build team and energy provider community meeting 29 june 2016 … · 2016-06-29 · 29 june 2016...
TRANSCRIPT
![Page 1: Build Team and Energy Provider Community Meeting 29 June 2016 … · 2016-06-29 · 29 June 2016 Securing Networked Infrastructure for the Energy Sector. 2 ... § SA Build Team introduction](https://reader034.vdocuments.us/reader034/viewer/2022042711/5f7721908291fd450a00250e/html5/thumbnails/1.jpg)
Energy Provider Community of InterestBuild Team and Energy Provider Community Meeting29 June 2016
Securing Networked Infrastructure for the Energy Sector
![Page 2: Build Team and Energy Provider Community Meeting 29 June 2016 … · 2016-06-29 · 29 June 2016 Securing Networked Infrastructure for the Energy Sector. 2 ... § SA Build Team introduction](https://reader034.vdocuments.us/reader034/viewer/2022042711/5f7721908291fd450a00250e/html5/thumbnails/2.jpg)
2
ENERGY PROVIDER COMMUNITY
Agenda
§ NCCoE news
§ Current projects
§ Identity and Access Management (IdAM) project update
§ Situational Awareness (SA) project update
§ SA Build Team introduction and overview
§ Open discussion
![Page 3: Build Team and Energy Provider Community Meeting 29 June 2016 … · 2016-06-29 · 29 June 2016 Securing Networked Infrastructure for the Energy Sector. 2 ... § SA Build Team introduction](https://reader034.vdocuments.us/reader034/viewer/2022042711/5f7721908291fd450a00250e/html5/thumbnails/3.jpg)
3
NCCOE NEWS
NCCoE Out and About:
§ Attended conferences
§ Webinar with AlertEnterprise (June) – Jim McCarthy
§ Cybersecurity for Oil & Gas Summit (June) – Jim McCarthy
§ Upcoming planned conferences
§ EnergySec (August)
§ Power Grid Cyber Security Exchange (August)
§ ICS Cyber Security Conference Sacramento (October)
§ GridSecCon (October) – potential workshop
§ World Congress on Industrial Control Systems Security (WCICSS) (December)
![Page 4: Build Team and Energy Provider Community Meeting 29 June 2016 … · 2016-06-29 · 29 June 2016 Securing Networked Infrastructure for the Energy Sector. 2 ... § SA Build Team introduction](https://reader034.vdocuments.us/reader034/viewer/2022042711/5f7721908291fd450a00250e/html5/thumbnails/4.jpg)
4
CURRENT PROJECTS
Identity and Access Management (IdAM) Project
§ Provides a reference solution to:
§ Authenticate individuals and systems
§ Enforce authorization control policies
§ Unify IdAM services
§ Protect generation, transmission and distribution
§ Improve awareness and management of visitor accesses
§ Simplify the reporting process
§ Draft guide is online at https://nccoe.nist.gov/projects/use_cases/idam
§ Final Guide publication pending final approvals
§ Demonstrations and adoption support available
![Page 5: Build Team and Energy Provider Community Meeting 29 June 2016 … · 2016-06-29 · 29 June 2016 Securing Networked Infrastructure for the Energy Sector. 2 ... § SA Build Team introduction](https://reader034.vdocuments.us/reader034/viewer/2022042711/5f7721908291fd450a00250e/html5/thumbnails/5.jpg)
5
Operations
ICSNetwork
NCCoEMonitoring/DataCollection
Enterprise
DataAggregation/
Analysis
SystemManagementNetworkConnection
ICSMonitoringNetworkConnection
NCCoESystemManager
SecurityAnalyst
Situational Awareness Project
• Improve OT availability
• Detect anomalous conditions and remediation; unify visibility across silos
• Investigate events leading to baseline deviations/ anomalies and share findings
• Use Case published: http://nccoe.nist.gov/sites/default/files/nccoe/NCCoE_ES_Situational_Awareness.pdf
CURRENT PROJECTS
![Page 6: Build Team and Energy Provider Community Meeting 29 June 2016 … · 2016-06-29 · 29 June 2016 Securing Networked Infrastructure for the Energy Sector. 2 ... § SA Build Team introduction](https://reader034.vdocuments.us/reader034/viewer/2022042711/5f7721908291fd450a00250e/html5/thumbnails/6.jpg)
6
PROJECT MILESTONE UPDATES
PROJECTNAME:SituationalAwareness UpcomingMilestoneDates
CompletedBuild Wed07/13/16ReleaseDraftPracticeGuideforPublicComments Thu08/25/16
PublishSpecialPublication Thu11/24/16
PROJECTNAME:IdAM UpcomingMilestoneDates
PublishSpecialPublication Thu06/30/16
PROJECT MILESTONES
![Page 7: Build Team and Energy Provider Community Meeting 29 June 2016 … · 2016-06-29 · 29 June 2016 Securing Networked Infrastructure for the Energy Sector. 2 ... § SA Build Team introduction](https://reader034.vdocuments.us/reader034/viewer/2022042711/5f7721908291fd450a00250e/html5/thumbnails/7.jpg)
7
SITUATIONAL AWARENESS BUILD TEAM INTRODUCTIONCompany Logo POC Product links ApplicationtoSA
project buildDragosSecurity
RobLee,[email protected],[email protected]
https://www.dragossecurity.com/products/cyberlens
ICSAssetmanagement
HPEArcSight BruceOehler,[email protected],[email protected]
http://www.hpe.com Securityinformationandeventmanagement(SIEM)platform
ICS2 AnisBishara,[email protected] OperationalBehaviorAnomalyDetection
FireEyeInvotas PaulNguyen,[email protected]
https://www.fireeye.com/products/security-orchestrator.html
Securityorchestrator/incident remediationplaybook
OSIsoft PaulGeraci,[email protected]
http://www.osisoft.com PI system
PPC MattMcDonald,[email protected],[email protected]
PI system
Radiflow AyalVogel,[email protected],DarioLobozzo,[email protected]
OTSecurityBrochure-http://radiflow.com/downloads/OT%20security/Security%20OT%20Brochure.pdfSecurityGatewayDataSheet-http://radiflow.com/3180-secure-ruggedized-router/SCADAIntrusionDetectionData-Sheet-http://radiflow.com/products/isid-intrusion-detection-system/
SCADAIntrusiondetection/DeepPacketSCADAFirewall
RSA BenSmith,[email protected] https://www.rsa.com/en-us/products-services/security-operations/security-operations-management-secops
Securityoperationsdashboard
DRAGO SECURITY ™
![Page 8: Build Team and Energy Provider Community Meeting 29 June 2016 … · 2016-06-29 · 29 June 2016 Securing Networked Infrastructure for the Energy Sector. 2 ... § SA Build Team introduction](https://reader034.vdocuments.us/reader034/viewer/2022042711/5f7721908291fd450a00250e/html5/thumbnails/8.jpg)
8
SITUATIONAL AWARENESS BUILD TEAM INTRODUCTION (2)Company Logo POC Product links ApplicationtoSA
project buildRS2Technologies
DaveBarnard,[email protected]
www.rs2tech.com Physicalaccess controlsystem
SchneiderElectric
MikePyle,[email protected]
Industrialcontrolsystemfirewall
Siemens JeffFoley,[email protected]
AJNicolosi,[email protected]
RX1500http://w3.siemens.com/mcms/industrial-communication/en/rugged-communication/products/switches-routers-layer-3/Pages/rx1500.aspxRX1400http://w3.siemens.com/mcms/industrial-communication/en/rugged-communication/products/switches-routers-layer-3/Pages/rx1400.aspxCROSSBOWhttp://w3.siemens.com/mcms/industrial-communication/en/rugged-communication/products/software/Pages/crossbow.aspx
Industrialcontrolsystemremotemanagementauthentication platform/configurationmanagement
TDiTechnologies
BillJohnson,[email protected]
http://www.tditechnologies.com/http://www.tditechnologies.com/products/nerc-cip-smart-grid-solutionshttp://www.tditechnologies.com/our-customers/utilities
Industrialcontrolsystemandinfrastructureremotemanagement(IT/OT)
Waratek NollaigHeffernan,[email protected]
SQLinjection prevention
WaterfallSecurity
AndrewGinter,[email protected]
http://waterfall-security.com/products/unidirectional-security-gatewayshttp://waterfall-security.com/products/secure-bypass
Unidirectional gateway
![Page 9: Build Team and Energy Provider Community Meeting 29 June 2016 … · 2016-06-29 · 29 June 2016 Securing Networked Infrastructure for the Energy Sector. 2 ... § SA Build Team introduction](https://reader034.vdocuments.us/reader034/viewer/2022042711/5f7721908291fd450a00250e/html5/thumbnails/9.jpg)
9
Operations
O6:DellR620Server
MONITORING / DATA COLLECTION BUILD ARCHITECTURE
O7:VMware
O10:DragosSecurityCyberLensSensor
O8:OSISoftPiHistorian(Operations)
U1:SchneiderElectricCitect
O1:SiemensRUGGEDCOMRX1501(CrossbowStationAccessController)
O15:Cisco2950Switch
O9:TdiTechnologiesConsoleWorks(Operations)
VPNtoEnterprise
02:WaterfallUnidirectionalSecurityGatewayHardware
Tx
Rx
O4:RS2Door
Controller
O11:RadiflowiSID
SyslogSyslog
ICSNetworkTappedTraffic
ICSNetworkTAPs
HistorianData
O17:WaterfallSecureBypass
O18:SchneiderElectricTofinoFirewall
(OperationsManagement)
O19:ServerO20:TDi Technologies
ConsoleWorks(OperationsManagement)
UpdatedJune27,2016
ICSNetwork
Syslog
O16:IXIAFullDuplexTAPs
O14:Radiflow 3180Firewall
Dooropen/closeevents
iSIDWebinterface
CyberLens SensorData
O12:ServerO13:OSIsoft
Citect Interface
O3:SchneiderElectricTofino
Firewall(DoorController)
ICSNetworkTappedTraffic
O20:SchneiderElectricTofino
Firewall(Citect Interface)
Syslog
![Page 10: Build Team and Energy Provider Community Meeting 29 June 2016 … · 2016-06-29 · 29 June 2016 Securing Networked Infrastructure for the Energy Sector. 2 ... § SA Build Team introduction](https://reader034.vdocuments.us/reader034/viewer/2022042711/5f7721908291fd450a00250e/html5/thumbnails/10.jpg)
10
DATA AGGREGATION / ANALYSIS BUILD ARCHITECTURE
Enterprise
E2:ServerCluster
E3:VMware
E1:SiemensRUGGEDCOM
RX1400
E4:OSISoftPiHistorian
E8:DragosSecurity
CyberLens Server
E6:TDi TechnologiesConsoleWorks(Enterprise)
E10:Waratek
AppSecurity
E13:RSASecOps
E14:FireEyeSecurity
OrchestratorVPNFromOperations
SecurityAnalystE5:ICS2OnGuard
E7:RS2AccessIT!
E11:ArcSight Server
E12:HPEArcsight
UpdatedJune27,2016
iSIDWebinterface
Dooropen/closeevents
CyberLens SensorData
HistorianData
Syslog E9:SiemensRUGGEDCOMCROSSBOW
E16:Extractevents
![Page 11: Build Team and Energy Provider Community Meeting 29 June 2016 … · 2016-06-29 · 29 June 2016 Securing Networked Infrastructure for the Energy Sector. 2 ... § SA Build Team introduction](https://reader034.vdocuments.us/reader034/viewer/2022042711/5f7721908291fd450a00250e/html5/thumbnails/11.jpg)
11
CONTACT US
9700GreatSenecaHwy,Rockville,MD20850
http://nccoe.nist.gov/forums/energy
Thank You
100BureauDrive,MailStop2002,Gaithersburg,MD20899
![Page 12: Build Team and Energy Provider Community Meeting 29 June 2016 … · 2016-06-29 · 29 June 2016 Securing Networked Infrastructure for the Energy Sector. 2 ... § SA Build Team introduction](https://reader034.vdocuments.us/reader034/viewer/2022042711/5f7721908291fd450a00250e/html5/thumbnails/12.jpg)
ABOUT THE NCCOE
![Page 13: Build Team and Energy Provider Community Meeting 29 June 2016 … · 2016-06-29 · 29 June 2016 Securing Networked Infrastructure for the Energy Sector. 2 ... § SA Build Team introduction](https://reader034.vdocuments.us/reader034/viewer/2022042711/5f7721908291fd450a00250e/html5/thumbnails/13.jpg)
13
FOUNDERS
Information Technology Laboratory
![Page 14: Build Team and Energy Provider Community Meeting 29 June 2016 … · 2016-06-29 · 29 June 2016 Securing Networked Infrastructure for the Energy Sector. 2 ... § SA Build Team introduction](https://reader034.vdocuments.us/reader034/viewer/2022042711/5f7721908291fd450a00250e/html5/thumbnails/14.jpg)
14
WHO WE ARE AND WHAT WE DO
GOAL 1PROVIDE PRACTICAL CYBERSECURITYHelp people secure their data and digital infrastructure by equipping them with practical ways to implement standards-based cybersecurity solutions that are modular, repeatable and scalable
VISIONADVANCE CYBERSECURITYA secure cyber infrastructure that inspires technological innovation and fosters economic growth
MISSIONACCELERATE ADOPTION OF SECURE TECHNOLOGIESCollaborate with innovators to provide real-world, standards-based cybersecurity capabilities that address business needs
GOAL 2INCREASE RATE OFADOPTIONEnable companies to rapidly deploy commercially available cybersecurity technologies by reducing technological, educational and economic barriers to adoption
GOAL 3ACCELERATE INNOVATIONEmpower innovators to creatively address businesses’ most pressing cybersecurity challenges in a state-of-the-art, collaborative environment
![Page 15: Build Team and Energy Provider Community Meeting 29 June 2016 … · 2016-06-29 · 29 June 2016 Securing Networked Infrastructure for the Energy Sector. 2 ... § SA Build Team introduction](https://reader034.vdocuments.us/reader034/viewer/2022042711/5f7721908291fd450a00250e/html5/thumbnails/15.jpg)
15
BUSINESS MODEL
The NCCoE seeks problems that are:
‣ Broadly applicable across much of a sector, or across sectors
‣ Addressable through one or more reference designs built in our labs
‣ Complex enough that our reference designs will need to be based on a combination of multiple commercially available technologies
Reference designs address:
‣ Sector-specific use cases that focus on a business-driven cybersecurity problem facing a particular sector (e.g., health care, energy, financial services)
‣ Technology-specific building blocks that cross sector boundaries (e.g., roots of trust in mobile devices, trusted cloud computing, software asset management, attribute based access control)
![Page 16: Build Team and Energy Provider Community Meeting 29 June 2016 … · 2016-06-29 · 29 June 2016 Securing Networked Infrastructure for the Energy Sector. 2 ... § SA Build Team introduction](https://reader034.vdocuments.us/reader034/viewer/2022042711/5f7721908291fd450a00250e/html5/thumbnails/16.jpg)
16
TENETS
Standards-based Apply relevant local, national and international standards to each security implementation and account for each sector’s individual needs; demonstrate reference designs for new standards
ModularDevelop reference designs with individual components that can be easily substituted with alternates that offer equivalent input-output specifications
UsableDesign usable blueprints that end users can easily and cost-effectively adopt and integrate into their businesses without disrupting day-to-day operations
RepeatableEnable anyone to recreate the NCCoE builds and achieve the same results by providing a complete practice guide including a reference design, bill of materials, configuration files, relevant code, diagrams, tutorials and instructions
Open and transparentUse open and transparent processes to complete work, and seek and incorporate public comments on NCCoEdocumentation, artifacts and results
Commercially availableWork with the technology community to identify commercially available products that can be brought together in reference designs to address challenges identified by industry
![Page 17: Build Team and Energy Provider Community Meeting 29 June 2016 … · 2016-06-29 · 29 June 2016 Securing Networked Infrastructure for the Energy Sector. 2 ... § SA Build Team introduction](https://reader034.vdocuments.us/reader034/viewer/2022042711/5f7721908291fd450a00250e/html5/thumbnails/17.jpg)
17
PROJECT LIFECYCLESituational
Awareness – we are here
Pre-ProcessWestrategicallyidentify,select,andprioritizeprojectsthatalignwithourmission.
P1:ConceptAnalysis
Wepartnerwithindustrytodefine,
validate,andbuildbusinesscasesforthe
mostchallengingcybersecurity
issues.
P2:DevelopUseCaseUsinga
collaborativemethodwithindustry
partners,wedevelopafullUseCasethatoutlinesaplanfortacklingtheissue.
P3:FormBuildTeamWeuniteindustry
partnersandtechnologycompaniesto
buildaqualifiedteamtoexecutetheUseCase.
P4:Design&Build
TheUseCaseteamplans,designs,andbuildsthesystemina
labenvironment
anddocumentsitinthePractice
Guide.
P5:Integrate&Test
Theteamtestthesystemandmakerefinementsasnecessary.Thesystemmaybe
validatedbyourpartners.Thefinalsolutionsystemis
documentedinthePractice
Guide.
P6:Publish&Adopt
We,alongsideourpartners,
publish,publicizeanddemonstratethePracticeGuide.Thissolutionprovidesareference
architecturethatmaybeimplementedinwholeorin
part.
IconCredits(righttoleft):TalkingbyJuanPabloBravo;TestTubebyOlivierGuin;CollaborationbyKrisada;TeambyWilsonJoseph;BrainstormbyJessicaLock;NetworkbyMatthewHawdon;ArrowbyJamisonWieser;allfromtheNounProject.
IdAM – we are here