In fact, according to the 2019 Utility Dive, State of the Electric Utility Survey, 85% of Utility Professionals identify Cyber Security and Preparedness as their top concern. Contributing to the market demand for new and effective solutions, the Network Perception team showcased and demonstrated our NP-View and NP-Live platform solutions at the conference, demonstrating how users can simplify compliance management and achieve real-time visibility into their network.

Each day GridSecCon embraced a different theme providing unique insights on best practices and trends for policies, procedures, research and development, threat analysis and threat detection in the electricity industry.

Training Tracks Discuss Key Network and Firewall Risks

he first day of GridSecCon, October 22nd,  kicked off with six different training tracks for industry professionals to refresh their skills and gain valuable knowledge about key aspects of the industry.

The Network Perception team attended Axio’s session on “Measuring, Communicating and Quantifying Cyber Risk” in which the importance of active network security monitoring as part of reducing cyber risk was presented, followed by an informative session, “Exercise Chaos Management”, taught by Steven Briggs at Tennessee Valley Authority.

In the afternoon training track, “Reducing Human Error in Cyber Event Response”, ResilientGrid Inc. explained why GUI/HMI design is key for the proper response and why it’s important to create ongoing habits of practicing and reviewing items to continuously ensure network compliance.

Keynote Speeches Address Ongoing Strategies and Threats to the Industry

The second day of GridSecCon, October 23rd, began with a welcome address and opening keynote by Jim Robb, President and Chief Executive Officer at NERC, who spoke about Homeland Security’s ongoing effort to ensure the security and reliability of the electric grid from both physical and cyber attacks.

This was followed by a keynote from Karen Evans, a primary overseer for much of the energy sector as the Assistant Secretary of CESER at the Department of Energy. Each keynote offered a different perspective on how various areas are making cybersecurity a priority and the measures being implemented to  prevent against an attack. Brian Harrell, the Assistant Director of CISA at Homeland Security, former NERC official and a founder of GridSecCon, spoke of Homeland Security’s goals and the agency’s ongoing efforts to ensure network security.

Research and Development Highlight Improved Network Security Solutions

Day three of GridSecCon, or “Solutions Day”, October 24th, focused on new and emerging technologies advancing security in the industry. Currently, the industry at large is struggling to manage an abundance of data while facing a shortage of people to process and understand it. To mitigate these challenges, research and development efforts are producing game changing solutions, building smarter apps and software to process and provide timely and actionable insights on that network data.

The day began with two panel discussions: “Building a Cyber Threat Model and Coordinating Cyber Threat Intelligence” moderated by Jeff Jones at E-ISAC, and “Game-Changing Research, Development and Deployment moderated by Hailey Siple, Manager of National Security Policy at EEI with panelists from MITRE, NRECA and EPRI. The discussions progressed with a focus on Natural Gas Interdependencies, a growing component of our critical infrastructure. While natural gas many not have the same visibility as “the grid”, it is an essential upstream element in power generation on the grid and requires the same level of network security scrutiny as deployed in electric systems.

Following lunch, were the Lightning Round of Security Solutions where nine different companies presented on major industry problems their platforms solve. A notable presentation by Ray Sefchik, Director of Reliability Assurance at ReliabilityFirst, focused on Cyber Resilience Metrics in collaboration with researchers from the University of Illinois at Urbana-Champaign, where NP-View originated.

GridSecCon concluded with two final panels, one focusing on the Physical Security Outlook for the industry and the other discussing GridEx V. Given that GridEx V will be held November 13 – 14th, the discussions were especially timely and centered around the latest aspects of the industry-wide response plan which a growing number of utilities participate in bi-yearly.

Network Perception Looks Forward to GridSecCon 2020

Overall, the three days at GridSecCon 2019 were an ideal opportunity for Network Perception to meet with other industry leaders and learn more about trends and advancements within the industry. Additionally, it provided the team a forum to speak with other professionals about the NP View and NP Live platforms and how they equip utilities with a simple network visualization supporting internal and external audits, while providing continuous CIP compliance for both the GRC and cyber security organizations.

If you didn’t make it to this year’s event, we would like to extend an invitation for you and your team to join us October 20th – 23rd for GridSecCon 2020.

 

Don't miss the next article by subscribing to the NP newsletter

 

 

Presenting at UTC Telecom & Technology 2019

By Event

Fort Worth, TX – Tuesday, June 18, 2019: 2:00 PM – 5:00 PM

We will present at the UTC Telecom & Technology 2019 summit next week. This Summit will focus on how utilities handle security incidents and their response planning. Some key areas of the Security Summit will focus on the following: What tools do utilities have in place to detect an incident attack including threat information sharing and network monitoring. Once you have discovered an incident, who do you call and how do you respond?  Finally, once you’ve recovered from an incident, how do you implement lessons learned?  

Event Website

 
Don't miss the next article by subscribing to the NP newsletter
   

Utility Cyber Security Forum 2019

By Event

Join us on June 26 in San Diego to discuss the latest strategies for safeguarding utility cyber networks

Image

Network Perception is proud to present at the first Utility CyberSecurity Forum that will take place on June 26 in San Diego. A one-day workshop for security professionals to examine key technology advances, regulatory developments, and success strategies for safeguarding the network. Ample time is reserved for one-on-one networking among industry executives and innovators who are on the front lines of delivering reliable and effective utility cyber security. Contact us to receive a discount on registration.

Topics to be covered include:

• The Case for Dedicated Cyber Security Risk Solutions
• Lessons Learned from Recent Industry Specific Incidents
• New Models for Electric Companies Preparation and Response
• Converging Identity and Access Management Across IT, OT and PACS
• Adapting Security Programs to Support Cloud-Based Applications
• When Cloud is the Best Solution for Security 
• Blockchain for Smart Grid Cyber Security
• Detecting Malicious Behavior in ICS Environments 
• Proactive Cyber Defense for the Power Grid 
• Latest Technology Advances and Systems for Utility Cyber Security
• Key Regulatory Developments and Implications
• Best Practices for Ensuring Cyber Security Enterprise-Wide Going Forward
• And more

Event Venue:

 

IQ Smart Center – First Allied Plaza
655 West Broadway, San Diego

Be sure to join your utility cyber security colleagues in San Diego for this unique, in-depth educational networking Forum
 

 
Don't miss the next article by subscribing to the NP newsletter
   

SANS ICS Summit 2019

By Event

Check out NP-View at the SANS ICS Security Summit

The team at Network Perception will be attending the SANS ICS Security Summit in a couple of weeks. Meet with us and learn how the latest release of NP-View / NP-Live can help support your network security and compliance program.

 

Don't miss the next article by subscribing to the NP newsletter

 

 

DistribuTECH 2019

By Event

Visit our booth at DistribuTECH 2019

The team at Network Perception will be attending DistribuTECH on Feb. 5-7 in New Orleans, LA. Visit booth #623 to see demos of NP-View / NP-Live and to learn more about our latest network cybersecurity and compliance solutions.

 

Don't miss the next article by subscribing to the NP newsletter