6th Annual | Utility Cyber Security Forum
March 19-21, 2024 | Chicago
Agenda |
|
Pre-Conference Workshop
9:00 am - 4:00 pm
Preparing Cyber Defenders and System Operators for an Inverter-Centric Electric Grid
The 9/11 commission concluded "We believe the 9/11 attacks revealed four kinds of failures: in imagination, policy, capabilities and management. It is therefore critical to find a way of routinizing, even bureaucratizing the exercise of imagination."
This pre-conference Workshop is designed to build teamwork and cooperation between Cyber Defenders, Protection Engineers, System Planners and Inverter Control System Developers with input from NERC Certified System Operators. The lack of coordination between these different disciplines is leading to a power system that is vulnerable to systemic events with and without malicious actors.
This SIM-X Workshop is an innovative and unique training opportunity for Cyber Defenders to work with NERC Certified power system operators to understand in depth how to provide services and products that can prevent widespread damage to critical equipment and lead to massive long term power outages that could impact millions of people over many months.
>> View full description
|
Dr. Robin Podmore IEEE Fellow, Member NAE and NERC Certified System Operator President, IncSys profile |
8:00 - 9:00 am
Welcome Coffee and Registration
9:00 - 9:45 am
Securing the Digital Energy Transition
The global transition to renewable energy sources is gaining momentum across various sectors. As we embrace this shift, it is crucial to address the security challenges that arise when integrating renewable energy into existing infrastructure. One major concern is the presence of adverse suppliers in the renewable energy supply chain. While expanding renewable energy is essential, efforts are underway to reduce dependence on these products due to cybersecurity risks. Protecting energy infrastructure during this transition requires a multifaceted approach to cybersecurity. Stakeholders must prioritize the development and implementation of robust cybersecurity measures. This involves securing communication networks and employing strict access controls to prevent unauthorized entry. Additionally, adopting secure software design principles, regularly updating and patching software systems and fostering a cybersecurity-aware culture among personnel involved in the renewable energy sector are crucial. This session will discuss the global challenges facing the renewable and utility space, along with some potential solutions for the future of the sector.
|
|
9:45 - 10:30 am
Making Progress: Focusing Your Limited Resources to Protect What Really Matters
In today's dynamic business landscape, the effective management of limited resources is crucial for safeguarding organizational assets. This presentation delves into a practical example of a risk management process tailored for Operational Technology (OT) environments. The discussion encompasses a comprehensive understanding of business impacts, providing insights into prioritizing strategic areas for resource allocation based on business risk. Attendees will gain valuable insights into streamlining their approach to protect what truly matters to their organization, fostering a proactive and resilient security posture in the face of evolving threats.
|
|
10:30 - 11:00 am
Networking Coffee Break
11:00 - 12:15 pm
Navigating Control System Vulnerabilities: Risk, Regulation, and Real-Time Solutions
The vulnerability landscape within control systems, especially in the electric sector, is fraught with challenges. Managing the high volume of emerging software vulnerabilities, often in the hundreds or thousands monthly, is a daunting task. Operational Technology (OT) environments complicate this further, as patching can lead to system downtime. This necessitates prioritizing patches based on risk assessment, a process hindered by the limitations of current tools which often overlook organizational operational contexts like existing firewall protections.
This panel brings together experts from academia, security solutions, and the electric utility industry to explore advanced, automated technologies for context-aware vulnerability risk assessment. These innovations link vulnerabilities with firewall policies for accurate risk evaluation and streamlined patch management. Discussions will focus on the challenges of asset protection, regulatory compliance, and how emerging technologies aid in making swift, effective cybersecurity decisions in the electric utilities sector.
|
Philip Huff Assistant Professor and Director of Cybersecurity Research, Emerging Analytics Center University of Arkansas at Little Rock profile |
|
|
|
|
|
|
12:15 - 1:15 pm
Lunch Break
1:15 - 2:00 pm
Top 10 OT Security Risks in Utilities and How to Build End-To-End Cyber Security
The digitization of critical infrastructure has made industrial processes of energy production and distribution a target for cyber attacks. Adversaries can utilize a vast array of attack vectors on Operational Technology (OT) typically overlooked by firewalls:
- Spill-over from enterprise IT
- Exploit of misconfigurations, zero-day or unpatched vulnerabilities
- Exploit of stolen / phished credentials
- Trespass in remote substations and undetected access to cyber-physical systems
|
|
|
|
2:00 - 2:45 pm
Securing Power Grids & Water Systems: 5 Essentials of a Solid IT/OT Security Program
From cyber attacks to cyber regulations, the pressure is on for security teams to stay vigilant of their networks and operations. But securing utilities from power grids to water systems cannot only focus on the same IT networks we've been securing for decades - OT systems are at risk, too. It's time to build a robust IT/OT security program that recognizes the importance of protecting systems without disrupting supply in the process.
Key Takeaways:
- The key steps for safeguarding the OT environments of utility operators
- Considerations to ensure security activities don't lead to downtime
- Why bridging IT and OT silos can reduce the attack surface
- How to implement effective best practices to enhance overall security program efficiency
|
|
2:45 - 3:15 pm
Networking Coffee Break
3:15 - 4:30 pm
Security and Risk Considerations in Deploying Generative AI Technology at Utilities in the United States
During this session, Ramesh Reddi will present on innovative Generative AI technology and its risk for utilities. Elizabeth Escobar led the research and development to understand the business value of Generative AI technology at Duke Energy. She will speak on Generative AI benefits for utilities and the guardrails needed to deploy this technology at Duke Energy, starting with an Enterprise Generative AI Chatbot that can retrieve high quality answers from diverse and siloed data sources.
Key Takeaways:
- Learn the difference between Generative AI and other types of AI
- Understand the risk and benefits of Generative AI deployment in US utilities
- Learn about security controls needed to deploy Generative AI in the energy and utilities industry
|
|
|
|
4:30 - 5:15 pm
Crossing the Chasm from Compliance to Cybersecurity
We all hear (and likely agree) that compliance is not security. The underlying negative connotation is that most people only have the time and energy to focus on the compliance aspects of security at the expense of actually securing their organizations based on risk. That chasm between compliance and security can be crossed (figuratively) with a bit of planning and lot of groundwork. This presentation will highlight three key aspects of that process: 1) Platform Approach 2) Scalability and 3) Partnerships.
Key Takeaways:
- There are things to consider while implementing cyber security solutions that can both help achieve compliance and improve the overall security posture based on your organizational risk
- Partnerships are key at several levels (internally within the organization, as well as with external parties including vendors)
- Planning for one site/situation is not the same as planning for the whole organization, so scalability should always be a key consideration
|
|
5:15 - 6:45 pm
Networking Drink Reception
8:00 - 9:00 am
Welcome Coffee
9:00 - 9:45 am
Cybersecurity Operational Resilience for the Electric Utility
This session will cover security by design, consequence-driven and cyber informed engineering, including how to identify the emerging threat landscape, the best approach to creating a sustainable cyber resilience program, and the key differences between new and outdated systems to cyber resiliency.
Key Takeaways:
- Understanding the changing landscape
- Significance of "Security By Design"
- Operational Resilience -- How to withstand and recover
- Physical and cybersecurity measures to help reduce risk; while understanding that engineering risk out, helps with resiliency
- Navigating regulatory compliance
|
|
|
|
9:45 - 10:30 am
"You need your business and I need my money" -- Voicemail from a Hacker
This session presents an educational case study of a real-world scenario that occurred with a ThinkGard client. There are many presentations about organizations that are behind the times and not prepared for the cyber threats of today, but in this case, the client had all of the layers of protection they should have needed but one checkbox made the difference between complete protection and getting completely owned. Unfortunately for them, it was the latter. This will be a deep dive into what happened, why it happened and how it could have been avoided. The goal is for you to take something away from this situation that can be applied in your environment and will help keep you better protected moving forward.
Key Takeaways:
- Gain a better understanding of the complex and dynamic nature of the current cybersecurity landscape
- Understand how to develop a more hardened approach within your organization to better protect it from breaches
- Learn how bad actors can take advantage of the smallest vulnerabilities to move laterally within your IT security and gain access to your most sensitive systems
|
|
10:30 - 11:00 am
Networking Coffee Break
11:00 - 11:30 pm
Cyber Security of DERs in an Increasingly Decentralized Energy Grid
An ever-expanding collection of public reports of attacks on DER systems describe how adversaries exploit vulnerabilities in products, networks, and cloud infrastructure; deface EV chargers; compromise local DER products and cloud infrastructure; prevent visibility and control of 100s of megawatts of DER assets; and maliciously update firmware on DER systems to prevent operation. Near-daily disclosures indicate that threat actors are escalating their attacks on DER systems as they become more important to the grid. This session will provide 1) provide a real-time update of the risks facing DER- and grid operators, 2) the specific threats operators face using real-world examples, and 3) steps that owners and operators can take to protect their assets and operations.
Key takeaways:
- DER proliferation, including EV chargers and solar+storage systems, is expanding the attack surface of critical energy infrastructure. Recent incident reports bring this reality into sharp focus.
- The responsibility for protecting DER assets and the grid is shared by all stakeholders. No single entity (e.g. a utility grid operator) is in total control and yet all stakeholders have a vested interest actively protecting their parts of the system. A Zero Trust approach is indicated.
- A unique threat to the electricity grid is electrical settings manipulation. Traditional OT cybersecurity solutions do not address this condition, leaving a gap to be filled in the industry.
|
|
11:30 - 12:00 pm
Risk-Based Assessment of Cyber-Physical Power Grid
Interconnectedness of control areas within an interconnection poses a risk of cascading outages caused by a potential cyber attack. Hence, Risk-Based Compliance Monitoring and Enforcement Program (CMEP) activities, Regional Entity oversight and enforcement, and certification are introduced with a statistically driven, risk-based approach that can be discerned from the cyber assets (CA). The foundation of this process for Inherent Risk Assessments (IRAs) and Internal Control Evaluation (ICE) should be based on physics-based modeling and anomalies of data coming from cyber assets. The risk-based CMEP should be widely promoted, and its methodologies should introduce stochasticity of foul play that deviates from normal activities. Contingency analysis is performed on an N-1 basis, but the cyber-informed framework may not have been combined into potential associated impacts to substations, generation that could introduce instability indices for the North American Electric Reliability Corporation Critical Infrastructure Protection (NERC CIP) risk assessment framework. This presentation provides the methodological introduction on how NERC CIP 005 and 007 are introduced with quantitative and qualitative examples and the basic calculation of risks that will enable efficient spot checks, voluntary reporting that can help enhance audit reports.
Key Takeaways:
- The interconnected control areas in power systems are at risk of cascading outages due to cyber attacks, underscoring the critical role of Risk-Based Compliance Monitoring and Enforcement Programs (CMEP) and Regional Entity oversight
- Cyber asset (CA) risk assessment relies on physics-based modeling and anomaly detection, necessitating robust methodologies within CMEP
- Integration of cyber-informed frameworks with traditional contingency analysis improves grid stability, vital for NERC CIP compliance by identifying potential impacts on substations and generation
- These metrics can quantify hypothesized cyber attack impacts, informing cybersecurity technology investments to bolster grid resilience and safeguard critical infrastructure
|
|
12:00 - 12:30 pm
Digital Twins for Imagineering Grid Cyber-Physical Defenses
- Generic power system models
- Specific power system models and protecting CEII
- Simulating Digital Control Systems and Networks
- Instructor and Drill management methods and systems
- Creating realistic black swan events
- Knowledge capture and transfer
- Massive multi-user simulations of continental power systems
- Transient stability simulations for defending Aurora attacks
- Electro-magnetic transient simulations for preventing SSR and cracked generator shafts
|
|
Dr. Robin Podmore IEEE Fellow, Member NAE and NERC Certified System Operator President, IncSys profile |
12:30 - 1:30 pm
Lunch Break
1:30 - 2:00 pm
Electricity Grid Root-of-Trust Decentralized Supply Chain Cybersecurity
Traditional supply chain protections include physical labels, patents, and information stored in a device's non-volatile memory, all of which are vulnerable to tampering. This session examines recent advances in mitigating supply chain attacks via physics-based device authentication. One such advancement is GridTrust -- a cybersecurity technology developed by Georgia Tech researchers. It employs semiconductor chip fingerprints and cryptographic techniques to safeguard electrical utilities from supply-chain cyber attacks. Tested successfully in a power substation, GridTrust is designed to prevent unauthorized software alterations and offer multi-layered security for the electricity grid, ensuring both authenticity and proper authorization before updates are installed.
Key Takeaways:
- Semiconductor Fingerprint Security: Relying on unique chip fingerprints to fortify utility equipment against cyberattacks targeting control device software updates
- Collaborative Testing: The project involved Georgia Tech researchers, the City of Marietta, Sandia National Laboratories, and Protect Our Power in a three-year supported by the U.S. Department of Energy
- Enhanced Protection: By combining cryptographic technology with physically unclonable functions (PUFs)
|
Santiago Grijalva Georgia Power Distinguished Professor of Electrical and Computer Engineering and Director, Advanced Computational Electricity Systems (ACES) Laboratory Georgia Tech profile |
2:00 - 2:45 pm
Securing the GOOSE: A Real-World Test Case and Post-Quantum Path to Secure Sub-Millisecond Latency for Time-Sensitive Protocols
Many OT/ICS/IoT systems components require low latency communication to operate. As a result, these systems have been left to communicate in an unencrypted format making our power grid a prime target for APTs and nation state adversaries. For the first time publicly disclosed, this session will present a real-world test case involving ground-breaking quantum resilient hardware that was leveraged to secure lightweight protocols like Generic Object Oriented Substation Event or GOOSE/ IEC 61850, which requires latency of less than 4 milliseconds to communicate successfully. The test case was completed with hardware encryption devices that provide secure UDP or TCP point-to-point communication with an average latency of 0.07ms while leveraging encryption that is 8.636 * 10434 more powerful than AES-256, proving the possibility of eliminating all site-specific IT/OT technical debt with the installation of a single hardware encryption device.
We now live in a sub-millisecond latency, power-over-ethernet post-quantum encryption reality.
Key Takeaways:
- Encryption capabilities now exist that are efficient enough to secure even the most lightweight UDP or TCP protocols
- Post quantum encryption cannot be algebra-based in order to be truly secure
- Variable Word Length (VWL) is a post-quantum secure encryption protocol to consider for secure point-to-point transmission where either latency or power consumption matter (addresses SNDL attacks directly)
- Leveraging a HW component in front of otherwise vulnerable devices/technical debt can provide a great mitigation option
|
|
|
|
2:45 - 3:30 pm
The Power of Time: Enhancing Grid Stability Through Redundancy
This session explores the critical role of timing across the power grid, discussing GPS and the Precision Time Protocol (PTP) as key tools in maintaining stability. We will delve into the need for redundancy in these systems to ensure resilience against potential disruptions. Highlighting a real-life application, we will examine the work spearheaded by Joe Marshall from Cisco Talos to protect the Ukrainian power grid from GPS jamming. This case study emphasizes the importance of diversified timing solutions in securing power grid operations.
Key Takeaways:
- Timing plays a fundamental role in maintaining stability in power grids
- Redundancy in timing systems is crucial to ensure resilience against potential disruptions and to secure the ongoing operations of power grids
- Real-world applications, like the work led by Joe Marshall from Cisco Talos in Ukraine, highlight the significance of diversified timing solutions in protecting power grids from threats like GPS jamming
|
|