1 / 17

Cyber Security A Program to Meet NERC CIP Requirements May 17, 2010 Rick Dakin Coalfire systems CEO and Co-founder

Agenda. The fastest 30 minutes in cyber security historyIntroductionsThe ThreatNERC CIP RequirementsCIP Program RolloutCyber Security Program StrategyQuestions. . . Coalfire Overview. 3. IT Audit and Compliance Management. 4. Regulatory Backdrop. 4. Regulatory Environment is a New Challenge for IT Professionals.

alaire
Download Presentation

Cyber Security A Program to Meet NERC CIP Requirements May 17, 2010 Rick Dakin Coalfire systems CEO and Co-founder

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

    2. The fastest 30 minutes in cyber security history Introductions The Threat NERC CIP Requirements CIP Program Rollout Cyber Security Program Strategy Questions

    3. Coalfire Overview 3

    4. Regulatory Backdrop 4 Relevant points: Law are rapidly emerging for protection of information security The Computer Security Act of 1987 was largely aimed at assuring citizens that the Federal government, as custodians of sensitive personal information, had a duty to protect that information. Laws are evolving rapidly at state levels Relevant points: Law are rapidly emerging for protection of information security The Computer Security Act of 1987 was largely aimed at assuring citizens that the Federal government, as custodians of sensitive personal information, had a duty to protect that information. Laws are evolving rapidly at state levels

    5. Why Protect Infrastructure?

    6. Strategic Barriers

    7. Trends – The Risk is Growing

    13. CIP Program Approach

    14. 21 Steps to Improve Cyber Security

    15. Segment SCADA Network

    16. Top 5 Risk Mitigation Steps Segment SCADA systems (Diagram system boundaries) Test Segmentation of SCADA Systems (Do not rely on proprietary protocols) Restrict Remote Access Contact your System Vendor for Secure Configurations and Operations Guides Develop a good Incident Response Plan

    17. References Idaho National Labs – Vulnerabilities Report http://www.controlsystemsroadmap.net/pdfs/INL_Common_Vulnerabilties.pdf NIST SP 800-82 http://csrc.nist.gov/publications/drafts/800-82/draft_sp800-82-fpd.pdf NERC - Top 10 Vulnerabilities of Control Systems http://www.controlsystemsroadmap.net/pdfs/NERC_2007_Top_10.pdf GAO Report on Continuing Security Weakness http://www.controlsystemsroadmap.net/pdfs/GAO_2007_CS_Challenges_Remain.pdf 21 Steps to Improve SCADA System Security http://www.controlsystemsroadmap.net/pdfs/21_steps_to_Improve_Cyber_Security_of_SCADA_Networks.pdf

    18. Thank You 18

More Related