Training tracks are described below. Training track 1A and 1B are full-day sessions; registering for track 1A requires registering for track 1B. The remaining training tracks are all half-day sessions. You may register for one track “A" and one track “B" session; you cannot register for two track “A" sessions or two track “B" sessions.
U.S. Department of Energy (DOE)/Idaho National Laboratory (INL)
All-day session, 95 seats available, starts at 8:00 a.m.
Audience: Energy sector owner and operator staff, specifically control room operational technology (OT) personnel, critical infrastructure protection-focused technical staff, Energy Management System support, operating personnel, cyber security staff
The DOE's Infrastructure Security and Energy Restoration Division, in collaboration with the E-ISAC and INL, developed the CyberStrike Workshop to enhance the ability of energy sector owners and operators in the United States to prepare for a cyber incident impacting industrial control systems (ICS). The training offers attendees a hands-on, simulated demonstration of a cyber attack, drawing from elements of the 2015 and 2016 cyber incidents in Ukraine. The instruction platform challenges course participants to defend against a cyber attack on the equipment they routinely encounter within their ICS.
Hands-on labs/modules include:
Physical Security Advisory Group (PSAG)
Half-day session, 60 seats available, starts at 8:00 a.m.
Audience: Physical security professionals and asset owners and operators
This track explores issues that affect the physical security of the electricity industry. It allows participants the opportunity to hear a variety of perspectives from physical security experts about topics of importance, such as current issues and best practices, and discuss any concerns.
Travis Moran, Welund, will discuss trends in drones and emergency technologies, as well as foreign investments, and how they impact the security of the electricity industry. Welund monitors and analyzes politically based threats to the electricity industry.
John Bryk, Downstream Natural Gas Information Sharing and Analysis Center (DNG-ISAC), will share perspectives discuss how intelligence sharing differs from information sharing, stressing that understanding can improve your ability to assess threats. The downstream natural gas sector shares much of the same operating environment and threats as the electricity sector.
PSAG and Design Basis Threat (DBT)
Half-day session, 60 seats available, starts at 1:00 p.m.
This track demonstrates the use of the DBT Implementation Guide and how to use the methodology to assess and improve the security of electricity sector assets. The PSAG created the Electricity Sector Design Basis Threat to tailor the DBT methodology to the electricity sector. DOE, through the Pacific Northwest National Laboratory (PNNL), developed the Design Basis Threat: Implementation Guide as a companion product designed to assist owners and operators in using the DBT methodology to assess the physical security of their assets.
The goal of this session is demonstrate how to use these products and help participants gain familiarity with the tools. Rob Siefken, PNNL, will provide step-by-step instructions on how to use the guide to assess the security of a generic facility.
National Cybersecurity Center of Excellence (NCCoE), National Institute of Standards and Technology (NIST)
Audience: Cyber security professionals and ICS owners
Monitoring and managing OT assets is an essential component of protecting the nation's critical infrastructure from cyber attacks. To properly assess cyber security risk within the OT network, energy providers must be able to identify and maintain a complete and accurate view of their OT assets, especially the most critical.
The NCCoE, a part of NIST, in collaboration with members of the energy community and cyber security technology providers, is working on an OT asset management example solution to address this complex challenge. This project will result in a NIST cyber security practice guide (Special Publication 1800 series) that shows how commercially-available products can be used to create an example solution for electric utilities and for oil and gas companies to effectively track and manage their assets. The guide will be released in March 2019.
Join security engineers from the NCCoE at NIST, alongside the projects' leading collaborators, for a detailed description of this project and other ICS cyber security projects. The panel will share their expertise and best practices on asset management for the energy sector, as well as their current efforts in documenting and implementing methods for managing, monitoring, and baselining assets and information to help identify potential threats to OT assets. Additionally, this conversation will expand to include a panel discussion on Industrial Internet of Things cyber security challenges within the energy sector.
Palo Alto Networks, Southern Company, Securicon
Half-day session, 50 seats available, starts at 1:00 p.m.
This training is presented by utilities and OT cybersecurity practitioners and focuses on applying next-generation firewalls, advanced endpoint protection, and adjacent technologies within electric transmission and distribution, and generation infrastructure with the purpose of maximizing visibility, reducing attack surfaces, and preventing sophisticated attacks and malware. The training features a combination of lecture, case studies, and hands-on exercises in a virtual ICS/SCADA environment.
Half-day session, 40 seats available, starts at 8:00 a.m.
Audience: Cyber security professionals
Many organizations have security awareness programs, but are they looking at the emotional intelligence behind their designs. How do you make your employees love security? Change your focus to get employees to become your best defense and give them the tools to succeed.
Security awareness starts with understanding the basic principles behind psychology and human behavior. Changing the way we communicate information to our employees is the key to success. This session highlights marketing and advertising principals, along with understanding metrics that matter to powerful security awareness programs.
Successful security awareness requires a plan. We will walk through how to build your ambassador program, security awareness roadmap, and provide detailed information on how to successfully launch a phishing simulation program. This session includes demonstrations of detailed phishing simulation tests and how to approach the ongoing exercise of phishing prevention training. We will review the following guides:
Time to put all your new knowledge to use. Review case studies that require thinking outside the box and being creative. There are no right answers here, but the group will scrutinize historically predictable approaches. This session will explain best practices from successful security awareness programs. Your new perspective will give you the insight, tools, and motivation to start making a change in your own security awareness and phishing simulation program.
Tennessee Valley Authority
Half-day session, 40 seats available, starts at 1:00 p.m.
Audience: Open to all
Through gamification, a company's cyber security, physical security, and operational response exercises can be an exciting and engaging adventure that people will talk about for years to come. This training takes participants through an overview of the exercise planning process outlined in the FEMA Homeland Security Exercise and Evaluation Program process mixed in with elements of tabletop gaming campaign building. The workshop goal is to evolve the way the community holds exercises.
This training event will help planners start working on GridEx V plans and can be applied to drills, such as phishing, emergency response, and multiple organization 100+ inject.
During this course, the participants will develop an exercise plan that they can communicate to management and other members to develop further and run at their companies. They will receive a set of tabletop scenarios, a sample pack of network maps and corresponding city maps “Game Boards," and other material.
Iowa State University
Half-day session, 24 seats available, starts at 8:00 a.m.
This session provides a scenario-based, hands-on training experience in cyber attack defense methodology aligning with NERC CIP. The training leverages an industry-grade SCADA platform (Siemens), relays/PMUs (SEL and Siemens), state-of-the-art security tools, and practices (E-ISAC, NIST, DHS).
The training has the following four modules:
The participants will experiment with real platforms for attack-defense training. This session includes an illustration of real-world scenarios, like the 2015 Ukraine grid attack and potential defenses. Iowa State University conducted similar training sessions at GridSecCon 2015 and 2016, as well as other venues for industry professionals.
This session provides participants with a high-level overview of the Tanium platform, as well as a more technical, hands-on conversation on threat hunting and incident response with the Tanium Threat Response toolset. Attendees will learn the following:
Half-day session, 95 seats available, starts at 8:00 a.m.
This training focuses on how hackers use social engineering to get the information they want and how you can defend against social engineering.
Fundamentals of OSINT
Fundamental Social Engineering
Applied Social Engineering
Burns & McDonnell
Half-day session, 95 seats available, starts at 1:00 p.m.
In the current state of cyber security affairs, a common theme is the time elapsed between compromise and detection. In many cases, time to detection can be days, weeks, or even months. This course lays out a foundation of distribution, transmission, and generation communications, and how a communications network may be implemented to avoid weak points inherent to its design. It identifies the importance of understanding the traffic within a network and how logging, monitoring, and alerting provide visibility into potential attack surfaces. The course also introduces the concepts of attack trees and kill chains and how they can help create insight into an adversary's objectives.
home | account log-in/register | legal and privacy/trademark policy | site map | careers | contact us
Atlanta Office | 3353 Peachtree Road NE, Suite 600 North Tower, Atlanta, GA 30326 | 404-446-2560 Washington Office | 1325 G Street NW, Suite 600, Washington, DC 20005| 202-400-3000
Copyright 2017 North American Electric Reliability Corporation. All rights reserved.