How
to Clear New US
Cybersecurity Hurdles
What immediate action needs to be taken to prepare for CIP 4 implementation? How can the private sector & government partner effectively?
Smart Grid Today's November 30, 2011 multi-media webinar recording (audio and video slide presentation)
Download
now for just $247 -- Smart Grid Today subscribers
save 10% CD is included and shipped by first class mail in 2 business
days (free S&H)
YOUR PRESENTERS:
-
Sandy Bacik, principal consultant, EnerNex
- Larry
Castro,
managing director, Chertoff Group
- Seán
McGurk, CEO, Next Generation Micro
- Lisa
Carrington, program manager, National Electric Sector CyberSecurity
Organization (NESCO)
- Brett Brune (moderator), editor, Smart Grid Today
As smart
grid deployments grow, so does the need to implement cybersecurity protections.
At the same time, new hurdles are appearing: Because of NERC's recently
announced fourth version of its critical infrastructure protection (CIP)
standards. It is likely that hundreds more utilities will be subject to
the standards -- and asset owners will no longer self-identify critical
cybersecurity assets. Central questions remain about how and when
utilities and government should share threat information with each another.
The "cybersecurity-information pipeline" is critical, but creates
challenges that both utilities and the public sector need to address.
Developing cybersecurity plans for the smart grid has not been easy. Because
utilities in the US are still trying to figure out what the smart grid
will ultimately look like, it is difficult to identify how to it should
be secured.
So what makes utilities and their customers so vulnerable? Should proposed
actions to protect the grid be mandatory or voluntary? And what security
threats are being kept from utilities in the US -- and why?
Get answers to these questions and more when you purchase
the CD of Smart Grid Today webinar entitled "How to
Clear New US Cybersecurity Hurdles" which originally aired on
Wednesday, November 30, 2011. Listen as our panel of experts examines
what immediate action needs to be taken to address CIP 4, how cyber-threat
information is being handled by both government and the private sector
today, and what is likely to change as we develop systems to better protect
the grid.
Sharing information about possible cyber threats is just one way that government and the private sector can work together to protect the grid, but what that communications network will look like and what level of sharing will be required is still up for debate. Learn about the options that exist and what steps regulatory agencies and industry players are taking to address this subject as it continues to evolve. You will get the most up-to-date information about changing cybersecurity threats and regulations and how utilities are managing to navigate them. You will even learn how to avoid legal action from inadequate cybersecurity standards.
The information-sharing dynamic between government and the private sector and what that relationship could look like will affect what utilities do to protect the smart grid. Get an insider's perspective on the proposed changes when you purchase the CD of this webinar.
Sandy Bacik, CISSP, ISSMP, CISM, CGEIT, is a principal consultant at EnerNex. She is an author and former CSO with more than 15 years of experience handling direct development, implementation and information security in audit management, disaster recovery/business continuity, incident investigation, physical security, privacy, regulatory compliance, standard operating policies/procedures and data-center operations and management. She has an additional 15 years of experience in information-technology operations. Bacik has managed and implemented comprehensive information assurance programs as well as internal, external and contracted/outsourced information-technology audits to ensure regulatory compliance for state and local government entities and Fortune 200 companies. She has developed methodologies for risk assessments, information technology audits, vulnerability assessments, security policy and practice writing, incident response and disaster recovery. She is the author of "Building an Effective Security Policy Architecture" (2008) and a contributing author to the "Information Security Management Handbook" (2009, 2010, 2011). Bacik is the lead cybersecurity liaison to the NIST Smart Grid Interoperability Panel (SGIP) Cybersecurity Working Group (CSWG) and one of the original participants in the creation and publication of the NISTIR 7628. She is also part of the CSWG management team and is their liaison to the NERC Smart Grid, cyber attack and severe impact resiliency task forces.
Larry Castro is managing director at Chertoff Group where he focuses on information assurance and cybersecurity; information sharing across federal, state and local governments; intelligence support for crises and special events, and general intelligence community matters. At the National Security Agency (NSA), Castro was the NSA/Central Security Service Representative to the US Department of Homeland Security (DHS), a post he held since the department's creation in 2003. He served concurrently as NSA's coordinator for Homeland Security Support. In this latter role, Castro led the development of the agency's homeland security support strategy, which provides a framework for the delivery of NSA products, services and capabilities. Castro was also responsible for providing signals intelligence (SIGINT), information assurance (IA) and computer network operations advice to the secretary and other senior leaders within DHS. Castro was initially assigned to NSA in 1965 as a second lieutenant in the Army Security Agency and converted to civilian status in 1967. During his career, he served in the agency's research and engineering, signals intelligence and information assurance organizations. Immediately prior to being designated as NSA's Homeland Security Support Coordinator in 2001, Castro led the Defensive Information Operations Group within NSA's Information Assurance Directorate. He earned Bachelor's and Master's Degrees in electrical engineering from the Massachusetts Institute of Technology and the degree of engineer from George Washington University.
Seán McGurk is the director for the National Cybersecurity & Communications Integration Center (NCCIC), a cybersecurity and communications operations center providing indications of imminent incidents through cross-domain situational awareness, including a continually updated picture of cyber threats, physical communications threats, vulnerabilities and consequences by coordinating national response efforts, developing guidance to mitigate risks and resolve incidents. McGurk has more than 32 years of experience in advanced systems operation and information systems security. He spent more than 28 years in the United States Navy with 20 years in the Navy's nuclear weapons program. He served as the command master chief for a Tactical Electronics Warfare Squadron and the Navy's only forward-deployed Carrier Air Wing. Since leaving the Navy, McGurk has managed a number of significant system development and IT security programs in the private sector supporting the Department of Defense and the intelligence community. He joined the Department of Homeland Security in 2008 where he was director of the Control Systems Security Program and the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT). He holds undergraduate degrees in electronic technology and technical education and a master's degree in psychology. He is a member the Information Systems Security Association (ISSA) and the Institute of Electrical & Electronics Engineers (IEEE).
Lisa Carrington is the program manager for the National Electric Sector CyberSecurity Organization (NESCO). She has been working in the electric sector for longer than a decade. Most recently she managed NERC reliability compliance, NERC CIP compliance and NERC certified system operator training for a public electric utility in Washington State. She is a NERC certified system reliability operator.