Checkout
Contact Us
close
EUCI
>
Fundamentals of Cyber Security for Utilities

On-Demand Training:
Fundamentals of Cyber Security for Utilities

Recorded: August 15 - 16, 2024

Overview Agenda Instructors
Print

The Fundamentals of Cyber Security for Utilities course will provide attendees with invaluable insights into the evolving landscape of cyber threats and vulnerabilities facing the industry. From discussing common attack vectors to understanding to attacker motivations, participants will understand the importance of robust cyber security policies and frameworks.

The agenda will include:

  • Ransomware, malware variants and social engineering
  • Critical infrastructure and incident response planning
  • Risks and exposure
  • Supply chain vulnerabilities and implications
  • Technical countermeasures, hardware/software, and physical security
  • Regulatory compliance and risk-based decision planning

Upon completion of this training, electric utility professionals will have a comprehensive knowledge of the tools to navigate complex cyber security landscapes and how to safeguard critical infrastructure assets.  

Learning Outcomes

  • Review the diverse landscape of cyber threats facing utilities, including common attacks, motivators, and characteristics of advanced threats
  • Gain familiarity with cyber security policies and IT security frameworks and assess vulnerabilities
  • Discuss the importance of social engineering awareness
  • Identify critical infrastructure risks and exposure areas (i.e., supply chain, smart grid, and electronic media)
  • Explore technical countermeasures essential for enhancing resilience, such as architecture, hardware, and software
  • Explain NERC CIP compliance and discuss FERC, NERC, reliability standards, common challenges for BES providers and regulatory landscapes
  • Develop foundational skills in incident response planning and how to create continuity of operational plans to reduce cyber attacks

Register

This is a recorded session - no instructor interaction is available. Recordings do not qualify for continuing education credits. Recordings will expire 30 days from date of purchase and sharing, downloading or copying of the recording in any way is strictly prohibited and will result in the termination of your license.

PURCHASE THIS RECORDING:

Recording license(s)$ 1195.00 each

Day one

Day two

Agenda

9:00 AM - 5:00 PM

Course Timing

Introduction to Cyber Threat for Utilities

  • The Most Common Cyber Threat Attack Vectors
  • Who are the attackers and what do they want?
  • Understanding Advanced Persistent Threat (APT) Actors
  • Cybersecurity Policy and IT Security Frameworks
  • The Types of Assessments and Why You Would Use Them

Discussion on Ransomware and Other Common Malware Variants

Social Engineering and why it matters.

  • Platforms for Attacks: Phishing, Vishing, Smishing
  • Other Social Engineering Methods
  • Being Smart in the Digital World

Critical Infrastructure Provider Risks and Exposure

  • Supply Chain risks
  • Smart Grid and Process Control
  • Procurement Controls
  • Electronic Media Security

General Overview of Technical Counter Measures

  • Cybersecurity and Enterprise Architecture
  • Cybersecurity Hardware and Software in a Defensive Architecture
  • Physical Security and Remote Access
  • Zero Trust and Secure Access Service Edge (SASE)
  • Defense in Depth as a Discipline

NERC CIP: Compliance Preparation and Implementation

  • Definition and review of FERC, NERC and US Reliability Standards 
  • Introduction and description of the NERC CIP standards
  • Review of common challenges for Electric System (BES) providers
  • Regulatory landscape concerning NERC CIP

Basic Elements of Incident Response (Responding to Cyber Attacks)

  • Cyber Incident Management Framework and Emergency response plan
  • Cyber Incident Walk Through
  • The Triad of Planning – Business Continuity, Disaster Recovery and Cyber Incident Response
  • Continuity of operations plan or disaster recovery plan
    • Crisis management teams
    • Manual overrides and temporary manual operations
    • Testing System redundancy

Agenda

9:00 AM - 12:45 PM

Course Timing

Assessing Risk and Making Risk Based Decisions

  • How Cyber Risks are different from Financial, and other Operational Risks
  • Realistic Risk Assessment
  • Using Threat, Cybersecurity Assessments, Audits and Penetration Tests
  • Compliance and developing meaningful compensating controls.

Establishing the Value Proposition for Cybersecurity

Instructor

Mr. Smith is a Senior Cyber Security Reliability Consultant with 20+ years of experience focusing on the NERC CIP reliability standards. Skillful in developing and implementing successful internal compliance programs that have been tested through numerous audits and certifications in the WECC, RF, NPCC, SERC and MRO regions and Canada. Experienced in working with Medium and Low impact BES cyber systems, focused on GO/GOP, TO/TOP, and BA entities in the hydro, storage and renewable energy arenas. Mr. Smith is a creative and innovative solution leader developing results based in the NERC CIP, NIST 800, ISO 27000, and corporate business standards. Mr. Smith drives organizations to maintain focus on achieving a solid sustainable cyber security compliance program through preparation of communication documents to promulgate information related to the NERC CIP Reliability Compliance Program. He is a self-driven leader with the ability to thrive in a fast-paced environment coupled with proficiency to think outside the box as well as effective teamwork and communication skills.

Eric Smith

Senior Cyber Security Reliability Consultant