On Demand – Safeguarding Critical Infrastructure: Enhancing Hacker Detection for NERC CIP Compliance While Achieving FERC INSM NOPR Objectives [an Energy Central PowerSession™]

Access On-Demand Recording Below

The hacker community continues to innovate and find creative ways to disrupt critical infrastructure that is becoming more reliant on digital technologies. Volt Typhoon is one example of a sophisticated, stealthy attack targeting real-time operational systems used to manage critical infrastructure operations that must be detected, before it can be used to disable key infrastructure, such as the Electric Grid.

It’s imperative that an entity maintain visibility over communications between networked devices within a trust zone and detect malicious activity that has circumvented perimeter controls. FERC’s INSM NOPR facilitates the detection of anomalous network activity indicative of an attack in progress, thus increasing the probability of early detection and allowing for quicker mitigation and recovery from an attack.

This session provides the audience with a clear understanding of the risks that are unique to time sensitive OT environments and guidance to help critical infrastructure operators detect suspected hacker activity as early as possible so that mitigation activities can begin and incident response plans put in place to prevent disaster. Experts from the energy industry and solution provider space provide their perspectives.

Here is what you will take-away from this session:

• What’s driving these new INSM NOPR requirements and why it matters

• How does the INSM NERC initiative differ from previous NERC CIP standards and requirements
• Different strategies for implementing effective monitoring and detection of hacker activity that complies with NERC CIP standards and achieves the objectives identified in the FERC INSM NOPR
• A high-level understanding of the various solution options along with approximate implementation timelines and effort.
• Understand how Nozomi is uniquely qualified to provide an effective INSM solution that is different from other product and service offerings
• Next steps to planning an effective and compliant ISNM solution

It’s important to understand the various challenges that come with INSM solutions for operational technology (OT) and real-time operations, which are time sensitive and resource constrained. The compliant solutions discussed in this session have been designed with these unique OT constraints and sensitivities in mind, in order to produce an effective solution that will not impact real-time functions and performance and provide early detection of hacker activity.

Read the Companion Resources: 
White Paper: NERC CIP Mapping Guide: NERC CIP Compliance with Nozomi Networks’ Solution
Blog: Preparing for NERC CIP-015-1: Internal Network Security Monitoring for Electric Utilities

PANEL:

Gehron “Ronny” Fredericks, Field CTO, Nozomi Networks

Ronny holds a Master’s degree in Digital Forensics & Cyber Investigation and an additional MBA from University of Maryland. Ronny has unique OT experience from his time at leading energy provider, Exelon Corporation, as a Senior Security Analyst in their Security Operations Center and has also worked closely on the IT side as a developer and technical operations manager in previous roles. Ronny is currently a member of the Infragard – South Florida Members Alliance and the US Secret Service Electronic Crimes Task Force.

Josh Sandler, Energy Cybersecurity Regulatory Leader Ernst & Young

Josh leads EY’s Energy Cyber Regulatory practice. He is based in the Charlotte, NC office and has over 20 years of experience in cybersecurity and Critical Infrastructure Protection (CIP) programs. Josh is a recognized leader in CIP compliance within the power and utilities (P&U) industry, drawing on his experience as a controls engineer at a major US power generator. His NERC CIP experience has extended across utilities large and small, throughout every NERC region and covering transmission, generation, and control center functions. Josh has architected the development of NERC CIP and NIST-based cybersecurity programs, establishment of oversight and governance models, creation of internal control programs and automated tool delivery.

Moderator: Dick Brooks, Co-Founder and Lead Software Engineer Business Cyber Guardian™ (BCG) a REA™ Company

Dick is a software engineer with 40 years of experience delivering software solutions in the Energy industry.  He has contributed to the development of Energy Industry Standards and FERC Regulations through NAESB and is actively involved in the development of policies and practices for software supply chain cybersecurity within CISA’s Critical Manufacturing Sector Coordinating Council and the ICT Supply Chain Risk Management Task Force.