Parties in the energy supply chain – Power Generation, Transmission & Distribution and the demand management side, are rushing to implement their vision of Smart Grid but Smart Grid security is not being viewed from holistic perspective. Either Security is an afterthought or the approach is rudimentary and totally missing the point. Device manufacturers are implementing non-standard security where standards are yet to come. Smart Grid will really be seen as quite a dumb Grid if it can’t even protect itself. Grid managers and utilities security professionals are all focused on only one dimension of security i.e. external threats. They are completely ignoring the fact that some of the biggest disasters were caused by Insider threats. Most utilities are ignoring these threats either thinking it is not going to happen to them or that it is an impossible problem to solve. Both of them are dead wrong.
This session will address how to define strategies for Smart Grid Security. Its various components including leveraging technologies and finally the compliance with NERC/CIP/
• Threats and vulnerabilities of smart Grid:- SCADA, Communication and Processes • Solution paths to challenges
• Leverage the technologies :- use of OSISoft & AlertEnterprise
• Gain automated compliance and risk monitoring
• Co-relate people-identities with physical and logical security
• Identify critical assets and protecting them from incidents before they occur.
• Monitor employee privileged access, both physical and logical to critical assets
Shelley J. Cottrill, CPA, CSOXP, CGRC. Shelley’s previous experience includes public accounting, governmental accounting and system programming, auditing in the utilities industry, Sarbanes-Oxley compliance and currently, working with SAP and the GRC module to meet segregation of duties issues through user and role security, along with various other compliance areas. Her SAP experience has grown tremendously since the company went live in 2007. She is always looking to improve the current process. Shelley has led the effort of creating a unified security and compliance initiative at Allegheny Energy including SOX Compliance, FERC Standards of Conduct, NERC CIP and now Smart Grid Security. She takes great pride in sharing whatever she has learned with anyone who may be interested.
Pan Kamal is the Director of Marketing at AlertEnterprise Inc. Pan has experience with SCADA and critical infrastructure security. As VP of Marketing at Verano Software he launched the first Secure SCADA industrial software platform based on NSA’s Secure Extensions to Linux. Verano was later renamed to be Industrial Defender. As Director of Product Marketing at Agiliance, Pan delivered IT Governance, Risk and Compliance solutions with a focus on a unified compliance solution including NIST SP800-xx, NERC CIP, PCI, HIPAA and ISO 2700X series. Previously as founder and CEO of SecureOrb, a surveillance video analytics company gained insight into video object extraction and identification technologies. Pan has a BS in Electrical Engineering from Boston University. His has CISA (Certified Information Systems Auditor) certification from ISACA and is a member of ISA with an interest in security for control systems and SCADA networks.