• No results found

Agenda: Workforce Development for ICS Security

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "Agenda: Workforce Development for ICS Security"

Copied!
14
0
0

Loading.... (view fulltext now)

Download now ( 14 Page )

Full text

(1)

Workforce Development for ICS Security

Agenda:

Item 1 Item 2 etc... 1

Cross cutting challenge shared by asset owner & supplier

Spans professional training to simple awareness

No identified pipeline to recruit from and invest in

- Few educational programs in cyber or engineering

ICS security & modernization efforts require:

(2)

Specific Challenges

Agenda:

Item 1 Item 2 etc... 2

Definition of cyber functional roles

- Competency maps (task execution level)

Identification of ICS engineering touch points

Integration of skills through mission oriented teams

- Common/effective language

- Operations consideration of cyber into procedures

- Design & planning considering cyber

- Maximize constructive overlap

(3)

Aging power infrastructure

Difficulty scaling the cybersecurity workforce

Retire crucial engineering & operations knowledge

Including workforce measures into models

Identified as a risk to reliability

Challenge facing the North American Power Grid:

(4)

Electric Sector Challenges

Smart Grid ̶ emerging technologies

Security Ops ̶ poorly defined

Skills and operational job roles ̶ poorly defined

Education and training ̶ does not conform to OT/Smart Grid applications

Methods for assessing OT competency ̶ inadequate

Limited experience applying cybersecurity practices to OT systems

(5)

Foundational support for Grid modernization

Purpose: Develop a competency model

• Contributes to Department of Energy’s efforts to develop a competency model • Explores assessment methods

• Identifies unique skill sets

• Provides foundation for ongoing efforts to transform and develop the workforce

Who: Operational security teams

How: Assessment of skills

Verify: A measurement model for:

- Knowledge

- Skills - Abilities

DOE Mandate: A Competency Model for Smart Grid Cybersecurity Specialists

(6)
(7)

Subject Matter Expert Panel and Advisory

Group (Phase I)

Panel Officers

Chair – Justin Searle UtiliSec

Vice Chair - Scott King Sempra Energy

Advisory Group

John Allen – IEIA Forum Joel Garmon – Former FPL

Dr. Emannuel Hooper – Global Info Intel & Harvard Univ. Bill Hunteman – Former DoE

Jamey Sample - PG&E

Panel Members

• Lee Aber - OPower

• Sandeep Agrawal - Neilsoft Limited

• Bora Akyol - PNNL

• Andres Andreu - NeuroFuzz, LLC

• Balusamy Arumugam - Infosys

• Chris Blask - AlienVault

• Andy Bochman - IBM

• Jason Christopher - FERC

• Art Conklin - University of Houston

• Benjamin Damm - Silver Springs Network

• Anthony David Scott - Accenture

• Steve Dougherty - IBM Global Technology Services

• Ido Dubrawsky - Itron

• Michael Echols - Salt River Project

• Dr. Barbara Endicott-Popovsky - University of Washington

• Cliff Eyre - PNNL

• Maria Hayden - Pentagon

• Charles Reilly – Southern California Edison

• Craig Rosen - PG&E

• Scott Saunders - SMUD

• Chris Sawall - Ameren

• Paul Skare - PNNL

• Clay Storey - Avista

• Dan Thanos - GE Digital Energy

• Kevin Tydings - SAIC

• Don Weber - InGuardians

• Mike Wenstrom - Mike Wenstrom Development Partners

• Nic Ziccardi - Network & Security Technologies

Panel Member Representation

Smart Grid Consultant

Government Electric Utilities Research Organizations Electricity Industry Vendors

(8)

Smart Grid Cyber Security Specialist

Certification

6. Ongoing Performance Support & Simulation 1. Job Definition and Competency Analysis 2. Aptitude Assessment 3. Instructional & Simulation Design 4. Proficiency and Performance Assessment 5. Professional Developmen t Plans Challenge: Approach:

Phase I Results: Work:

Background: The Process:

NBISE facilitates SMEs in a three-step process: - Phase 1: Job Definition

- Phase 2: Critical Incident Analysis

- Phase 3: Assessment Item Development

This suite of capabilities includes: • Vignette driven elicitation

• Collaboration tools

• Performance measurement • Task characterization • Role identification

109 Initial cybersecurity “Vignettes” (attack/protect

events)

13 Master Vignettes were condensed from initial vignettes

82 Job Responsibilities were defined and analyzed • 44 Job Roles were identified; 3 selected for task

analysis

147 Activities were defined

108 Job Goals were defined and classified • 516 Job Tasks were defined and analyzed • 9,374 JAQ task evaluations to date

The North American electric grid is challenge by a vast

and ever-growing cyber-attack surface. This challenge is complicated by aging power infrastructure and the lack of a viable cybersecurity workforce. To begin addressing these challenges, US DOE awarded a project to PNNL in partnership with the NBISE to develop a set of guidelines to enhance the development of the smart grid cyber security workforce and provide a foundation for future certifications. This is the first comprehensive analysis of Smart Grid cybersecurity tasks.

(9)

What is a Vignette?

A collection of:

• a critical incident title or description

• when the incident occurs (frequency and/or action

sequence)

• what happens during the incident (problem or situation)

• who is involved (entities or roles)

• where the incident might happen, now or in the future

(systems or setting)

Further definition of a vignette might include:

• why it is important (severity or priority of response)

• how the critical incident is addressed (method or tools that

might be used)

(10)

Example JAQ survey questions

(11)

Sample SGC Critical-Differentiation Matrix

11 Task Criticality T ask Di ffere ntia tion Quadrant 4: Differentiating

9627: Implement vulnerability mitigations in accordance with the plan to include patches or additional security controls.

9625: Assess the risk ratings of the vulnerability based on the technical information and how the technology is deployed and the importance of the systems.

9129: Review known intrusion Tactics,

Techniques, and Procedures and observables to assist in profiling log events and capture event information that may relate to known signatures.

Quadrant 2: Esoteric

9421: Verify Network Time Protocol server is using Universal Time Code format to avoid time zone issues.

9397: Develop a schedule for testing elements of the incident response plan and organizations involved in the process.

9307: Collect issues to identify trends with particular vendors or manufacturers.

Quadrant 3: Fundamental

9878: Minimize spread of the incident by ensuring contaminated systems cannot

communicate to systems outside of the network boundary.

9117: Identify and filter-out false positives; if determined to be an incident, assign to incident handler.

9701: Monitor all systems that were suspected or confirmed as being compromised during an intrusion/incident.

Quadrant 1: Inhibiting

9858: Review best practices and standards documentation to determine appropriate configuration settings.

9848: Develop a process by which staff must acknowledge they have read and understand all applicable policies and procedures.

9141: Analyze market options for Security Event and Information Management tools.

(12)

Key Findings & Implications

Smart Grid field is an emerging field and the processes and procedures are yet to be defined and documented. It is clear that due to the lack of smart grid specific tools,

cybersecurity practitioners are in the process of applying traditional practices into the Smart Grid environment.

Vignettes are an essential tool for competency modeling. Smart Grid cybersecurity education and training should focus on methods and behaviors.

Emphasized the value of simulation-based practice to develop skill.

Need for better understanding of the interrelationship of job roles in team performance during incident response.

(13)

Incident Response Specialist Intrusion Analyst Security Operations Specialist 71 Job Responsibilities Developed in SGC Phase I 11 Job Responsibility Areas

Certifications NICE Training &

Education ES-C2M2

Mapping Exercises*

Mapping Exercise*

*Mapping exercises will help provide understanding of how certifications, NICE framework, ES-C2M2 framework, and training & education program topics align with the job responsibilities identified in SGC Phase I.

(14)

ICS Security Workforce Resources

Agenda:

Item 1 Item 2 etc... 14

ICS JWG – Workforce Development WG

DOE project for the electricity sector

Training not targeted by audience (clumped by domain)

Little alignment with job performance (info domains)

Virtual no overlap for available certification domains

References

Download now ( PDF - 14 Page - 1.22 MB )

Related documents