Fundamentals of Cyber Security for Utilities
March 7-8, 2023 | Online :: Central Time
“It’s rare to find a subject matter expert in more than one subject matter, thanks for providing that very thing.” IT Specialist, Urban Grid Solar
“Robert knew the material well and was able to present it in an easy-to-understand format.” Manager Enterprise Cybersecurity, Cleco Corporate Holdings, LLC
“One of the best cyber security trainings as it relates to the Electricity industry. Excellent information related to CIP. Very knowledgeable instructor in all aspects.” – Power Costs Inc.
“Robert did an amazing job at keeping us engaged, which is difficult virtually.” – Department of Energy
“Very knowledgeable and delivers content in a way that is easy to comprehend.” – NMPP Energy
“Excellent presenter! Approachable and relatable!” – General Manager, Guam Power Authority
“I really enjoyed how Rob integrated real world examples with the course content.” – Project Manager, Lockheed Martin/TRC
“Made a dry subject come alive and clarified the technical procedures/best practices. He puts everyone at ease, and I think everyone enjoyed the experience.” – Director, Dubriansly Consulting
“Good topic knowledge and experience. Well-spoken and engaging. If you are new to NERC/CIP/Cyber this is a good place to start!” — City of Redding
“I’ve taken two courses with EUCI and I have gotten a lot out of them. The courses are well-managed and presented in an easy to digest manner without making you just sit there and read a PowerPoint presentation all day. I continue to enjoy and gain a lot of valuable information from these courses and look forward to the next one.” – WAPA
Like other parts of critical infrastructure, utilities face advancing cyber security threats to their corporate and field environments. Regulators, such as NERC and FERC, have mandated in their jurisdictions that these threats be addressed ultimately through compliance with NERC CIP requirements. However, because of the complex nature of control systems, utility cyber security programs face much greater challenges in providing needed cyber security controls for BES Cyber Assets (BCA) and BES Cyber Systems (BCS). Further complicating the situation are newer digital components being implemented that are challenging many preconceived notions of how technology is used in power generation and delivery.
As the options for access and control become more complicated, cyber security becomes more important to the overall safety of the environment. Threats are rapidly evolving, and the industry is struggling to balance asset availability with cyber security to keep malicious actors at bay. Regulators continue to refine their guidance, and the industry is racing to keep up. Notwithstanding growing questions and concerns from Utility Boards of Directors over cyber security, each audit of compliance requirements yields new insight into regulator concerns over cyber security in the energy industry.
This course is an in-depth introduction to cyber security issues facing utilities today. It is meant as a primer to give the necessary background for all staff to understand the concepts and complexities of cyber security and compliance with NERC CIP Standards.
- Evaluate current value at risk from cyber security threats facing electric utilities
- Analyze cyber threats and vulnerabilities
- Define, assess, and manage security risk for smart grid
- Review NERC CIP, key implementation strategies, and current events
- Discuss the convergence of IT and cyber security departments, internal and external communication strategies, and building cross-functional teams
- Examine practical techniques for risk management and data protection
- Discuss holistic cyber security program strategies focused on prevention
Tuesday, March 7, 2023 : Central Time
8:45 – 9:00 a.m.
Log In and Welcome
12:30 – 1:15 p.m.
9:00 a.m. – 5:00 p.m.
Threats to Energy Infrastructure – Understanding the Cyber Threat Landscape and Value at Risk
- Introduction to cyber-attacks and defenses
- Current cyber security threats facing electric utilities
- Common vulnerabilities and consequences
Continuation of Value at Risk: Threats to Energy Infrastructure
- Threat impacts to control systems
- Upcoming cyber security challenges for utilities
Security of Smart Grids: How Cyber Security is Affecting its Future
- Defining, assessing, and managing security risks affecting smart grid
- Compliance and distribution systems
- NIST standards
- Existing standards and those in development
- Practical impacts to utility cyber security practices
- Cyber threats and vulnerabilities to communication networks
- Field maintenance and test equipment
- Wide Area Network communications
- Field communication with Internal IT assets
NERC CIP: Implementation and Preparing for Subsequent Versions
- Definition and review of the current version of NERC CIP and key differences from previous versions
- Introduction and description for each of the NERC CIP standards
- Review of common violations and root causes
Wednesday, March 8, 2023 : Central Time
8:45 – 9:00 a.m.
9:00 a.m. – 12:30 p.m.
Continuation of NERC CIP Discussion and Resolving Implementation Challenges
- Brief coverage of the regulatory landscape around NERC CIP
- Discuss key factors of each NERC CIP version along with implementation strategies
- Identify what to expect from future NERC CIP versions
Integrating Cyber Security Across the Utility
- Internal cyber security strategy
- Cyber Security integration across the utility
- Cross-functional teams
- Roles and responsibilities
- End-to-end cyber security from back office to core business
Rob Schuler, Senior Director, Strategy and Transactions– Cyber, EY
Mr. Schuler is a Cyber Security Senior Director specializing in strategy and transactions with EY in the United States. He has over 20 years of cyber security risk management and systems security engineering experience across multiple industries. Over this period, he has become a recognized expert in cyber security guidance for utility control systems.
Mr. Schuler has key expertise in helping clients to define their needs and translate them into actionable program goals. He has a strong history of identifying and unifying technical teams of diverse backgrounds and delivering program excellence.
Mr. Schuler’s industry outreach activities have included frequent speaking engagements delivering control system cyber security courses and speaking on industry panels, where his technical knowledge and interactive style is helping key industry participants reach a shared understanding of cyber security threats, compliance standards, and how to build secure, best-practice architectures while meeting compliance objectives.
We will be using Microsoft Teams to facilitate your participation in the upcoming event. You do not need to have an existing Teams account in order to participate in the broadcast – the course will play in your browser and you will have the option of using a microphone to speak with the room and ask questions, or type any questions in via the chat window and our on-site representative will relay your question to the instructor.
- IMPORTANT NOTE: After November 30 you will not be able to join a Teams meeting using Internet Explorer 11. Microsoft recommends downloading and installing the Teams app if possible. You may also use the Edge browser or Chrome.
- You will receive a meeting invitation will include a link to join the meeting.
- Separate meeting invitations will be sent for the morning and afternoon sessions of the course.
- You will need to join the appropriate meeting at the appropriate time.
- If you are using a microphone, please ensure that it is muted until such time as you need to ask a question.
- The remote meeting connection will be open approximately 30 minutes before the start of the course. We encourage you to connect as early as possible in case you experience any unforeseen problems.
Please Note: This event is being conducted entirely online. All attendees will connect and attend from their computer, one connection per purchase. For details please see our FAQ
If you are unable to attend at the scheduled date and time, we make recordings available to all registrants for three business days after the event
REGISTER NOW FOR THIS EVENT:
Fundamentals of Cyber Security for Utilities
March 7-8, 2023 | Online
|Individual attendee(s) - $ 1195.00 each|
Volume pricing also available
Individual attendee tickets can be mixed with ticket packs for complete flexibility
|Pack of 5 attendees - $ 4,780.00 (20% discount)|
|Pack of 10 attendees - $ 8,365.00 (30% discount)|
|Pack of 20 attendees - $ 14,340.00 (40% discount)|
Your registration may be transferred to a member of your organization up to 24 hours in advance of the event. Cancellations must be received on or before February 03, 2023 in order to be refunded and will be subject to a US $195.00 processing fee per registrant. No refunds will be made after this date. Cancellations received after this date will create a credit of the tuition (less processing fee) good toward any other EUCI event. This credit will be good for six months from the cancellation date. In the event of non-attendance, all registration fees will be forfeited. In case of conference cancellation, EUCIs liability is limited to refund of the event registration fee only. For more information regarding administrative policies, such as complaints and refunds, please contact our offices at 303-770-8800
EUCI is accredited by the International Accreditors for Continuing Education and Training (IACET) and offers IACET CEUs for its learning events that comply with the ANSI/IACET Continuing Education and Training Standard. IACET is recognized internationally as a standard development organization and accrediting body that promotes quality of continuing education and training.
EUCI is authorized by IACET to offer 1.1 CEUs for this event.
Requirements for Successful Completion of Program
You must be logged in for the entire presentation and send in the evaluation after the online course is completed.
This course will use PowerPoint presentations and group discussions.
Upon successful completion of this event, program participants interested in receiving CPE credits will receive a certificate of completion.
Course CPE Credits: 12.0
There is no prerequisite for this Course.
Program field of study: Specialized Knowledge
Program Level: Basic
Delivery Method: Group Internet Based
Advanced Preperation: None
EUCI is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its web site: www.nasbaregistry.org
Who Should Attend
Utility and energy company staff from the following departments:
- Any Directors and C-Suite Executives
- Compliance and Regulatory Managers
- Legal and Regulatory Staff
- Information Technology and Information Security
- Operations and Engineering
- Administrative and Support Staff
- Control Systems Maintenance Staff
As well as:
- Attorneys and Regulators
- NERC Regional Entity staff
- Contractors and Vendors