CyberSecurity Technology Strategy Development for Utilities
Transcript of CyberSecurity Technology Strategy Development for Utilities
![Page 1: CyberSecurity Technology Strategy Development for Utilities](https://reader031.fdocuments.in/reader031/viewer/2022020705/61fb7ae92e268c58cd5eaaa4/html5/thumbnails/1.jpg)
CyberSecurity Technology Strategy Development for Utilities
Neil Rerup, President, ECSA
![Page 2: CyberSecurity Technology Strategy Development for Utilities](https://reader031.fdocuments.in/reader031/viewer/2022020705/61fb7ae92e268c58cd5eaaa4/html5/thumbnails/2.jpg)
Agenda Principles
Architecture Methodology
Creating a Strategy
Determine where you are Strengths / Weaknesses / Opportunities / Threats
Determine the Environmental Variables
Determine where you want to go
Create your Strategy
![Page 3: CyberSecurity Technology Strategy Development for Utilities](https://reader031.fdocuments.in/reader031/viewer/2022020705/61fb7ae92e268c58cd5eaaa4/html5/thumbnails/3.jpg)
What are your approach to Strategy?
Principles Architecture Framework
Where you are
Where you want to be
How to get there Strategy
![Page 4: CyberSecurity Technology Strategy Development for Utilities](https://reader031.fdocuments.in/reader031/viewer/2022020705/61fb7ae92e268c58cd5eaaa4/html5/thumbnails/4.jpg)
Principles Short, easy to communicate
Indicate how you are going to approach Architecture
Guide your approach and decision making
Examples: We will benchmark against other Utility organizations and be driven
by the Business objectives We will design security solutions with an Enterprise perspective from
the outset, rather than local solutions that are enhanced for “specific idiosyncrasies.”
Keep it to 10 bullets or less
![Page 5: CyberSecurity Technology Strategy Development for Utilities](https://reader031.fdocuments.in/reader031/viewer/2022020705/61fb7ae92e268c58cd5eaaa4/html5/thumbnails/5.jpg)
Architecture Frameworks TOGAF Conceptual in nature
Zachmann Document centric
SABSA Security Architecture specific A combination of TOGAF and Zachmann
>60 different Architecture Frameworks
![Page 6: CyberSecurity Technology Strategy Development for Utilities](https://reader031.fdocuments.in/reader031/viewer/2022020705/61fb7ae92e268c58cd5eaaa4/html5/thumbnails/6.jpg)
Evolution of Architecture Frameworks
![Page 7: CyberSecurity Technology Strategy Development for Utilities](https://reader031.fdocuments.in/reader031/viewer/2022020705/61fb7ae92e268c58cd5eaaa4/html5/thumbnails/7.jpg)
TOGAF Reference Security Architecture
“Open Enterprise Security Architecture” -TOGAF, 2011
Note: I feel that the Reference Security Architecture is not organized properly, so I created my own. Note: It doesn’t give a SCADA slant either.
![Page 8: CyberSecurity Technology Strategy Development for Utilities](https://reader031.fdocuments.in/reader031/viewer/2022020705/61fb7ae92e268c58cd5eaaa4/html5/thumbnails/8.jpg)
SGIP’s “Spagetti Diagram”
![Page 9: CyberSecurity Technology Strategy Development for Utilities](https://reader031.fdocuments.in/reader031/viewer/2022020705/61fb7ae92e268c58cd5eaaa4/html5/thumbnails/9.jpg)
Reference Security Architecture
![Page 10: CyberSecurity Technology Strategy Development for Utilities](https://reader031.fdocuments.in/reader031/viewer/2022020705/61fb7ae92e268c58cd5eaaa4/html5/thumbnails/10.jpg)
IT and OT Convergence
The ECSA Reference Architecture deals with Ideas & Concepts as well as specific technologies
Deal with IT and OT convergence Eg. Intrusion Detection / Intrusion Prevention, SEIM Current IPS technology is specific to IT but can be used in OT
Information Technology
Operational Technology
![Page 11: CyberSecurity Technology Strategy Development for Utilities](https://reader031.fdocuments.in/reader031/viewer/2022020705/61fb7ae92e268c58cd5eaaa4/html5/thumbnails/11.jpg)
Where are you now?
How You’re Going to Get there
Where you are
Where you want to be
Resources
Strategy creation requires: - Knowing where you are
- Perform discovery - Strengths, Weaknesses, Opportunities, Threats - Environmental Variables (outside your control) - Political, Economic, Technical, Social, Competitive (PETSC)
![Page 12: CyberSecurity Technology Strategy Development for Utilities](https://reader031.fdocuments.in/reader031/viewer/2022020705/61fb7ae92e268c58cd5eaaa4/html5/thumbnails/12.jpg)
Where do you want to be?
Organizationally, not just Security’s view point
Interview Stakeholders, both Business and Dependent Stakeholders
Get their view and replay it back to them
Map to a Reference Security Architecture
How You’re Going to Get there
Where you are
Where you want to be
Resources
![Page 13: CyberSecurity Technology Strategy Development for Utilities](https://reader031.fdocuments.in/reader031/viewer/2022020705/61fb7ae92e268c58cd5eaaa4/html5/thumbnails/13.jpg)
Resources
Use the Strengths and Opportunities to build your Road Map
Resources include: Existing Technology in place Existing Projects and Planned Activities Remember, it’s not just about Technology. It’s also about People &
Processes.
How You’re Going to Get there
Where you are
Where you want to be
Resources
![Page 14: CyberSecurity Technology Strategy Development for Utilities](https://reader031.fdocuments.in/reader031/viewer/2022020705/61fb7ae92e268c58cd5eaaa4/html5/thumbnails/14.jpg)
Roadmap => Strategy
Use Strengths and Opportunities to layout the Roadmap
Take into consideration: Weaknesses and Threats. Work around them or build them up. Environment Variable. Plan for them as a worse case. You can’t
avoid them.
How You’re Going to Get there
Where you are
Where you want to be
Resources
![Page 15: CyberSecurity Technology Strategy Development for Utilities](https://reader031.fdocuments.in/reader031/viewer/2022020705/61fb7ae92e268c58cd5eaaa4/html5/thumbnails/15.jpg)
Contact Information Neil Rerup, President / Chief Security Architect
Phone: 604-345-4630
Email: [email protected]
Web: www.enterprisecybersecurity.com
![Page 16: CyberSecurity Technology Strategy Development for Utilities](https://reader031.fdocuments.in/reader031/viewer/2022020705/61fb7ae92e268c58cd5eaaa4/html5/thumbnails/16.jpg)
Q&A