|9/22/2021||MRO SAC Hosted a Webinar on Strategies for Securing Your Supply Chain|
MRO’s Security Advisory Council (SAC) is pleased to announce it hosted a webinar on Strategies for Securing Your Supply Chain. Supply chain compromises have made headlines and pose a risk to your organization. Do you know how to secure your supply chain? Are you looking for ideas for enhancing your approach to supply chain security? This presentation provided insights and an overview of the Cyber Supply Chain Risk Management Practical Guide, which was produced as a collaboration between the American Public Power Association, the Large Public Power Council, and the Transmission Access Policy Study Group. Whether you are just getting started or are looking to identify areas for potential improvement, the manual should provide useful insights and program support for utilities. Learn about this useful manual and how it can improve security within your supply chain.
|8/18/2021||MRO SAC and CMEPAC hosted a Webinar BES Cyber System Information (BCSI) in the Cloud|
Interested in using the cloud for Bulk Electric System Cyber System Information (BCSI)? MRO’s Security Advisory Council (SAC) and Compliance Monitoring and Enforcement Program Advisory Council (CMEPAC) hosted a webinar that brings compliance and security professionals together in one forum. Compliance experts provided an overview of the minimum requirements and recently approved standard modifications, and cyber security experts explored various cloud security topics your organization will need to be familiar with to store BCSI securely in the cloud.
|7/20/2021||MRO SAC Hosted a Webinar Consequence Driven Cyber Informed Engineering (CCE) – Resilience Strategies|
MRO’s Security Advisory Council (SAC) hosted a webinar on Consequence Driven Cyber Informed Engineering (CCE) – Resilience Strategies. In light of recent IT-targeted attacks that led to control system shutdowns, electric utilities should consider developing attack containment and operational resilience strategies. The engineering approach pivotal to the Consequence Driven Cyber Informed Engineering (CCE) methodology is ideal in developing these strategies. This webinar walked through a hypothetical ransomware attack, wherein the company being attacked didn’t have a containment strategy, and therefore didn’t understand the OT/IT dependencies that could negatively impact or even suspend operational systems. We walked through the CCE process that would identify a critical OT/IT dependency and lead to mitigations that could enable continued operation of OT during an IT-targeted ransomware attack.
|6/17/2021||Maintaining Cyber Resiliency Through Simulation-Based Scenarios, Joint Webinar by MRO and SERC|
(Recorded, Posted) Midwest Reliability Organization and SERC Reliability Corporation are pleased to announce it hosted a joint webinar on Maintaining Cyber Resiliency Through Simulation-Based Scenarios and Exercises Specific to the Energy Sector. This webinar highlighted the importance of cyber exercises in maintaining resiliency of the bulk power system, and provided information on how to effectively plan and implement such exercises. There were discussions on the Distributed Environment for Critical Infrastructure Decision-Making Exercises (DECIDE) Platform and Norwich University Applied Research Institute (NUARI) Federal contracts, as well as an example from the Jack Voltaic 3.0 exercise, which is a national level exercise involving multiple critical infrastructure sectors.
This webinar is intended for all security professionals, subject matter experts, and power system engineers from entities operating in the MRO or SERC footprints.
|5/19/2021||Security Information and Event Management (SIEM)|
(Recorded, Posted) MRO’s Security Advisory Council (SAC) is pleased to announce it hosted a webinar on Security Information and Event Management (SIEM). This presentation explored system log collection and analysis systems, also known as SIEM systems. We discussed the benefits of such systems to an organization, some different options and considerations in acquiring such a system, and some tips and tricks in using the system and analyzing the data it collects.
|4/29/2021||Unmanned Aircraft System Security Threats and Mitigations|
(Recorded, Posted Behind Password) MRO’s Security Advisory Council (SAC) is pleased to announce it is hosted a webinar on Unmanned Aircraft System Security Threats and Mitigations. The MRO Security Advisory Council was joined by Sarah Jacob from the Cybersecurity and Infrastructure Security Agency (CISA). Sarah is the Program Manager for Small Unmanned Aircraft System Security and will be going over some of the current threat trends regarding unmanned aircraft systems (UAS), UAS cyber and physical security, UAS threat mitigations, as well as some of the DHS and CISA resources that are available to our industry.
|3/23/2021||Industrial Control Systems (ICS) Remote Access Practices Roundtable|
(Not Recorded, Not Posted) MRO’s Security Advisory Council (SAC) is pleased to announce it hosted a roundtable on ICS System Remote Access Practices. This roundtable discussion included several MRO members, and focused on how those companies manage remote access to OT, ICS, Control System, and other sensitive environments for vendors, technical, system to system, and remote access needs. The panel also discussed methods to approach the challenges of providing remote access to sensitive environments.
|2/17/2021||Rethinking Security Monitoring for Electric Utilities|
(Not Recorded, Not Posted) MRO’s Security Advisory Council (SAC) is pleased to announce it is hosting a webinar on Rethinking Security Monitoring for Electric Utilities. Security monitoring for electric utilities is one of the most important ongoing activities that many entities may struggle with. The need to monitor, and ultimately secure, a wide range of environments can introduce both technical and financial challenges for even the best teams. Oklahoma Gas and Electric Energy Corporation has recently undergone an effort to reimagine its approach to security monitoring to focus on scalability and alignment with the financial needs of the organization. This session is for anyone interested in ideas to improve their organization’s security monitoring program.
|8/20/2020||Cyber Asset Management|
(Recorded, Posted) MRO’s Security Advisory Council (SAC) is pleased to announce it hosted a webinar on Cyber Asset Management. This webinar explored tools and techniques that can assist in asset discovery, identification, and asset management. The goal is to provide individuals with knowledge and tools to start identifying, categorizing, and classifying assets on their network. This in turn is a key requirement for asset management, risk management, and vulnerability management.
|8/12/2020||Extremist Groups: A Rising Threat|
(Not Recorded and Not Posted) MRO’s Security Advisory Council (SAC) is pleased to announce it hosted a webinar on Extremist Groups: A Rising Threat. Threats from extremist groups targeting critical infrastructure appear to be on the rise in recent years. Several plots to attack critical infrastructure have been disrupted already this year, thrusting various extremist ideologies into the public light. This presentation provided an overview of the different extremist groups advocating for critical infrastructure attacks and disruptions. It included insights, examples, and what sector partners should watch for.
|7/30/2020||Security Risk Assessment Virtual Roundtable|
(Not Posted) MRO’s Security Advisory Council (SAC) is pleased to announce it hosted a virtual roundtable on physical, cyber, and operational technology security risk assessment. This online event started with a brief introduction providing an overview of the practical application of security risk assessment tools. A summary of plans for this year’s MRO Regional Security Risk Assessment were also be provided. The remainder of the event involved a question and answer session Q&A and participant’s discussing their risk assessment methods, challenges, and successes. MRO registered entities were invited to attend this meeting.
|7/8/2020||Information Risk Management Framework|
(Recorded, Posted) MRO’s Security Advisory Council Threat Forum (SACTF) is pleased to announce it hosted a webinar on Information Risk Management Framework. MISO discussed how they utilized the NIST standards to develop their Information risk management program that includes a security risk register, security controls, and Plan of Action and Milestone. These three components to the Information Risk Management program allows them to look at their security risks holistically and have visibility to their security program maturity.
|6/16/2020||Third Party Vendor Review Cyber Process (Risk Management Approach) Webinar|
(Recorded, Not Posted) MRO’s Security Advisory Council (SAC) is pleased to announce it hosted a webinar on Third Party Vendor Review Cyber Process (Risk Management Approach). Reviewing the cyber security posture of third party vendors and their applications is a major challenge for security departments. The Oklahoma Gas & Electric Enterprise Security team talked through our process for conducting those reviews, pitfalls we’ve observed and how we developed a strategy and business case for augmenting that process. They then discussed the ways that we addressed previous issues and how we believe we’ve increased the fidelity or our reviews while streamlining the process for both our company and the vendors.
|5/12/2020||Defense Against Copper Theft and Vandalism with Open Architecture Technologies|
(Recorded, Posted) MRO’s Security Advisory Council (SAC) is pleased to announce it hosted a webinar on Defense against copper theft and vandalism with open architecture technologies. Copper theft is increasing so how do you strengthen your perimeter? Copper thieves don't know whether their target substation is a low, medium or high impact site. So how do you manage intruders at your most critical substations? We applied the systems approach methodology consisting of detect, deter, delay, assess, communicate and respond to effectively manage intruders while uncovering open architecture technologies that can be adopted to simplify your intrusion management plans. Also, we discussed how to make dramatic improvements to reduce nuisance alarms brought on by image noise in video analytics.
|4/8/2020||Industry Organizations' Aligned Approach for Supply Chain Cyber Security|
(Recorded, Posted) This Model and complementary products provide a streamlined, effective, and efficient industry-accepted approach for entities to evaluate supplier cyber security practices, which, if applied widely, will enable suppliers to be less burdened and more responsive, provide entities with more and better information, and improve cyber security. This evaluation will provide critical information for entities to consider when conducting risk assessments for potential suppliers of products and services.
The Model describes methods for purchasing entities to gain assurance a supplier is adhering to key supply chain cyber security practices as set forth in the NATF Cyber Security Supply Chain Criteria for Suppliers (the NATF Criteria). The purchasing entity can consider any identified risks in its risk assessment and determine whether the risk is addressed.
The overall objectives of this work and industry’s alignment were to 1) streamline common approaches to evaluating a supplier’s cyber security practices, 2) provide for flexibility within the common approaches, 3) ensure the common approaches are scalable to include all suppliers and purchasing entities, and 4) while the focus is on good cyber security practices, if executed properly, the approaches may support requirements in the NERC supply chain related standards.
|3/18/2020||NERC Supply Chain Risk Management Requirements and Resources|
(Recorded, Posted) MRO’s Security Advisory Council (SAC) and Compliance Monitoring and Enforcement Program Advisory Council (CMEPAC) is pleased to announce it hosted a webinar on NERC Supply Chain Risk Management Requirements and Resources. This presentation discussed Supply Chain Risk Management which is a hot topic in industry with new and updated NERC requirements becoming effective on July 1, 2020. Has your company developed a supply chain cyber security risk management plan and are you ready for the changes? This webinar covered the new requirements in CIP-013-1 and the changes to CIP-005-6 and CIP-010-3. Information will be provided on where to find additional resources.
|2/6/2020||Cyber Security: Where Should We Start?|
(Recorded, Posted) MRO’s Security Advisory Council (SAC) hosted a webinar on Cyber Security: Where Should We Start? This presentation discussed of some simple and effective techniques for organizations to start implementing cyber security controls to protect themselves and their systems from cyber threats. Topics included some simple controls and how to start implementing them as well as pointing attendees to some resources available to help organizations of all sizes get started with cyber security.
|12/18/2019||Real World Lessons on Why You Should Build and Continuously Improve an Active Shooter Program |
(Recorded, Not Posted) MRO’s Security Advisory Council (SAC) is pleased to announce it is hosted a webinar on real world lessons on why you should build and continuously improve an active shooter program. Building an active shooter program from the ground up. This webinar explains how an active shooter program is a living plan that needs to change with current threats. This webinar showed how our program has developed over the years and how our employee’s confidence of surviving an incident has dictated the rate of progression.
|11/21/2019||Video Surveillance Today|
MRO’s Security Advisory Council (SAC) is pleased to announce it is hosting a webinar on Video Surveillance Today. Join Barrett Thompson and Erick Reynolds of Avigilon for an informative snapshot of the current state of the Video Surveillance Industry. Barrett and Erick have worked in the Security and Surveillance Industry for over twenty years and bring a unique perspective to the subject. In this webinar, they will touch on current challenges and trends, including Internet Protocol versus Analog cameras, other integrated technologies, and how the industry is migrating from CCTV to IP Video Surveillance.
|8/19/2019||One Company's Path to Establishing Threat Intelligence and Hunting|
(Recorded) MRO Security Advisory Council (SAC) is pleased to announce that it hosted a webinar on One Company's Path to Establishing a Threat Intelligence and Hunting program. Jamie Buening presented on how MISO’s Threat Intelligence and Hunting team was established and has matured over the past four years. Learn why MISO decided a team was needed, how the team was built, and how the team functions today. Attendees will come away with an understanding of options to begin hunting along with ideas of how to establish the routine regardless of whether a dedicated team exists or not.
|7/25/2019||Leveraging Relationships Among Electric Utilities and Law Enforcement|
(Recorded) MRO Security Advisory Council (SAC) hosted a webinar on Leveraging the relationships between electric utilities and law enforcement. Leveraging the relationships between electric utilities and law enforcement, prosecutors, judges, and legislators can become a force multiplier in the physical security of critical infrastructure owned or operated by the utility, with little to no financial investment required by the entity. The benefits of educating, training, and fostering relationships with the public judicial servants, is often an underused, or even untapped resource. This webinar provided specific and actionable steps a utility can pursue to enhance those relationships, regardless of the size or structure of the utility, as well as the current status of the utility’s current relationship with the relevant judicial actors in any jurisdiction the utility is responsible for protecting.
|7/11/2019||A Tale of Two Phishing Programs|
(Recorded) MRO Security Advisory Council (SAC) hosted a webinar on A Tale of Two Phishing Programs. This session covered how phishing programs come in all shapes and sizes. We looked at the similarities and differences in the phishing programs of two Companies – ATC and OGE. We explored how these programs operate, how they tackle training their end users, and how they make use of reported emails to reduce the risk around phishing threats
|5/30/2019||Suspicious Packages and Bomb Threat Considerations|
(Recorded) MRO Security Advisory Council (SAC) is pleased to announce that it is hosting a webinar on suspicious packages and bomb threat considerations. This session will cover current related events, past events and provide some examples of procedures for how to identify and respond to the threat of suspicious packages and bomb threat issues. Don’t think it can’t happen! This information may be especially helpful to smaller companies with no procedures in place, and certainly helpful to mailroom personnel or others who regularly handle mail and phone calls.
|2/15/2019||MRO SAC Webinar Neighborhood Keeper|
(Recorded) MRO Security Advisory Council (SAC) is pleased to announce that it is hosting a webinar on Neighborhood Keeper. Neighborhood Keeper is a collaborative threat detection and intelligence program, led by Dragos in partnership with the DOE that makes ICS threat analytics and data accessible to the greater ICS community. Its initial participants include: Dragos, Ameren, First Energy, Department of Energy’s Idaho National Labs, North American Electric Reliability Corporation’s Electricity Information Sharing and Analysis Center, and Southern Company.
|12/19/2018||MRO Security Advisory Council to Host Upcoming Webinar Enhancing Resiliency via Federated Real-time Secure Messaging|
MRO Security Advisory Council (SAC) is pleased to announce that it is hosting a webinar on encrypting messaging. After recommending utilities adopt encrypted messaging in 2014, the E-ISAC published their must-have capabilities to help members evaluate a secure messenger. Soon after the peer-based Cyber Threat Intelligence Group published their own set of requirements with a more technical focus.
In 2017, the E-ISAC selected ArmorText secure messaging for its ability to satisfy both the E-ISAC’s requirements and the CTIG’s security requirements while also providing an industry-first federation capability.
The E-ISAC is now offering federated Trust Relationships among its asset owner and operator members for truly secure real time information exchange and incident response coordination.
Join the CEO of ArmorText, Navroop Mitter as he discusses why this initiative is so timely and why real time federation with organizations like the E-ISAC is more important to energy security than ever before.
|12/5/2018||MRO Security Advisory Council to Host Upcoming Webinar Learning from Cyber Security Close Calls|
(Recorded - Please email firstname.lastname@example.org
for the webinar link) MRO Security Advisory Council (SAC) is pleased to announce that it is hosting a webinar on Learning from Cyber Security Close Calls. Our co-workers in safety have well-vetted processes to analyze close calls in order to improve safety. This presentation will discuss taking that concept in conjunction with the Cyber Kill Chain to learn from Cyber Security Close Calls. This presentation will show how we can use such cases to determine what improvements can be made to help detect the attacks earlier in the Cyber Kill Chain. This presentation will also show how a slight modification to a close call could bypass existing security, allowing us to determine what can be done to detect and prevent similar attacks that might come in the future.
It can be unnerving to watch an attack get past security measures designed to protect an organization, but what can be learned from these exercises is invaluable. They can help the entire organization understand the importance of having multiple layers of security and tuning different layers to mitigate weaknesses in others to avoid close calls and successful attacks.
|10/31/2018||MRO SAC Webinar Physical Perimeter Hardening in the Electric Sector|
(Recorded) MRO Security Advisory Council (SAC) is pleased to announce that it is hosting a webinar on Physical Perimeter Hardening in the Electric Sector. This presentation is a high level look at perimeter physical security planning and products. Discussed will be Site Planning, Layers of Security (Standoff Blast Mitigation) as well as four principles of security (Deny, Deter, Delay, Detect). Presenters will cover the old DOS Ratings (K-Ratings) as well as the origin of the new United States Army Corp of Engineers ASTM 2656-07 standards. A brief look at vehicle and personnel access control as well as a look at options pertaining to perimeter active and passive barriers.
During the webinar presenters will offer lessons learned surrounding implementation of physical hardening. Beyond vulnerability risk assessments, accounting for design limitations and partnership with stakeholders such as local ordinances and operational requirements while looking for creative solutions. Partners such as AMICO will review a robust set of solutions, because there is not a one size fits all nor should it, if your mitigation is to be successful.
|8/29/2018||MRO SAC Webinar Secure SCADA Protocol for the 21st Century (SSP-21)|
(Recorded) MRO Security Advisory Council (SAC) is pleased to announce that it will be hosting a webinar on Secure SCADA Protocol for the 21st Century (SSP-21). The Secure SCADA Protocol for the 21st century (SSP-21) offers network operators the promise of secure communications facilities, even in environments with varying reliability, latency and bandwidth limitations. In this webinar we will introduce SSP-21, and discuss the problem space addressed by this innovative protocol. We will cover the current state of SSP-21 and look ahead to proposed future developments. Finally, we will discuss a new effort funded by the Department of Energy Office of Electrical Delivery and Energy Reliability (DOE OE) that looks to leverage Lawrence Livermore Nationals Laboratories extensive experience with modelling and simulation to provide an independent verification and validation of SSP-21’s operational capabilities.
|8/22/2018||MRO SAC Webinar Lessons Learned from FERC-Led CIP Reliability Audits|
(Not Recorded) MRO Security Advisory Council (SAC) is pleased to announce that it will be hosting a webinar on Lessons Learned from FERC-LED CIP Reliability Audits. David DeFalaise, will provide further insight of the Lessons Learned from FERC-Led CIP Reliability Audits and the 2017 Commission staff report on lessons learned from those audits. In addition, an update about the plan for future FERC-Led CIP reliability audits will be provided. There will be time allocated at the end of the webinar for detailed Q&A. To aid in the preparation of questions you can review the 2017 Commission staff report located here: https://www.ferc.gov/legal/staff-reports/2017/10-06-17-CIP-audits-report.pdf
|5/8/2018||GridEx Lessons Learned|
(Recorded) This webinar provides lessons learned from the North American Electric Reliability Corporation’s biennial grid security exercise GridEx. GridEx is designed to simulate a cyber/physical attack on electric and other critical infrastructures across North America. This hour-long webinar will be presented by representatives from a diverse group of entities, including a small vertically-integrated utility (Lincoln Electric System), a Regional Transmission Organization (Southwest Power Pool) and two government agencies (Department of Homeland Security and North Dakota Emergency Services).