Upload
others
View
16
Download
0
Embed Size (px)
Citation preview
National Cybersecurity Center of ExcellenceEnergy Provider Community (EPC) Update
11/13/2018
2nccoe.nist.govNational Cybersecurity Center of Excellence
Agenda
• Welcome and Introductions
• Energy Sector Asset Management (ESAM) Project Update
• NCCoE Events
• Questions, Open Discussion
3nccoe.nist.govNational Cybersecurity Center of Excellence
OT Asset Management Attributes
Asset Discovery:
• establishment of a full baseline of physical and logical locations of assets
Asset Identification:
• capture of asset attributes, such as manufacturer, model, operating system (OS), Internet Protocol (IP) addresses, Media Access Control (MAC) addresses, protocols, patch-level information, and firmware versions
Asset Visibility:
• continuous identification of newly connected or disconnected devices, and IP (routable and non-routable) and serial connections to other devices
Asset Disposition:
• the level of criticality (high, medium, or low) of a particular asset, its relation to other assets within the OT network, and its communication (to include serial) with other devices
Alerting Capabilities:
• detection of a deviation from the expected operation of assets
4nccoe.nist.govNational Cybersecurity Center of Excellence
Publish the NCCoE
building block
description
DESCRIBE FORM TEAM DESIGN BUILD PLAN
SP-1800
BUILD DOCUMENT OUTREACH
Form the team and
complete the FRN,
LOI, and CRADA
Design and
engineer the
architecture and
usage scenarios
taking into
consideration
resources
Develop the
execution plan for
building the
demonstration
based on the
design
Compose, build the
demonstration, and
perform security
functional tests
Develop the
practice guide to
publish as a public
draft and final
document
Present at public
events and interact
with community of
interest
Q3 2018Q2 2018 Q3 / Q4 2018 Q4 2018 / Q1 2019 Q1 / Q2 2019Q3 / Q4 2018 Q3 2019
ESAM Project Execution Timeline
5nccoe.nist.govNational Cybersecurity Center of Excellence
NCCoE ESAM Team: Contacts / Roles
Jim McCarthy NIST/NCCoE – Principle Investigator [email protected]
Michael Powell NIST/NCCoE – Project Engineer [email protected]
Titilayo Ogunyale MITRE/NCCoE – Project Lead [email protected]
John Wiltberger MITRE/NCCoE – Lead Project Engineer [email protected]
Devin Wynne MITRE/NCCoE – Project Engineer [email protected]
Lauren Acierto MITRE/NCCoE – Outreach & Engagement [email protected]
Nikolas Urlab MITRE/NCCoE – Project Engineer [email protected]
6nccoe.nist.govNational Cybersecurity Center of Excellence
ESAM Build Team
7nccoe.nist.govNational Cybersecurity Center of Excellence
ESAM Flow Diagram
8nccoe.nist.govNational Cybersecurity Center of Excellence
ESAM Build Architecture to Date
9nccoe.nist.govNational Cybersecurity Center of Excellence
Energy Sector Recap of Previous Events
• GridSecCon 2018 – Training Session (4 Hours)
• October 16, 2018, Las Vegas, NV
• Presentations from NCCoE, UMd, PNNL, & TDi Technologies
• IIoT Panel Discussion
• National Cybersecurity Awareness Month – IIoT Webinar
• October 23, 2018, 3:00-4:00pm (ET)
• Energy Sector and IIoT challenges discussion in collaboration with BlackRidge Technologies
10nccoe.nist.govNational Cybersecurity Center of Excellence
NCCoE Energy Sector Upcoming Activities
Smart Grid Interoperability Framework and Cybersecurity Workshop
November 13-14, 2018 at the NCCoE
Free & Open to the Public ; Presentations will be posted after the workshop
The workshop’s purpose is to get stakeholder input to help shape NIST’s characterization of smart grid
cybersecurity risks, solutions, and gaps. These conversations will revolve around four key topics:
• The role of interoperability in grid modernization;
• Cybersecurity risk profiles for smart grids and services;
• Securing novel communications methodologies; and
• Learning from other industries.
https://www.nist.gov/news-events/events/2018/11/smart-grid-interoperability-framework-and-cybersecurity-
workshop
301-975-0200http://nccoe.nist.gov
11nccoe.nist.govNational Cybersecurity Center of Excellence
Contact Us
Jim McCarthy, Senior Security Engineer
Energy Sector Lead
301-975-0228
Titilayo Ogunyale
Energy Project Lead
301-975-0219