As we work to secure critical infrastructure the scale of the challenge can be staggering. The US electric power grid is composed of dozens of major utilities and three thousand regional providers.
The water and wastewater system we rely on may be even more challenging, with tens of thousands of individual utilities ensuring safe potable water and sanitation.
Transportation, traffic management, manufacturing and other sectors add hundreds of thousands of additional facilities which, each, need to be secured before we can begin to manage the risk of cyber manipulation of our civil systems.
On April 24th at 10am Pacific Time the cybersecurity leads of industry organizations American Water Works Association (AWWA), the National Rural Electric Coop Association (NRECA) and American Public Power Association (APPA) are joining Infosec Island’s own Joel Langill (SCADAhacker), Mike Menefee and Chris Blask and Energysec’ Steve Parker for a roundtable webinar to discuss the LIGHTS program as a means to address this large number of facilities.
LIGHTS is a private-private non-profit partnership program which leverages the best aspects of the for-profit competitive market and the non-profit collaborative space to promote cybersecurity situational awareness across critical infrastructure industries.
The goal of LIGHTS is to increase visibility into infrastructure threats and attacks by making security monitoring ubiquitous, and by enabling wide-area analysis across geographic areas and industry verticals.
After a short LIGHTS presentation by Advisory Board Chair Chris Blask, Energysec’s Steve Parker will moderate a discussion with: Kevin Morley, Chief Security Officer for the American Waterworks Association; Craig Miller from the National Rural Electric Corporation, Nathan Mitchell from American Public Power, Joel Langill, SCADAhacker and Mike Menefee, CEO of Trusted Metrics; and Mr. Blask, Founder and CEO of ICS Cybersecurity.
About the presenters:
Kevin Morley, Security & Preparedness Program Manager, American Water Works Association (AWWA)
Kevin Morley works closely with a variety of organizations tasked with advancing the security and preparedness of the Nation’s critical infrastructure, including DHS, EPA, CDC and the Water Sector Coordinating Council, which is part of National Infrastructure Protection Plan (NIPP) sector partnership.
Recently this has included facilitating the expansion of mutual aid and assistance networks within the water sector based on the “Utilities Helping Utilities Action Plan” developed by AWWA in 2005. Since developing the Action Plan, AWWA has been conducting instructional workshops, supported by a USEPA grant, that walks each state leadership team through a ten-step process for establishing an intrastate Water/Wastewater Agency Response Network (WARN).
In addition to WARN, he has led multiple AWWA projects to support utility security and preparedness including development standards and guidance such as the National Strategic Plan for Emergency Water Supply in collaboration with the USEPA.
Prior to AWWA, he worked with Delon Hampton & Associates where he was involved in conducting water utility vulnerability assessments and assisting with designs for perimeter security at the U.S. Supreme Court and the office complex of the U.S. Senate and House of Representatives. In addition, he spent several years providing environmental and regulatory consulting services to Fortune 500 companies.
Mr. Morley received an M.S. from SUNY College of Environmental Science and Forestry and a B.A. from Syracuse University. Currently he is a doctoral candidate in the Department of Environmental Science and Policy at George Mason University focusing on security issues in the water sector.
AWWA is the authoritative resource for knowledge, information, and advocacy to improve the quality and supply of water in North America and beyond. AWWA is the largest organization of water professionals in the world. AWWA advances public health, safety and welfare by uniting the efforts of the full spectrum of the entire water community. Through our collective strength we become better stewards of water for the greatest good of the people and the environment.
Craig Miller, Senior Program Manager, Cooperative Research Network, National Rural Electric Association (NRECA)
Dr. Miller has more than 30 years of senior project management experience in the power and high tech industries with work ranging from plant repowering in former Soviet bloc countries to market solutions for sulfur dioxide reduction in the US. He has managed large multidisciplinary teams implementing custom hardware and software systems on projects up to $120M for Fortune 100 corporations and the Federal government.
He was a pioneer in several areas of information technology including electronic data interchange, online trading systems, and the architectural foundations of cyber security. In 1997 he was awarded a gold medal by the Smithsonian Institution for “Heroic Achievement in the Advancement of Information Technology.”
In 2008, he joined NRECA to lead the organization’s $68 million smart grid demonstration project and related research efforts in advancing the smart grid. He holds a Ph.D. in Systems Engineering from the University of Virginia, has been a serial and successful entrepreneur, and an inventor.
Nathan Mitchell, P.E. Director of Electric Reliability Standards and Compliance, American Public Power Association (APPA)
Mr. Mitchell joined the American Public Power Association in 2006. Prior to that he served for 10 years at the City of Naperville, Illinois, in the Department of Public Utilities, where he was Electric Distribution manager in charge of operations and construction. Mr. Mitchell has a BS in Electrical Engineering from Iowa State University, and is a Registered Professional Engineer in the State of Illinois.
Mr. Mitchell provides NERC compliance resources and services to the APPA membership through webinars, list serve discussions and conference sessions. He currently facilitates APPA member involvement in the NERC standards development process by coordinating the technical concerns of the smaller registered entities.
Chris Blask, CEO and Founder, ICS Cybersecurity Inc. LIGHTS Advisory Board Chair
Mr. Blask’s career covers the breadth of the ICS cybersecurity space. In 1990 he worked at General Electric Power Systems as a control systems engineer where he conceived, designed and implemented a facility-wide mobile video conferencing capability to integrate with GE’s new global video conferencing network. He joined Sea Change Corporation in 1991 where he invented one of the first commercial firewall products, the BorderWare Firewall Server.
In 1998 he joined Cisco System where he led the company’s firewall business to a position of global leadership which continues to this day. With several Cisco colleagues Mr. Blask started Protego Networks, an early SIEM vendor later acquired by Cisco. He founded Lofty Perch in 2005 to investigate the application of SIEM technologies to ICS cybersecurity and has advocated such architectures since.
As Chief Evangelist for NSS Labs in 2008 he worked to develop regulatory compliance testing regimes. In 2010, Mr. Blask authored the first book on SIEM, “Security Information and Event Management Implementation”, published by McGraw Hill. He created AlienVault’s Industrial Control Systems Group in 2011.
Today Mr. Blask serves in faculty and advisory roles at a variety of industry organizations. He is Vice Chair of the UCAIug OpenSG Security Conformity Group, on the board of the Australian Wind Energy Institute and is actively involved with efforts such as the Department of Energy’s NESCO and NESCOR programs and the Department of Homeland Security’s ICSJWG.
Steve Parker, Vice President, EnergySec
Steven Parker, CISA, CISSP, is Vice President of Technology Research and Projects at Energy Sector Security Consortium (EnergySec), and is a founding director of the organization. He has been engaged in critical infrastructure protection within the electric sector for more than a decade, including 8 years as a senior security staff member at PacifiCorp.
Mr. Parker was also part of the team that established the NERC CIP audit program at the Western Electricity Coordinating Council (WECC). His experience includes a broad range of security disciplines including e-commerce, identity management, intrusion detection, forensics, incident response and investigations, security event monitoring, and NERC CIP compliance.
Joel Langill, CEH, CPT, CSSA, CCNA, TUV FS-Eng, SCADAHacker.com
Joel Langill has worked for nearly 30 years exclusively in the industrial automation and control industry. His expertise was developed through in-depth, comprehensive industrial control systems architecture, product development, implementation, and system migration in a variety of roles covering manufacturing of consumer products, oil and gas including petroleum refining, automation solution sales and development, and system engineering.
His employers include major companies such as General Electric, Shell Oil Company, Honeywell Process Solutions, and ENGlobal Automation, offering him a rare and insightful expertise in the risks and mitigation of cyber vulnerabilities in industrial control systems.
Joel’s unique approach to security emphasizes the processes and people used to implement security programs, rather than relying solely on technology or “products”. The best strategy for comprehensive security balances People, Processes and Products.
His perspective has been sought and cited by numerous industry publications focused on both industrial automation and information security. Last year, Joel has played a central role in the analysis and implications of the Stuxnet worm, including new methods of mitigating current and future attacks on critical infrastructure.
Joel is also the Director of Critical Infrastructure and SCADA representative for the Cyber Security Forum Initiative, where he was a lead contributor to a report on the use of control systems in cyber warfare. He is a Certified Ethical Hacker, Certified Penetration Test, Cisco Certified Network Associate, and TÜV Functional Safety Engineer. Joel regularly blogs on the evaluation and security of SCADA and other industrial control systems on various industry sites, and maintains an active presence on Twitter.
Michael Menefee is the founder and Principal Consultant for WireHead Security, a security consulting firm based in Raleigh, NC. One of WireHead’s primary focuses is on Industrial Control Systems in the electrical, water treatment, and delivery and waste-water treatment industries.
WireHead Security is the publishing team behind Infosec Island (www.infosecisland.com) and the primary owner of Trusted Metrics, a new Managed Services company, supporting Alienvault SIEM deployments in ICS environments. Prior to co-founding WireHead in 2009, Mr. Menefee was the co-founder and principal consultant for Secure Solve, Inc from 2005-2009, and Director of Managed Security Services for US Networks, Inc from 2001-2004.
He served as the founding member and Chapter Leader of the North Carolina OWASP Chapter from 2005-2010 and is a Team Member at the Institute for Security and Open Methodologies (ISECOM), focusing on the concept of Trust. He regularly gives seminars and speeches on how Trust relates to Risk, and its operational measurement and management in today’s hyper-connected online world.