National Cybersecurity Center of Excellence · 11/13/2018  · National Cybersecurity Center of...

Preview:

Click to see full reader

Citation preview

National Cybersecurity Center of ExcellenceEnergy Provider Community (EPC) Update

11/13/2018

2nccoe.nist.govNational Cybersecurity Center of Excellence

Agenda

• Welcome and Introductions

• Energy Sector Asset Management (ESAM) Project Update

• NCCoE Events

• Questions, Open Discussion

3nccoe.nist.govNational Cybersecurity Center of Excellence

OT Asset Management Attributes

Asset Discovery:

• establishment of a full baseline of physical and logical locations of assets

Asset Identification:

• capture of asset attributes, such as manufacturer, model, operating system (OS), Internet Protocol (IP) addresses, Media Access Control (MAC) addresses, protocols, patch-level information, and firmware versions

Asset Visibility:

• continuous identification of newly connected or disconnected devices, and IP (routable and non-routable) and serial connections to other devices

Asset Disposition:

• the level of criticality (high, medium, or low) of a particular asset, its relation to other assets within the OT network, and its communication (to include serial) with other devices

Alerting Capabilities:

• detection of a deviation from the expected operation of assets

4nccoe.nist.govNational Cybersecurity Center of Excellence

Publish the NCCoE

building block

description

DESCRIBE FORM TEAM DESIGN BUILD PLAN

SP-1800

BUILD DOCUMENT OUTREACH

Form the team and

complete the FRN,

LOI, and CRADA

Design and

engineer the

architecture and

usage scenarios

taking into

consideration

resources

Develop the

execution plan for

building the

demonstration

based on the

design

Compose, build the

demonstration, and

perform security

functional tests

Develop the

practice guide to

publish as a public

draft and final

document

Present at public

events and interact

with community of

interest

Q3 2018Q2 2018 Q3 / Q4 2018 Q4 2018 / Q1 2019 Q1 / Q2 2019Q3 / Q4 2018 Q3 2019

ESAM Project Execution Timeline

5nccoe.nist.govNational Cybersecurity Center of Excellence

NCCoE ESAM Team: Contacts / Roles

Jim McCarthy NIST/NCCoE – Principle Investigator James.McCarthy@NIST.gov

Michael Powell NIST/NCCoE – Project Engineer Michael.Powell@NIST.gov

Titilayo Ogunyale MITRE/NCCoE – Project Lead TOgunyale@MITRE.org

John Wiltberger MITRE/NCCoE – Lead Project Engineer JWiltberger@MITRE.org

Devin Wynne MITRE/NCCoE – Project Engineer DWynne@MITRE.org

Lauren Acierto MITRE/NCCoE – Outreach & Engagement LAcierto@MITRE.org

Nikolas Urlab MITRE/NCCoE – Project Engineer NUrlab@MITRE.org

6nccoe.nist.govNational Cybersecurity Center of Excellence

ESAM Build Team

7nccoe.nist.govNational Cybersecurity Center of Excellence

ESAM Flow Diagram

8nccoe.nist.govNational Cybersecurity Center of Excellence

ESAM Build Architecture to Date

9nccoe.nist.govNational Cybersecurity Center of Excellence

Energy Sector Recap of Previous Events

• GridSecCon 2018 – Training Session (4 Hours)

• October 16, 2018, Las Vegas, NV

• Presentations from NCCoE, UMd, PNNL, & TDi Technologies

• IIoT Panel Discussion

• National Cybersecurity Awareness Month – IIoT Webinar

• October 23, 2018, 3:00-4:00pm (ET)

• Energy Sector and IIoT challenges discussion in collaboration with BlackRidge Technologies

10nccoe.nist.govNational Cybersecurity Center of Excellence

NCCoE Energy Sector Upcoming Activities

Smart Grid Interoperability Framework and Cybersecurity Workshop

November 13-14, 2018 at the NCCoE

Free & Open to the Public ; Presentations will be posted after the workshop

The workshop’s purpose is to get stakeholder input to help shape NIST’s characterization of smart grid

cybersecurity risks, solutions, and gaps. These conversations will revolve around four key topics:

• The role of interoperability in grid modernization;

• Cybersecurity risk profiles for smart grids and services;

• Securing novel communications methodologies; and

• Learning from other industries.

https://www.nist.gov/news-events/events/2018/11/smart-grid-interoperability-framework-and-cybersecurity-

workshop

301-975-0200http://nccoe.nist.gov

11nccoe.nist.govNational Cybersecurity Center of Excellence

nccoe@nist.gov

Contact Us

Jim McCarthy, Senior Security Engineer

Energy Sector Lead

James.McCarthy@nist.gov

301-975-0228

Titilayo Ogunyale

Energy Project Lead

Togunyale@mitre.org

301-975-0219

Recommended

Cybersecuritydownload.101com.com/GIG/Custom/2010PDFS/Cybersecurity/...cybersecurity center of excellence to help accelerate training and education. For now, the administration’s
Documents
National Cybersecurity Center of Excellence Increasing the deployment and use of standards-based security technologies Mid-Atlantic Federal Lab Consortium
Documents
National Cybersecurity Center of Excellence · 23-10-2018  · National Cybersecurity Center of Excellence nccoe.nist.gov 15 OT Asset Management Attributes Asset Discovery: • establishment
Documents
National Centers of Academic Excellence in Cyber Defense ... · PDF fileNational Centers of Academic Excellence in Cyber Defense (CAE-CD) NICE NATI ON AL IN IT IATIVE FO R CYBERSECURITY
Documents
BALDRIGE CYBERSECURITY EXCELLENCE … Baldrige Cybersecurity Excellence Builder self-assessment helps you understand and improve what is critical to your organization’s cybersecurity
Documents
BUILDING LOCAL CYBERSECURITY ECOSYSTEM - Al …€¦ · Dr. Muhammad Khurram Khan Editor-in-Chief, Telecommunication Systems (Springer) Center of Excellence in Information Assurance
Documents
Critical Cybersecurity Hygiene: Patching the Enterprise · Project Description: Critical Cybersecurity Hygiene: Patching the Enterprise 2 The National Cybersecurity Center of Excellence
Documents
National Cybersecurity Center of Excellence · 2019-08-15 · National Cybersecurity Center of Excellence nccoe.nist.gov 7 Mobile Device Security Challenges • Securing the data
Documents
BUILDING CYBERSECURITY IN SMALL AND MIDSIZE BUSINESSES › downloads › SB0365-whitepaper-cybersecurity… · AND MIDSIZE BUSINESSES CYBERSECURITY WHITEPAPER. CYBERSECURITY WHITEPAPER
Documents
NCCoE TLS Server Certificate Management Deck_TL… · National Cybersecurity Center of Excellence nccoe.nist.gov 13 SP 1800 Series: Cybersecurity Practice Guides Volume A: Executive
Documents
Cybersecurity While Traveling - RHSB...As a testament to our excellence, LIFARS was ranked the #2 cybersecurity company in New York Metro area on the Cybersecurity 500 list of the
Documents
NICE...2019/10/31  · Academic Excellence in Cybersecurity NICE NATI ON AL IN IT IATIVE FO R CYBERSECURITY EDUCATION nist.gov/nice The National Security Agency (NSA) CAE Program Office
Documents
Cybersecurity 5 improving cybersecurity
Technology
NIST CYBERSECURITY PRACTICE GUIDE DOMAIN NAME …...The National Cybersecurity Center of Excellence at the National Institute of Standards and Technology addresses businesses’ most
Documents
Baldrige Cybersecurity Excellence Builder v1...2019/03/24  · Baldrige Cybersecurity Excellence Builder self-assessment helps you understand and improve what is critical to your organization’s
Documents
CGCentre Achieving Excellence - PwC · 2018-11-28 · Achieving Excellence Issue No. 1 Seven key questions boards should ask about cybersecurity Cybersecurity As the cyber threat
Documents
IT ASSET MANAGEMENT - nccoe.nist.gov · PDF fileNIST Special Publication 1800-5b. IT ASSET MANAGEMENT. Financial Services. DRAFT. Michael Stone National Cybersecurity Center of Excellence
Documents
An NSF Cybersecurity Center of Excellence to Support Research
Documents
National Cybersecurity Center of ExcellenceNational Cybersecurity Center of Excellence . ABOUT THE NCCOE . STRATEGY VISION ADVANCE CYBERSECURITY A secure cyber infrastructure that
Documents
COMMUNITY...2020 CAE in Cybersecurity Symposium Due to the COVID-19 pandemic, the 7th annual Centers of Academic Excellence in Cybersecurity (CAE-C) Community Symposium was held virtually
Documents