EnergyNewswatch

Fundamentals of Cyber Security for Utilities

Live Streaming Online August 21-22, 2023

An EUCI Program

Click Here to register $1195

If you are unable to attend at the scheduled date and time, we make recordings available to all registrants for three business days after the event

 

The electric utility industry is increasingly reliant on digital systems and technology, which makes them vulnerable to cyber-attacks. Cyber security breaches can result in significant financial losses, operational downtime, and damage to the utility’s reputation. This Fundamentals of Cyber Security for Utilities course will provide attendees with an in-depth understanding of the cyber threat landscape, including:

  • Who cyber attackers are and what their motives may be
  • Technical countermeasures (i.e., cyber hardware and software, physical security, remote access)
  • NERC CIP compliance preparation and implementation
  • How to assess risk and make risk-based decisions

Through this training, electric utility professionals will be able to establish a value proposition for cyber security, therefore helping them develop robust security frameworks to protect their critical infrastructure, mitigate risks, and comply with regulatory requirements.

Bulk discounts start at 20% when you register five or more, so sign up for this fundamentals course today!

Learning Outcomes

  • Introduce common cyber threats to utilities, including who they are, what they want, security policies, and IT security frameworks
  • Discuss social engineering and why it matters
  • Examine the risks to critical infrastructure (i.e., Smart Grid, supply chain, procurement controls, electronic media security)
  • Study NERC CIP preparation and implementation and review the common challenges and regulatory landscape
  • Explain how to respond to cyber-attacks and discuss how to plan through business continuity, disaster recovery, and incident response

Agenda

MONDAY, AUGUST 21, 2023

9:00 a.m. – 5:00 p.m. Central Time

Introduction to Cyber Threat for Utilities

  • The Most Common Cyber Threat Attack Vectors
  • Who are the Attackers and What do They Want?
  • Understanding Advanced Persistent Threat (APT) Actors
  • Cybersecurity Policy and IT Security Frameworks
  • The Types of Assessments and Why You Would Use Them

Discussion on Ransomware and Other Common Malware Variants

Social Engineering and Why it Matters

  • Platforms for Attacks: Phishing, Vishing, Smishing
  • Other Social Engineering Methods
  • Being Smart in the Digital World

Critical Infrastructure Provider Risks and Exposure

  • Supply Chain Risks
  • Smart Grid and Process Control
  • Procurement Controls
  • Electronic Media Security

General Overview of Technical Counter Measures

  • Cybersecurity and Enterprise Architecture
  • Cybersecurity Hardware and Software in a Defensive Architecture
  • Physical Security and Remote Access
  • Zero Trust and Secure Access Service Edge (SASE)
  • Defense in Depth as a Discipline

NERC CIP: Compliance Preparation and Implementation

  • Definition and Review of FERC, NERC and US Reliability Standards 
  • Introduction and Description of the NERC CIP Standards
  • Review of Common Challenges for Electric System (BES) Providers
  • Regulatory Landscape Concerning NERC CIP

Basic Elements of Incident Response (Responding to Cyber Attacks)

  • Cyber Incident Management Framework and Emergency Response Plan
  • Cyber Incident Walk Through
  • The Triad of Planning – Business Continuity, Disaster Recovery and Cyber Incident Response
  • Continuity of Operations Plan or Disaster Recovery Plan
    • Crisis management teams
    • Manual overrides and temporary manual operations
    • Testing system redundancy

9:00 a.m. – 12:45 p.m. Central Time

Assessing Risk and Making Risk-Based Decisions

  • How Cyber Risks are Different from Financial, and other Operational Risks
  • Realistic Risk Assessment
  • Using Threat, Cybersecurity Assessments, Audits and Penetration Tests
  • Compliance and Developing Meaningful Compensating Controls

Establishing the Value Proposition for Cyber Security

Instructor

Dr. Christopher Carter, Utilities CIO and Advisor, CrucialCyber

Dr. Carter was formally trained as an Architect focused on solar buildings and integrated green energy systems with a minor in Solar Technologies in Colorado in the early 1980s and practiced as a Certified Professional Building Designer (CPBD) designing and implementing electrical, solar, and building systems. He maintains deep technical expertise across multiple domains, including Utility Process controls, Data Center and Infrastructure management systems, Federal and State IT security, and IT Service Management. He holds several industry certifications including a CISSP, CISM, ITIL Expert, and Project Management Professional. His specialties include architecture and cybersecurity planning, developing integrated IT/OT security platform controls, and solving IT service transformation challenges for Utilities and large public organizations. Dr. Carter has taught a variety of IT courses, including Cybersecurity for Utilities, Computer Aided Design and Drafting (CADD), the full set of Cisco CCNP courses, ITIL courses, IT Security courses, and database development and other technical courses in the Federal Government.
d