Power Plant Cyber Security & NERC CIP Compliance — How to Prepare, Plan & Respond
As critical infrastructure assets, power plants and utilities are under constant threat by sophisticated attackers looking to gain access to internal systems for sabotage and control. The Department of Homeland Security (DHS) recently disclosed that foreign hackers had secured access to critical controls to U.S. power plants with the ability to shut off power. A recent survey of utility executives indicated 76 percent of those in North America believe the region faces at least a moderate risk of electricity supply interruption from a cyber attack.
Yet many power plants and OEM suppliers are ill-equipped to navigate this new landscape and mitigate cybersecurity risks. The unique technology, staffing, and operating procedures for power plants, EPCs and OEMs amidst a complex web of rapidly evolving technologies and threats means implementing cybersecurity solutions is more challenging than for the average organization. Not only does every energy facility and power plant face uniquely different circumstances related to the security of cyber assets but integrating cybersecurity protections into a utility’s supply chain is more complex than ever. This is a vital vulnerability as the alert issued by DHS last month indicated the hackers were targeting businesses working within a utility’s supply chain and that the hackers’ initial victims were “peripheral organizations such as trusted third-party suppliers with less secure networks.”
Many power plants and energy facilities lack the specialized know-how to effectively mitigate, identify, and repel a cyber attack which means there is a need for a comprehensive solution that fills the security gaps for each plant.
In this informative webinar, Tony Turner and Eric Belardo from Fortress Information Security will discuss the new and changing profile of threats to this industry, and steps power plants and utilities can take to secure their IT and OT operations to monitor and safeguard their attack surface.
Specific topics covered will include:
- The growing cyber security risks and specific points of vulnerability for the power industry
- Considerations in implementing a comprehensive cybersecurity solution
- How to identify threats and risks and gaps in control from internal and third parties and the proposed CIP 013-1 Reliability Standard
- Best practices in cyber security incident handling and response management
- Case study on how Fortress implementation at a major power producer is helping monitor threats and vulnerabilities in their supply chain and adhere to regulation.
Who should attend:
- CIOs, Plant Managers, IT, Operations & Supply Chain managers from:
- Utility and Independent Power Producers
- Project Developers
- Original Equipment Manufacturers (OEM)
- Refineries & Petrochemical Plants
- A&E & EPC Firms
Tony Turner, Sr Director Advisory Services - Security Architecture
Tony has helped hundreds of companies with strategic and tactical approaches to solving information security challenges. He has extensive experience in helping customers across Information Technology, Operational Technology and Business Process boundaries. As the global head of Application Security for a Fortune 150 and senior security executive in Air Travel, Manufacturing, Energy, Government, Retail and Insurance, as well as over 25 years of consulting and operations experience, he brings a diverse skill set that includes Security Program Development, Business Continuity, Compliance, Incident Response, Penetration Testing, Vulnerability Management, Security Architecture and Network and Application Security. Tony is a frequent speaker at industry conferences such as SANS, B-Sides, DerbyCon, ISSA, ISACA and others, and is a mainstay of the FL information security community, having founded several security groups and conferences. He holds a B.S. from Hodges University and over 20 security certifications such as CISSP, CISA, GCIH, GCIA, OPSE and many others.
Eric Belardo, Vice President, Security Operations
Eric J. Belardo is Vice President of Security Operations of Fortress Information Security. Eric Brings over 28 years of Cyber Security & Risk Experience across many industry domains including Government, DoD, International, Financial, and Civilian markets. Eric has served in Information Assurance positions in Governmental Organizations such as the Department of Energy and many Critical infrastructure sectors such as Pharmaceutical, Healthcare, Power and Energy, and Defense. Eric’s experience in the cyber security field encompasses the areas of Digital Forensics, Incident Response, Disaster Recovery, Certification and Accreditation, Enterprise Security Architecture, and Security M&A. Eric has supported countless organizations in the US and in over 25 countries. With his Military Intelligence and Information Security background, Eric specializes in developing solutions to our client’s biggest challenges in Emerging Risk and Vulnerability Management to identify, mitigate, and remediate threats from supply chain, IT, and OT environments.