GridSecCon 2013

The North American Electric Reliability Corporation (NERC) is hosting the third annual Grid Security Conference (GridSecCon) on October 15-17, 2013, in Jacksonville, FL. A two-day workshop takes place on October 15-16. Four training tracks in physical and cybersecurity will take place on October 17.

The conference objectives include:

• Promoting reliability of the bulk power system (BPS) through training and industry education.
• Delivering cutting-edge discussions on Critical Infrastructure Protection (CIP) security threats, vulnerabilities, and lessons-learned from senior industry and government leaders.
• Informing industry with security best-practice discussions on reliability concerns, risk mitigation, and physical and cybersecurity threat awareness.

Training Sessions:

Track 1: CYBATI Control System Security Hands-On Exercise (limited to 42 total seats; breakout details below)

Audience – cyber, operations and physical security professionals (see breakdown below)

CYBATI is offering its flagship, hands-on control system training environment to personnel involved with cyber, physical and operational responsibilities.  The day long exercise uses a simulated power grid split among teams constructed of the participants.  The teams delegate responsibilities to protect their operations from active threat actors among the other teams.  Participants will be briefly educated on the environment, then navigate several stages throughout the exercise prior to summarizing the day's activities.  Real industrial controllers, applications, communication protocols and processes will be leveraged within the simulated environment allowing for real world situations.  All participants will receive 8 CPEs and an exercise completion certificate.

The exercise will include the need for individuals with specific backgrounds to manage specific injects as well as situations arising during the event by active threat actors and normal day to day operations.  Four teams of ten persons each will need to satisfy the following roles:

• Cyber Personnel (14 seats) - Active Defense (Defending systems), Preventive (Protective controls), Offense (Attacking systems)
• Operations Personnel (14 seats) - Policy development, Procedural development, Control System Operations, Auditing
• Physical Personnel (14 seats) - Active Defense (Defending systems), Preventive (Protective controls), Offense (Attacking systems)

Update!  There is no longer a restriction on the 'cyber', 'ops' or 'physical' specialties.  Select an open seat while they are available!

Track 2:  AliTek Physical Security (limited to 100 seats)

Audience – physical security professionals

AliTek has developed a comprehensive Physical Security training course focused exclusively on Electric Producers and Transmission Companies.  This course combines the CIP standards, industry best practices and other regulatory requirements to assist your company with asset protection, risk management and shareholder value.

Training will focus on the following topics:

• CIP-006 Version 3 compliance including six wall enclosures, response plans and all other requirements.
• How to prepare for CIP Version 5.
• How to protect geographically diverse assets, both manned and unmanned.
• Proper security response strategies.
• Security Vulnerability Assessments. 
• Risk Assessments and proper response measures.
• Proper PSP security designs.
• Balancing various agency requirements.
• Impact of upcoming regulations from DoE and the Presidential Directive. 

AliTek has extensive industry experience in the electric sector as well as oil and gas, pipeline, distribution and transportation security and risk mangement. AliTek combines the best security and risk management approaches from government and industry sectors in the course.

Track 3:  ICS Attack Day from the SANS ICS 410 course (limited to 50 seats, discounted to $595) 

Audience – technical / cybersecurity professionals

The SANS ICS 410 course is an ICS Security Essentials focused course that will equip both security professionals and control system engineers with the knowledge and skills they need to safeguard  critical infrastructure.  While the full course is a 5 day format, SANS will be offering the unique audience of Electric sector cyber security practitioners a sneak peek at the course and specifically the one day of the course that cyber security professionals do not often get to experience - Course Day 2 ICS Attacks.  This course day provides the student with an opportunity to learn ICS Attack vectors from Applications, Control Servers, the network, and all the way out to the remote field devices with hands on labs.  This sneak peek will also provide students the opportunity to hear an overview of the course topics covered in the full 5 day course.

Track 4: SANS Compliance Training and Securing the Human (limited to 50 seats, free)

Audience – compliance specialists, trainers, compliance managers

NERC CIP Versions 1-4 require entities to have training programs for individuals who have authorized cyber or authorized unescorted physical access to Critical Cyber Assets.  The training programs must provide for quarterly security awareness training as well as annual cyber security training on a variety of topics.  SANS Institute’s Securing The Human now has an awareness training program that addresses these NERC-CIP compliance standards for Utilities.

Securing The Human for Utilities is a computer based training program with 23 security modules that address the most common attack vectors using the 20 Critical Controls as a framework and can be used to satisfy the CIP-004-3-R1 requirement. In addition, there are 7 CIP specific modules that can be used to meet the requirements for CIP-004-3-R2 and cover the following topics:

1. Overview of NERC and FERC
2. Introduction to the NERC CIP Standards
3. Identification and Proper Use of Critical Cyber Assets
4. Physical Access Controls to Critical Cyber Assets
5. Electronic Access Controls to Physical Cyber Assets
6. Proper Handling of Critical Cyber Asset Information
7. Recovery of Critical Cyber Assets following a Cyber Security Incident

This half- whole-day session will walk through CIP V1-4 Training program requirements and demonstrates the SANS training program security awareness offerings as well as walk through the 7 CIP-specific training modules with open discussion around the topics discussed in each.  The session will also discuss the direction that the STU program is moving to ensure CIP V5 compliance training requirements in the near future.

FAQs

Where can I contact the organizer with any questions?

For any questions regarding GridSecCon 2013, please contact Bill Lawrence (bill.lawrence@nerc.net).

Do I have to bring my printed ticket to the event?

Printed tickets will not be required for GridSecCon 2013.  Electronic check-in will be used instead.

Will tickets be available at the door?

Yes.  Credit card payments only, please.

What is the refund policy?

Refunds for paid price will be provided up to one week (7 days) prior to the conference (submit prior to close of business on 8 October).  Refunds for hotel room reservations must be handled in accordance with the hotel's terms of service.  Please contact Bill Lawrence with questions.

Can I just attend a free/paid training session on the third day without buying a conference ticket?

No.  A three-day conference registration must be purchased.  The SANS training sessions must be paid for separately at their website (see training session details above).

Can I sign up for more than one training session?

Please choose only one training session.  Signing up for more than one may result in removal from each registration list.  If seats in a desired session are not available, please send an email (bill.lawrence@nerc.net) to be placed on standby for that session.

My company would like to sponsor GridSecCon 2013 - how can we do that?

Please contact Bill Lawrence for sponsorship opportunities.