Training tracks are described below. Training track 1A and 1B are full-day sessions; registering for track 1A requires registering for track 1B. The remaining training tracks are all half-day sessions. You may register for one track “A" and one track “B" session; you cannot register for two track “A" sessions or two track “B" sessions.
Training Tracks 1A and 1B: CyberStrike Workshop | US Department of Energy
Description: The U.S. Department of Energy's Infrastructure Security and Energy Restoration Division, in collaboration with the Electricity Information Sharing and Analysis Center and Idaho National Lab (INL), has developed the CyberStrike Workshop to enhance the ability of energy sector owners and operators in the U.S to prepare for a cyber incident impacting industrial control systems. The training offers attendees a hands-on, simulated demonstration of a cyberattack, drawing from elements of the 2015 and 2016 cyber incidents in Ukraine. The instruction platform challenges course participants to defend against a cyber attack on the equipment they routinely encounter within their industrial control systems.
Hands-on Labs/Modules include:
The workshop is tailored to energy sector owner and operator staff who work in the following areas:
Training Tracks 2A and 2B: Physical Security Workshop I and II
Description: This physical security-focused training track will cover a holistic look at common security threats and emerging trends for electricity asset owners and security practitioners.
Training Track 3A: Asset Management for Energy Provider | NIST NCCOE
Description: Monitoring and managing operational technology (OT) assets is an essential component of protecting the nation's critical infrastructure from cyber attacks. To properly assess cyber security risk within the OT network, energy providers must be able to identify and maintain a complete and accurate view of their OT assets, especially the most critical.
The National Cybersecurity Center of Excellence, a part of the National Institute of Standards and Technology (NIST), in collaboration with members of the energy community and cyber security technology providers, is working on an OT asset management example solution to address this complex challenge. This project will result in a NIST cyber security practice guide (Special Publication 1800 series) that shows how commercially available products can be used to create an example solution for electric utilities and for oil and gas companies to effectively track and manage their assets. The guide will be released in March 2019.
Join security engineers from the NCCoE at NIST, alongside the projects' leading collaborators, for a detailed description of this project and other ICS Cybersecurity projects. The panel will share their expertise and best practices on asset management for the energy sector, as well as their current efforts in documenting and implementing methods for managing, monitoring, and baselining assets and information to help identify potential threats to OT assets.
Training Track 3B: Next-generation Cybersecurity for Electric Utility OT Networks | Palo Alto Networks
Description: This training, presented by utilities and OT cybersecurity practitioners, focuses on how to apply next-generation firewalls and adjacent technologies within electric T&D and generation infrastructure to maximize visibility, to reduce attack surfaces, and to prevent sophisticated attacks and malware from executing successful cyberattacks. It will use a combination of lecture, case studies, and hands-on exercises in a virtual ICS/SCADA environment to solidify the key concepts, frameworks, and best practice guidance presented during the training.
Training Track 4A: Build a Bulletproof Security Awareness and Phishing Simulation Program | Curricula
Description: Many organizations have security awareness programs, but are they looking at the emotional intelligence behind their design? We will examine every element of your awareness program and how certain actions positively or negatively impact your employees and the security of your organization.
Training Track 4B: How to be an Exercise Master Planner | Tennessee Valley Authority
Description: Through gamification, a company's cyber security, physical security, and operational response exercise can be an exciting and engaging adventure that people will talk about for years to come. Company management, technical resources, and responders receive awareness messages, risk reports, and other security documentation that do not always convey the full effects of the threats our communities face. A dynamic, well-delivered exercise can reduce the workload on the cyber security, physical security, and emergency response member and deliver a more effective message.
The workshop's goal is to evolve the way the community holds exercises. Attendees will be able to deliver exciting, dynamic, and useful exercises, and will help planners start working on GridEx V plans.
Participants will leave with an exercise plan that they can communicate to management and other members to develop further and run at their companies. They will receive a set of tabletop scenarios and a sample pack of network maps and corresponding City map "Game Boards" that they can use in their exercises.
Training Track 5A: Cybersecurity Training for SCADA using Testbed | Iowa State University
Description: This session will provide a scenario-based, hands-on training experience in cyber attack-defense methodology aligning with NERC CIP. The training will leverage industry-grade SCADA platform (Siemens) and state-of-the-art security practice (E-ISAC, NIST, DHS) and tools (Wireshark, OpenVAS, Security Onion). The training will host 24 participants (12 teams, 2 members/team). Each team will be provided with an instance of a SCADA (control center, substation, and a relay). This training session was conducted in GridSecCon 2015 and 2016, and four other instances.
Training Track 5B: Real Time Threat Response | Tanium
Description: This training session will provide participants a high-level overview of the Tanium platform, as well as a more technical conversation and hands-on threat hunting and incident response with the Tanium Threat Response toolset. In the lab session, attendees will learn the following:
Training Track 6A: Social Engineering and Open Source Intelligence (OSINT) Workshop | EC-Council
Description: This training will focus on how hackers use social engineering to get the information they want, and how you can defend against social engineering.
SOCIAL ENGINEERING AND OSINT WORKSHOP
FUNDAMENTALS OF OPEN SOURCE INTELLIGENCE
FUNDAMENTAL SOCIAL ENGINEERING
APPLIED SOCIAL ENGINEERING
Training Track 6B: Who's in Your Network and How Long Have They Been There? | Burns & McDonnell
Description: In the current state of cyber security affairs, a common theme is the time elapsed between compromise and detection. In many cases, this time period can be days, weeks, or even months. This course lays out a foundation of distribution, transmission, and generation communications, and how a communications network may be implemented with weak points inherent to its design. It identifies the importance of understanding the traffic within a network and how logging, monitoring (network, operating system and applications), and alerting provides visibility into potential attack surfaces. The course also introduces “Kill Chain Analysis" and how that helps create understanding of an adversary's objectives.
home | account log-in/register | legal and privacy/trademark policy | site map | careers | contact us
Atlanta Office | 3353 Peachtree Road, NE Suite 600 North Tower, Atlanta, GA 30326 | 404-446-2560 Washington Office | 1325 G Street, NW Suite 600, Washington, DC 20005| 202-400-3000
Copyright 2017 North American Electric Reliability Corporation. All rights reserved.