RMEL’s Most Comprehensive Security Event Yet You Won’t Want to Miss the Informative Discussion Government agency officials will provide an overview of the relationships between critical infrastructure sector specific agencies, the intelligence community, and the Electric Subsec- tor Coordinating Council. Once this foundation is set, they will provide an unclassified threat briefing. There will also be presentations from other agencies covering the various critical infrastructure issues the agencies are dealing with, along with opportunities for collaboration, capped off with cyber and physical security roundtable discussions to dig deeper into the shared content. With this context, the electric utilities will share utility specific experiences, issues and best practices. DATE, TIME, LOCATION April 17-18, 2019 April 17 - Day 1 8:00 a.m. - 4:30 p.m. April 18 - Day 2 8:00 a.m. - Noon SRP’s PERA Club 1 E Continental Dr Tempe, AZ 85281 2019 RMEL SECURITY SYMPOSIUM From Agency to Utility: Protecting the U.S. Grid Together Featured Government Agency Speakers Dr. Anthony Montoya, Senior Subject Matter Expert – Grid Operations, Integrity Applications Inc. Contractor for US Department of Energy Christine Figueroa, Protective Security Advisor, U.S. Department of Homeland Security Michael Lettman, Cyber Security Advisor, U.S. Department of Homeland Security Joseph Hooper, Supervisory Special Agent, Federal Bureau of Investigations Brian Keith, Protective Security Advisor (PSA) Los Angeles District, U.S. Department of Homeland Security Security Threats From the Federal Level to Utility Experiences & Best Practices On Day 1, federal government agency officials from the U.S. Department of Energy, Department of Homeland Security (Cyber Security and Infra- structure Security Agency - CISA), Federal Bureau of Investigations and Idaho National Labs will discuss threats to the electric grid, cyber security threats, incidents with physical impacts and mitigation measures, unmanned aircraft systems (UAS) efforts and counter efforts and cyber technolo- gies to the open source as part of CES-211. The second day will drill down to the electric utility physical and cyber security experiences and best practices with speakers from Nebraska Public Power District, Tri-State Generation & Transmission Association, Western Area Power Administration and more utilities discussing leveraging asset management data to develop graduated physical security protection levels at substations and communication sites, the Washington Post Russian Hacking Report, IEC 61850 SCADA communications implementation, CSC20 Standards, suspicious package handling and more.
Transcript
RMEL’s Most Comprehensive Security Event yetYou Won’t Want to Miss the Informative Discussion Government agency offi cials will provide an overview of the relationships between critical infrastructure sector specifi c agencies, the intelligence community, and the Electric Subsec-tor Coordinating Council. Once this foundation is set, they will provide an unclassifi ed threat briefi ng. There will also be presentations from other agencies covering the various critical infrastructure issues the agencies are dealing with, along with opportunities for collaboration, capped off with cyber and physical security roundtable discussions to dig deeper into the shared content. With this context, the electric utilities will share utility specifi c experiences, issues and best practices.
DATE, TIME, LOCATIONApril 17-18, 2019
April 17 - Day 18:00 a.m. - 4:30 p.m.
April 18 - Day 28:00 a.m. - Noon
SRP’s PERA Club1 E Continental DrTempe, AZ 85281
2019 RMEL SECURITy SyMPOSIUM
From Agency to Utility: Protecting the U.S. Grid Together
Featured Government Agency SpeakersDr. Anthony Montoya, Senior Subject Matter Expert – Grid Operations, Integrity Applications Inc. Contractor for US Department of Energy
Christine Figueroa, Protective Security Advisor, U.S. Department of Homeland Security
Michael Lettman, Cyber Security Advisor, U.S. Department of Homeland Security
Joseph Hooper, Supervisory Special Agent, Federal Bureau of Investigations
Brian Keith, Protective Security Advisor (PSA) Los Angeles District, U.S. Department of Homeland Security
Security Threats From the Federal Level to Utility Experiences & Best Practices On Day 1, federal government agency offi cials from the U.S. Department of Energy, Department of Homeland Security (Cyber Security and Infra-structure Security Agency - CISA), Federal Bureau of Investigations and Idaho National Labs will discuss threats to the electric grid, cyber security threats, incidents with physical impacts and mitigation measures, unmanned aircraft systems (UAS) eff orts and counter eff orts and cyber technolo-gies to the open source as part of CES-211.
The second day will drill down to the electric utility physical and cyber security experiences and best practices with speakers from Nebraska Public Power District, Tri-State Generation & Transmission Association, Western Area Power Administration and more utilities discussing leveraging asset management data to develop graduated physical security protection levels at substations and communication sites, the Washington Post Russian Hacking Report, IEC 61850 SCADA communications implementation, CSC20 Standards, suspicious package handling and more.
Wednesday, April 17, 2019
8:00 a.m. - 8:30 a.m. Welcome and Introductions
8:30 a.m. - 10:00 a.m. Foreign Threats to the Electric Grid - Context and ConsensusDr. Anthony Montoya, Senior Subject Matter Expert – Grid Operations, Integrity Applications Inc. Contractor for US Department of EnergyThis will be a presentation on interrelationship between Intelligence Community, Sector Specific Agencies, and Electricity Subsector Coordinating Council. For-eign Intelligence Entity (FIE) Threat briefing.
10:00 a.m. - 10:15 a.m. Networking Break
10:15 a.m. - 11:30 a.m.Attacks on Critical Infrastructure, Both Physical and Cyber Can Cause Kinetic EffectsChristine Figueroa, Protective Security Advisor, U.S. Department of Homeland Security and Michael Lettman, Cyber Security Advisor, U.S. Department of Homeland SecurityJoin us as Christine Figueroa Arizona Protective Security Advisor (PSA) with the U.S. Department of Homeland Security and Mike Lettman Arizona Cyber Security Advisor (CSA) with the U.S. Department of Homeland Security discuss topics within attacks on physical infrastructure both cyber and non-cyber. Christine is going to give a physical security overview of the incidents in Arizona that involved attacks on critical infrastructure and steps to
take to protect the organiza-tion. Mike is going to walk through cyber-attacks on physical infrastructure, over-view and specifics on cyber incidents in Arizona that involved attacks on critical infrastructure and some steps you need to take to protect the organization.
11:30 a.m. - 12:30 p.m.Networking Lunch
12:30 p.m. - 1:20 p.m.Energy Sector Cyber Threat Overview Joseph Hooper, Supervisory Special Agent, Federal Bureau of InvestigationsThis presentation will explore the common threat vulner-abilities and preparations for an incident.
1:20 p.m. - 2:10 p.m.Non Traditional Aviation Technology (NTAT) Threats to Critical InfrastructureBrian Keith, Protective Security Advisor (PSA) Los Angeles District, U.S. Department of Homeland SecurityThis briefing will provide an overview of current and future UAS capabilities/technology as well as a synopsis on emerging UAS threats to critical infrastructure. This briefing will also provide information on best practices and lessons learned for public safety officials seeking to create a UAS program for law enforcement and/or emergency response functions as well as UAS guidance/resources through DHS’s Cybersecurity and Infrastructure Security Agency (CISA) and the FAA. Throughout the presentation, the briefer will also provide updates on the FAA Reauthorization Act of 2018 which provides a legal
framework for Counter UAS Operations/Capabilities for DHS and DOJ for designated critical infrastructure sites and special events.
2:10 p.m. - 2:25 p.m.Networking Break
2:25 p.m. - 3:15 p.m.Data Analytics, Automated Response and the Journey to Resilient SystemsCraig Rieger, Chief Control Systems Research Engineer and Directorate Fellow, Battelle Energy Alliance, LLC (M&O for Idaho National Laboratory)The journey to resilient systems started shaping last decade, but for many, the concept of resilience is still a notional one. From a security perspective, however, there are efforts underway that are moving us closer to the end goal of cyber threat resilience. For power system operators, these include the distributed indicators of threat, through analytics, and an associated response to mitigate. In this presentation, a basis for resilience will be provided, and include a discussion of technologies that are being developed and transitioned to the commercial sector to achieve these aims.
3:30 p.m. - 4:30 p.m.Physical and Cyber Security Roundtable Discussions (Two Groups)There will be two separate roundtable discussions during this time: one for cyber security and the other for physical security. Roundtables offer a unique forum for peer-to-peer sharing of experiences, critical issues and expertise. Discussion is based on top-ics brought by attendees. Roundtables are focused on the open discussion period and provide each attendee the opportunity for partici-pation and dialogue on their particular issue. Roundta-bles are held in conjunction with a symposium and many topics presented at the symposium are discussed further in the roundtable setting. The roundtable is a good opportunity to share experiences, troubleshoot problems and network with peers in a smaller, informal setting. Each participant is offered a chance to pose questions and share infor-mation. All attendees are encouraged to bring issues for discussion and materials for sharing. Bring roundtable topics for discussion and/or send topics ahead of time to [email protected].
Preliminary COnFerenCe agenda
2019 RMEL SECURITy SyMPOSIUMFrom Agency to Utility:
8:30 a.m. - 9:00 a.m.Asset Management - Leveraging Asset Management Data to Develop Graduated Physical Security Protection Levels at Substations and Communication Sites Rebecca Afsar, Asset Management Specialist, Western Area Power AdministrationHistorically, WAPA applied a “one size fits all” approach for physical security protec-tion at substations and com-munication sites. However, the new tier approach was made possible through a collaboration between asset management, enterprise risk, and security. Leveraging As-set Management’s robust as-set criticality database, work prioritization could be based on a value centric analysis and WAPA’s mission. Conse-quently, WAPA was able to greatly reduce the number outstanding security work items while still meeting physical security standards, regulatory requirements, and compliance requirements.
2019 RMEL SECURITy SyMPOSIUMFrom Agency to Utility:
Protecting the U.S. Grid Together
9:00 a.m. - 9:30 a.m.How One Company Took Multiple Older Generation Sites from Nothing to Full Compliance with CSC20 Standards in 6 Months! Rick Kaun, VP Solutions, Verve Industrial ProtectionThis session will lay out a client profile – very typi-cal in the space, and walk the audience through how this organization not only planned and executed a range of security tools to stand up a full CSC20 com-pliance program but how they are maintaining it. The project involved a significant amount of asset inventory, asset profiling, ICS know-how and a common vision for how everything would be maintained once installed. The single most forgotten aspect of a security program – maintenance!
9:30 a.m. - 10:00 a.m.Networking Break
10:00 a.m. - 10:30 a.m.Understanding the Washington Post Russian Hacking Report - The Threat is RealTim Pospisil, Director of Corporate Security and Chief Security Officer (CSO), Nebraska Public Power DistrictFor those of us who fight the daily battle of cyber & physical security at a utility, the Washington Post Article in 2018 and the January 2019 Wall Street Journal article, “America’s Electric Grid Has a Vulnerable Back Door—and Russia Walked Through It,” came as no surprise. In fact, what it really represented was a repackaging of a presentation Department of Homeland Security (DHS) gave one year earlier, except this time it included the specific names of some of the companies involved. It
*Presentations are subject to change. Please visit www.RMEL.org for the latest topic and speaker information.
also highlighted the battle that each of us faces every day when it comes to cyber threats to critical infrastruc-ture.
This presentation will discuss these reports and what we as utilities can and should be doing to be prepared for more like it in the future.
10:30 a.m. - 11:00 a.m.Security Considerations for an IEC 61850 SCADA SystemJeff Pack, Senior Project Engineer, POWER Engineers, Inc.SCADA systems are starting to use advanced commu-nications protocols such as IEC 61850 to gain efficiency and performance and in-crease safety for electric utilities. The presentation will cover the cybersecurity issues associated with these advanced communications protocols and how to miti-gate associated risk.
11:00 a.m. - 11:30 a.m.CIP Low Impact Security and Tri-State Generation FacilitiesRyan Walter, Compliance Analyst, Tri-State Generation & Transmission AssociationThis presentation will dem-onstrate the steps Tri-State went through to become compliant with the Low Im-pact Security Requirements at Generation Facilities. Spe-cifically, I will be covering the different steps Tri-State took to evaluate and evolve our plants physical and electron-ic security controls, from the
announcement of the low impact CIP Requirements to now. I will be showing pit falls, lessons learned, newly implemented processes, and pain points throughout our implementation.
11:30 a.m. - 12:00 p.m.“Working Lunch” & Cyber and Physical Roundtable DiscussionsThere will be two separate roundtable discussions during this time: one for cyber security and the other for physical security.
2019 RMEL SECURITy SyMPOSIUM REGISTRATION Your Personal Member ID#: __________________________________________ Name: _____________________________________________________________________
No Member ID? No Problem. Please provide the following instead:
First Name: __________________________________________________ Last Name: ________________________________________________
6855 S. Havana St, Ste 430 ~ Centennial, CO 80112 www.RMEL.org
2019 RMEL Security Symposium - April 17-18, 2019Registration Includes: Breakfast, breaks, lunch, training, course materials, attendee roster and, upon course completion, a continuing education certificate.
Member full conference (includes roundtable) .............................................$395 **Student Member full conference (includes roundtable) ......................... $172 Non-RMEL member full-day meeting ...............................................................$595
TOTAL ................................................................................................................. ____________
Payment Check (RMEL; 6855 S. Havana St, Ste 430; Centennial, CO 80112)
** To receive the student rate, you must be a full-time student at an RMEL member university. All student registrations must be faxed or called in, and a copy of your student ID and full-time class schedule are required.
Cancellation Policy: Fees are refundable if cancellation is received on or before 5 p.m. on April 7, 2019. If cancellation is received after that date, half of the registration fee will be refunded. Payments will be processed for those who do not attend or do not cancel by 5 p.m. the day before the event. To have someone take your place, please notify RMEL anytime before the event.
RMEL | 6855 S. HAvANA ST, SUITE 430 | CENTENNIAL, CO 80112 | (303) 865-5544 | FAX: (303) 865-5548 | WWW.RMEL.ORG
