On Demand - Cyber Resiliency in the Power Industry [an Energy Central PowerSession™]

 The National Institute of Standards and Technology (NIST) defines cyber resiliency as “the ability to anticipate, withstand, recover from, and adapt to adverse conditions, stresses, attacks, or compromises on systems that use or are enabled by cyber resources.” 

NIST’s Cybersecurity Framework identifies five categories to structure cyber security programs: Identify -> Protect -> Detect -> Respond -> Recover.

• How does cyber resiliency fit in this framework? 
• Are there distinctions to draw between IT cyber resiliency and OT cyber resiliency? 
• Does cyber resiliency benefit from a cyber mutual aid approach similar to the mutual aid utilities deliver after damage to physical grid infrastructure?
   

Listen into this on-demand session and hear from our panelists as they discuss their perspectives on cyber resiliency and how their organizations are addressing this emerging and evolving concept. Our goal is to help listeners to determine why, where, and how to incorporate resiliency into their cyber security programs. 

Panelists

Toley Clague, Manager, OT Cybersecurity & IT Governance, Portland General Electric

Toley Oversees the cybersecurity program for all Operational Technology assets at PGE. He drives program improvements, establishes baseline metrics, and delivers measurable outcomes. He also oversees NERC CIP program operations staff, streamlining processes to ensure compliance with the least amount of friction.

Spencer Wilcox, Executive Director of Technology and Chief Security Officer, PNM Resources

Spencer Wilcox is Executive Director of Technology and Chief Security Officer for PNM Resources, a utility holding company with  operations in both New Mexico and Texas.  In this capacity Spencer is responsible for the strategy, architecture and operations of cyber and physical security, telecommunications, and infrastructure and end-user computing for IT and ICS/SCADA. Spencer holds certifications in cyber and physical security from (ISC)2, ISACA, and ASIS, is currently pursuing a PhD in Transdisciplinary Cybersecurity from New Mexico Tech, and was named one of the 2021 Most Influential Cybersecurity Leaders by Security Magazine.

Phil Tonkin, Senior Director of Strategy, Dragos

Having worked for one of the world's largest investor-owned utilities in roles that pushed the use of technology and data to drive efficiency and reliability, Phil understands the need to balance advancement with risk with practical and considered approaches. With growing risks from cyber threats, today's modern energy systems are more exposed than ever, but those risks can be managed.

Moderator

Christine Hertzog, Principal Project Manager at Electric Power Research Institute (EPRI)

Christine Hertzog is a Principal Technical Leader focused on cyber security research at EPRI. Research topics include electricity subsector cyber security metrics; security assessments and recommendations to improve overall OT cyber security; precision timing security; and OT cyber security training for electric utilities.

Christine is the author of EPRI white papers that explore emerging technologies in OT cyber security, including digital twins, 5G, and zero trust applications benefitting mission-critical electricity operations. She is the author of the Smart Grid Dictionary and other books focused on advanced infrastructure and data privacy and has contributed numerous technical articles to industry trade publications.
 

Thanks to our Sponsor for helping us bring this session to the Community!

Dragos is the Industrial Cybersecurity expert on a relentless mission to safeguard civilization.

In a world of rising cybersecurity threats, Dragos protects the most critical infrastructure – those that provide us with the tenets of modern civilization – from increasingly capable adversaries who wish to do it harm. Devoted to codifying and sharing our in-depth industry knowledge of ICS/OT systems, Dragos arms industrial defenders around the world with the knowledge and tools to protect their systems as effectively and efficiently as possible.

Safeguarding civilization has been our mission since day one.

Dragos was founded by experts trusted by the US government and ally nations to investigate and respond to the most significant ICS cyberattacks in history.