Fundamentals of Cyber Security for Utilities

February 21-22, 2024 | Online :: Mountain Time

0224-cyber-security

“I’ve taken two courses with EUCI and I have gotten a lot out of them. The courses are well-managed and presented in an easy to digest manner without making you just sit there and read a PowerPoint presentation all day. I continue to enjoy and gain a lot of valuable information from these courses and look forward to the next one.” – WAPA

“Very knowledgeable and delivers content in a way that is easy to comprehend.” – NMPP Energy

“Excellent presenter! Approachable and relatable!” – General Manager, Guam Power Authority

“Made a dry subject come alive and clarified the technical procedures/best practices. He puts everyone at ease, and I think everyone enjoyed the experience.” – Director, Dubriansly Consulting

“Good topic knowledge and experience. Well-spoken and engaging. If you are new to NERC/CIP/Cyber this is a good place to start!” — City of Redding

The electric utility industry is increasingly reliant on digital systems and technology, which makes them vulnerable to cyber-attacks. Cyber security breaches can result in significant financial losses, operational downtime, and damage to the utility’s reputation. This Fundamentals of Cyber Security for Utilities course will provide attendees with an in-depth understanding of the cyber threat landscape, including:

• Who cyber attackers are and what their motives may be
• Technical countermeasures (i.e., cyber hardware and software, physical security, remote access)
• NERC CIP compliance preparation and implementation
• How to assess risk and make risk-based decisions

Through this training, electric utility professionals will be able to establish a value proposition for cyber security, therefore helping them develop robust security frameworks to protect their critical infrastructure, mitigate risks, and comply with regulatory requirements.

Bulk discounts start at 20% when you register five or more, so sign up for this fundamentals course today!

Learning Outcomes

• Identify common cyber threats to utilities, including who they are, what they want, security policies, and IT security frameworks
• Discuss social engineering and why it matters
• Examine the risks to critical infrastructure (i.e., Smart Grid, supply chain, procurement controls, electronic media security)
• Discuss NERC CIP preparation and implementation and review the common challenges and regulatory landscape
• Explain how to respond to cyber-attacks and discuss how to plan through business continuity, disaster recovery, and incident response

Wednesday, February 21, 2024 : Mountain Time

Introduction to Cyber Threat for Utilities

• The Most Common Cyber Threat Attack Vectors
• Who are the Attackers and What do They Want?
• Understanding Advanced Persistent Threat (APT) Actors
• Cyber Security Policy and IT Security Frameworks
• The Types of Assessments and Why You Would Use Them

Discussion on Ransomware and Other Common Malware Variants

 

Social Engineering and Why it Matters

• Platforms for Attacks: Phishing, Vishing, Smishing
• Other Social Engineering Methods
• Being Smart in the Digital World

Critical Infrastructure Provider Risks and Exposure

• Supply Chain Risks
• Smart Grid and Process Control
• Procurement Controls
• Electronic Media Security

General Overview of Technical Counter Measures

• Cyber Security and Enterprise Architecture
• Cyber Security Hardware and Software in a Defensive Architecture
• Physical Security and Remote Access
• Zero Trust and Secure Access Service Edge (SASE)
• Defense in Depth as a Discipline

NERC CIP: Compliance Preparation and Implementation

• Definition and Review of FERC, NERC and US Reliability Standards 
• Introduction and Description of the NERC CIP Standards
• Review of Common Challenges for Electric System (BES) Providers
• Regulatory Landscape Concerning NERC CIP

Basic Elements of Incident Response (Responding to Cyber-Attacks)

• Cyber Incident Management Framework and Emergency Response Plan
• Cyber Incident Walk Through
• The Triad of Planning – Business Continuity, Disaster Recovery and Cyber Incident Response
• Continuity of Operations Plan or Disaster Recovery Plan
  • Crisis management teams
  • Manual overrides and temporary manual operations
  • Testing system redundancy

Thursday, February 22, 2024 : Mountain Time

Assessing Risk and Making Risk-Based Decisions

• How Cyber Risks are Different from Financial, and other Operational Risks
• Realistic Risk Assessment
• Using Threat, Cyber Security Assessments, Audits and Penetration Tests
• Compliance and Developing Meaningful Compensating Controls

Establishing the Value Proposition for Cyber Security

Dr. Christopher Carter, Chief Information Officer – Washington Suburban Sanitary Commission (WWSC) Water

Dr. Carter is an experienced Technology and Cybersecurity leader with a Doctorate in Information Assurance who has cultivated process knowledge and expertise across diverse mission disciplines. Dr. Carter has taught a variety of courses on Cyber Security for Utilities, as well as technical programs in the Federal Government. His specialties include architecture and cyber security planning, developing integrated IT/OT security platform controls, and solving IT service transformation challenges for Utilities and large public organizations. In his role as the Chief Information Officer for a Maryland Water Utility, he served as the executive responsible for directing and managing the IT Department providing transformative and interconnected IT and OT services and world class cyber protections for a broad range of industrial process control and enterprise services.

He was formerly the Technical Director for Computer Security at Diplomatic Security at the State Department, responsible for designing and managing worldwide operational technologies and process control systems. He has also held several other technical and cyber security leadership roles in other civil agencies and the DOD. Dr. Carter maintains deep technical expertise across multiple domains, including Utility Process controls, Data Center and Infrastructure management systems, Federal and State IT security and IT Service Management. He holds several industry certifications including a CISSP, CISM, ITIL Expert, and Project Management Professional.

We will be using Microsoft Teams to facilitate your participation in the upcoming event. You do not need to have an existing Teams account in order to participate in the broadcast – the course will play in your browser and you will have the option of using a microphone to speak with the room and ask questions, or type any questions in via the chat window and our on-site representative will relay your question to the instructor.

• Microsoft recommends downloading and installing the Teams app if possible. You may also use the Edge browser or Chrome.
• You will receive a separate email with a unique link to a personalized landing page which will include links to join all sessions of this event.
• If you are using a microphone, please ensure that it is muted until such time as you need to ask a question.
• The remote meeting connection will be open approximately 30 minutes before the start of the course. We encourage you to connect as early as possible in case you experience any unforeseen problems.

Please Note: This event is being conducted entirely online. All attendees will connect and attend from their computer, one connection per purchase. For details please see our FAQ

If you are unable to attend at the scheduled date and time, we make recordings available to all attendees for 7 days after the event

REGISTER NOW FOR THIS EVENT:

Fundamentals of Cyber Security for Utilities

February 21-22, 2024 | Online

Your registration may be transferred to a member of your organization up to 24 hours in advance of the event. Cancellations must be received on or before January 19, 2024 in order to be refunded and will be subject to a US $195.00 processing fee per registrant. No refunds will be made after this date. Cancellations received after this date will create a credit of the tuition (less processing fee) good toward any other EUCI event. This credit will be good for six months from the cancellation date. In the event of non-attendance, all registration fees will be forfeited. In case of conference cancellation, EUCIs liability is limited to refund of the event registration fee only. For more information regarding administrative policies, such as complaints and refunds, please contact our offices at 303-770-8800

Credits

EUCI is accredited by the International Accreditors for Continuing Education and Training (IACET) and offers IACET CEUs for its learning events that comply with the ANSI/IACET Continuing Education and Training Standard. IACET is recognized internationally as a standard development organization and accrediting body that promotes quality of continuing education and training.

EUCI is authorized by IACET to offer 1.1 CEUs for this event.

Requirements for Successful Completion of Program

You must be logged in for the entire presentation and send in the evaluation after the online course is completed.

Instructional Methods

This course will use PowerPoint presentations and group discussions.

---

Upon successful completion of this event, program participants interested in receiving CPE credits will receive a certificate of completion.

Course CPE Credits: 12.0
There is no prerequisite for this Course.
Program field of study: Specialized Knowledge
Program Level: Basic
Delivery Method: Group Internet Based
Advanced Preparation: None

EUCI is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its web site: www.nasbaregistry.org

 

Who Should Attend 

Utility and energy company staff from the following departments:  

• Directors and C-Suite Executives 
• Compliance and Regulatory Managers 
• Legal and Regulatory Staff 
• Information Technology and Information Security 
• Operations and Engineering 
• Administrative and Support Staff 
• Control Systems Maintenance Staff 

As well as:  

• Attorneys and Regulators 
• NERC Regional Entity staff 
• Contractors and Vendors