EnergySec East

Tue, April 07 2020, 9:00 AM - Thu, April 09 2020, 3:00 PM [EST]

2350, M Street Northwest, Washington, DC, 20037, United States

REGISTER NOW

1. Select Seats

2. Review and Proceed

COUNTDOWN TO EVENT!

Days
hours
minutes
Seconds

EnergySec East - Full Conference Registration Partial Approval - $575.00

Sales end on - 04/09/2020

Access to all 3-days of the event

EnergySec East - Day 1 Only - Workforce Summit Partial Approval - $95.00

Sales end on - 04/09/2020

Access to the Workforce Summit on day 1 of the conference

EnergySec East - Days 2-3 Only - Distribution Security Forum and Small Entity Forum Partial Approval - $495.00

Sales end on - 04/09/2020

This ticket provides access to all sessions on days 2 and 3 of the conference.

EnergySec East - Day 2 Only - Distribution Security Forum Partial Approval - $295.00

Sales end on - 04/09/2020

This ticket provides access to all sessions on Day 2 of the conference.

EnergySec East - Day 3 Only - Small Entity Forum Partial Approval - $295.00

Sales end on - 04/09/2020

This ticket provides access to all sessions on Day 3 of the conference.

EnergySec East - Day 3 - Webinar Only Partial Approval - $95.00

Sales end on - 04/09/2020

This ticket provides access to the live stream of all Day 3 sessions.

Enter your discount code

  • Subtotal (excluding fees and discounts)
  • Fee
  • Total amount

Event Information

Tue, April 07 2020, 9:00 AM - Thu, April 09 2020, 3:00 PM [EST]

About the Event

For the past two years, the Distribution Security Forum (DSF) held in Washington, D.C., has addressed cybersecurity issues related to electric distribution systems, advanced metering infrastructures, micro grids, distributed energy resources, and related topics.  EnergySec East expands on the DSF format with additional sessions, including a "roundtable" discussion government partners, a cybersecurity workforce summit, and a focused session addressing the specific needs of small utilities. 

Cancellation policy

Refunds available up to 30 prior to the event.

Event Location

About the Organizer

The Energy Sector Security Consortium, Inc. (EnergySec) is a United States 501(c)(3) non-profit corporation formed to support energy sector organizations with the security of their critical technology infrastructures. Through our membership program, we support collaborative initiatives and projects that help enhance the cybersecurity resiliency of these organizations. Today, our community includes more than 5000 individuals representing more than 500 organizations. The development of the EnergySec information sharing efforts and workforce development remain a key focus areas of EnergySec as it continues to develop programs and other efforts to meet the needs of the energy sector into the future.

CONTACT ORGANIZER

Event Speakers

Rodney Peterson
Director, National Initiative for Cybersecurity Education

Rodney Petersen is the director of the National Initiative for Cybersecurity Education (NICE) at the National Institute of Standards and Technology (NIST) in the U.S. Department of Commerce. He will be sharing his expertise on the NICE Cybersecurity Framework.

Marissa Morales Rodriguez
Research & Development, Oak Ridge National Labs

At Oak Ridge National Laboratory, Morales-Rodriguez manages projects related to the research and development of cyber-physical sensors with applications in the energy, defense, environmental and manufacturing industries.

Kylie McClanahan
PhD Student, University of Arkansas –Fayetteville

Kylie will address how machine learning can specifically benefit smaller utilities with few or no full-time employees dedicated to vulnerability and patch management by generating risk-informed work decisions. Her approach shows a 97% accuracy in the machine learning predictions and overall time savings of two full-time employees in small electric utilities, allowing employees with valuable knowledge and experience to focus on other priorities.

Eli King
Director of Energy Emergency Management, State of Washington Energy Office

Elizabeth King is the Energy Emergency Management Director for the State of Washington and an internationally credentialed Emergency Manager. Mrs. King facilitates and oversees the programs energy emergency planning, and coordinates restoration priorities during an energy supply disruption impacting the state.

Andy Bochman
Senior Grid Strategist, Idaho National Labs

As an INL security strategist, Andy provides strategic guidance on topics at the intersection of grid security and resilience to N&HS leadership as well as senior U.S. and international government and industry leaders.

Caitlin Durkovich
Director, Toffler Associates

Caitlin leads the security and resilience practice at Toffler Associates. A recognized expert in critical infrastructure security and resilience, including cybersecurity, Caitlin helps public and private sector clients navigate the complex operational challenges posed by an increasingly interconnected and interdependent global economy.

Kenneth "KC" Carnes
Chief Information Security Officer and VP of Critical Secure Services, New York Power Authority

In his role at NYPA, Kenneth Carnes is expected to enable the secure future of integrated power systems to meet the needs of the largest state-owned utility. KC has experience supporting all verticals of electric operations from the perspectives of security, information technology and operations technology.

Jake Kouns
CEO & CISO, Risk Based Security

Jake is frequently interviewed as an expert in the security industry and has presented at many well-known security conferences, including RSA, Black Hat, and DEF CON. He is the co-author of Information Technology Risk Management in Enterprise Environments and The Chief Information Security Officer. He holds both a bachelor of business administration and master of business administration degree from James Madison University, with a concentration in information security. In addition, he holds a number of certifications, including: ISC2's CISSP, and ISACA's CISM, CISA and CGEIT.

Harry Perper
Chief Engineer, NIST’s National Cybersecurity Federally Funded Research & Development Center (FFRDC)

Harry Perper is the Chief Engineer at NIST’s National Cybersecurity Federally Funded Research & Development Center (FFRDC), operated by The MITRE Corporation. In his role as Chief Engineer, Harry is responsible providing quality oversight across dozens of cybersecurity lab projects and influencing the FFRDC’s forward-looking research investment opportunities. NIST’s National Cybersecurity Center of Excellence (NCCoE), a collaborative hub which identifies pressing cybersecurity challenges with industry and builds modular, end-to-end integration solutions using commercially available products to demonstrate standards-based cybersecurity. At the NCCoE, Harry helps guide more than 40 of cybersecurity engineers as they work through the development of cybersecurity reference designs and lab implementations. Prior to his support of the NCCoE, Harry worked at MITRE’s Center for National Security, leading teams focused on evaluating a range of cyber technologies for the US Department of Defense. Before his career at MITRE, Harry worked in the telecommunications industry in various capacities including operations, engineering and marketing.

The UMBC Cyberdefense Team
University of Maryland, Baltimore County

The UMBC Cyberdefense team includes graduate and undergraduate students at UMBC. Left to right: Dr. Charles Nicholas (advisor), Anna Staats, Drew Barrett, Robert Joyce, Grant Spencer, Cyrus Bonyadi, and Seamus Burke,

Richard Mroz
Senior Advisor, State and Government Relations, Protect Our Power

Richard Mroz is one of the leading advocates in securing the grid from both cyber and physical attacks. He is the immediate past President of the New Jersey Board of Public Utilities and was nominated by former Gov. Chris Christie in 2014. The nomination was unanimously approved by the New Jersey Senate. Mr. Mroz was also a member of the National Association of Regulatory Utility Commissioners (NARUC) and served as chairman of the NARUC Committee on Critical Infrastructure, which was established on a temporary basis after the Sept. 11, 2001, terrorist attacks and the now-permanent Critical Infrastructure Committee provides State regulators a forum to analyze solutions to utility infrastructure security and delivery concerns. Mr. Mroz is a thought leader on issues the Committee regularly addresses including cyber security, workforce development, and infrastructure improvements in all industries. From 1991-1993, Mr. Mroz served as the County Counsel for Camden County, N.J. In 1993 then Governor Christine Todd Whitman appointed him to the first of several senior positions in her administration. He served as Director of Authorities, Governor’s counsel, and liaison to New Jersey’s largest independent agencies. In 1998 Governor Whitman appointed him as Special Counsel. In 1999, Governor Whitman recognized Mr. Mroz’s thought leading abilities and appointed him to Chief Counsel. Mr. Mroz served as the Governor’s primary advisor for legislative affairs, judicial and prosecutorial appointments, as well as, legal, policy and management issues of the State government. Richard Mroz is a graduate of the University of Delaware and holds a J.D. from the Villanova School of Law.

Roger Rademacher
Solution Architect

Roger has over two decades of combined experience as an IT professional, Systems Engineer and self-proclaimed Cybersecurity Evangelist. He has been working to secure Department of Defense (DoD) and Critical Infrastructure using comprehensive cybersecurity management practices and is a contributing member in the development of draft security standards including ISA 99 /IEC 62443. As a member of the FoxGuard team, Roger consults with asset owners and develops cybersecurity solutions which enable compliance with cybersecurity standards and regulations. He engages local and online cybersecurity communities through speaking engagements, instruction, white papers and best practice guides. Roger volunteers within the local homeschool community to support the instruction of cybersecurity, music, history, science and fitness. He is teaching a portion of the next generation to embrace the concepts of lifelong learning, creativity, and healthy living.

Lynn Costantini
Deputy Director, Center for Partnerships & Innovation National Association of Regulatory Utility Commissioners (NARUC)

Russell Evans
DIRAP – Cybersecurity/Financial Services Lead Office of Apprenticeships

Danish Saleem
DER Cybersecurity Standards Lead, National Renewable Energy Laboratory (NREL)

Travis Smith
Principal Security Researcher, Tripwire

Travis Smith is a Principal Security Researcher at Tripwire. He has over 10 years of experience in security, holds an MBA with a concentration in information security and multiple certifications, including CISSP, GIAC GPEN and Security+. Smith specializes in integrating various technologies and processes. He has a passion for forensics and security analytics with the goal of helping customers identify and mitigate real threats.

Harry Regan
VP, Security Consulting Services, Securicon

Harry Regan, CISSP, CISM, PSP is an information security, asset protection and systems operations professional with over 30 years of commercial, Federal and DoD experience. Mr. Regan has extensive experience in enterprise, industrial and process control systems protection, cybersecurity and physical security, and operations management in critical infrastructure implementations and for regulated industries. Mr. Regan has direct experience in defensive and offensive security techniques; technology-based countermeasures; SCADA systems; building automation and industrial infrastructure systems; NERC Critical Infrastructure Protection (NERC CIP), HIPAA, and a number of other regulatory compliance programs.

Steve Parker
President, EnergySec

Steven Parker, CISA, CISSP, is a founding director of EnergySec. He has been engaged in critical infrastructure protection within the electric sector for more than 14 years, including eight years as a senior security staff member at a large west coast utility. He was also one of the original NERC CIP auditors for the WECC region. He has been with EnergySec full-time since 2010.

Gabe Authier
Director of Product Management, Tripwire

Gabe Authier is the Director of Product Management at Tripwire. He has over 20 years of experience in Product Management and Information Technology with certifications in Agile practices and Pragmatic Marketing methodology. Gabe has a proven track record of successfully launching multiple Industrial Cyber Security technologies and SaaS Cloud products, including executing the product launches and growing a profitable business unit.

Carter Manucy
Cyber Security Manager, Florida Municipal Power Agency

Carter Manucy is the Cyber Security Manager for Florida Municipal Power Agency, a joint-action agency in Orlando, Florida. At FMPA his responsibility is for OT cyber and physical security as well as NERC CIP compliance. While working at FMPA, Carter has held numerous roles in the IT/OT domain over the last couple of decades while maintaining a passion for cyber security. Carter holds a SANS GCIP certification, is currently the chair for the Cyber Mutual Assistance Compliance Committee, a voting member for NERC CIPC, and acts as chair/author/member/participant/contributor for numerous other committees, groups and publications in the cyber security and compliance arenas.

Event Sponsors

Event Schedule

  • April 7, 2020
  • April 8, 2020
  • April 9, 2020
09:00 AM
to
10:00 AM
10:00 AM
to
10:30 AM

Energy Emergency Management: Successes and Strategies

$0.00

The intersections between energy and emergency management necessitate coordination across disciplines and sectors. With the dynamic risks associated with cybersecurity it is imperative for government and industry to understand each other’s roles and work together to ensure the reliability and resilience of energy resources. This presentation will cover Washington State's participation in GridEx V including coordination with utility partners, lessons learned, and recommendations on business continuity strategies for internal emergency management including response to large scale cyber-attacks.

Eli King

10:30 AM
to
11:00 AM
11:00 AM
to
11:30 AM

State-level Activities

$0.00

Lynn Costantini

11:30 AM
to
12:00 PM

Securing the IIoT: Cybersecurity for Distributed Energy Resources

$0.00

Harry Perper

12:00 PM
to
01:00 PM
01:00 PM
to
01:30 PM

NICE Cybersecurity Framework

$0.00

Rodney Peterson

01:30 PM
to
02:00 PM

Apprenticeships in Workforce Development

$0.00

Russell Evans

02:00 PM
to
02:30 PM

EnergySec Presentation

$0.00

02:30 PM
to
03:00 PM
03:00 PM
to
04:00 PM

DoE CyberForce National Champions: Lessons Learned in Cyber Competitions

$0.00

The UMBC Cyberdefense Team has participated in inter-collegiate cybersecurity competitions for over ten years. In 2017, the team won the National Collegiate Cyberdefense Competition. In 2019, the team won the DoE CyberForce Competiton, beating out more than 100 teams from around the USA. Our purpose is to learn about best practices in cybersecurity, and encourage others to do the same. We will present an overview of our experiences in cyber competition, and describe some lessons learned along the way.

The UMBC Cyberdefense Team

04:00 PM
to
04:30 PM
04:30 PM
to
05:00 PM
09:00 AM
to
09:15 AM

Opening Remarks

$0.00

Steve Parker

09:15 AM
to
10:00 AM

Helping Regulators Regulate - Bringing Cyber Hygiene Basics to Those Charged with Overseeing the Distribution Grid

$0.00

In recent years the US Department of Energy and NARUC, as well as the US State Department and USAID, have funded cyber trainers from national labs, FERC, state government, US utilities and foreign partners to help raise the bar on regulator cybersecurity knowledge. This session will describe the types of lessons we bring to them, as well as observations on the state of their maturity and what they’re saying they need most.

Andy Bochman

10:00 AM
to
10:30 AM
10:30 AM
to
11:00 AM

Power Plants, Trains and Dishwashers: Third Party Code Is Everywhere

$0.00

With more than 220,000 known vulnerabilities published, and additional new disclosures in 2020, security professionals in the electricity industry must make constant risk decisions. Many of the vulnerabilities disclosed are very basic in nature making it clear that vendors have not implemented the security improvements we require in our software. As the code providing our basic infrastructure (e.g. electricity, water), cars, medical, and other “Internet of Things” devices comes under increasing scrutiny and attack, dramatic reports flood the news about how vulnerable these critical systems are, and the mass chaos that could ensue if they were compromised. Decision makers and developers must be aware that they may have inherited security issues of incorporated third-party components and that they have to care. This talk helps to ensure we all start thinking about how to tackle security risks we inherit as part of the digital supply chain. Attendees will learn how to: - Dissect and interpret vulnerability statistics and information security risks - Manage and prioritize the growing volume of vulnerable software in the electricity industry - Understand Vulnerability timelines and Code maturity - Elevate their approach to reviewing vendors and evaluating product security

Jake Kouns

11:00 AM
to
11:30 AM

Attacks against RFID badges

$0.00

How Star Wars lightsaber RFID spoofing led to RFID badge/keycard attacks. Tools and Techniques explained. How secure are your RFID badges? How can they be spoofed? How easy is it? What about two factor (2FA) RFID systems that include a pin pad, are they secure? What are Card Reader man-in-the-middle attacks? What is RFID credential brute forcing? How effective is it? What does all this have to do with the new Star Wars Galaxy’s edge RFID kyber crystal color controlled lightsabers? Find Out

Roger Rademacher

11:30 AM
to
12:00 PM
12:00 PM
to
01:00 PM
01:00 PM
to
01:30 PM

DER Cybersecurity Standards

$0.00

Danish Saleem

01:30 PM
to
02:00 PM

Cyber Physical Security for DER

$0.00

Marissa Morales Rodriguez

02:00 PM
to
02:30 PM
02:30 PM
to
03:00 PM
03:00 PM
to
03:30 PM

Combating ICS Threats with ATT&CK: A Deep Dive

$0.00

One of the most valuable resources recently welcomed into the enterprise IT arena is the MITRE ATT&CK™? framework. Fueled by the security community’s efforts to share knowledge, this powerful tool is a comprehensive matrix of tactics and techniques used by threat hunters, red teamers and defenders to better understand adversarial behavior and asses organizational risk. As a nod to the rising threat of cyber-attacks targeting critical infrastructure, MITRE has released an expanded version of this framework specifically for industrial environments. This session takes a deep dive into the MITRE ATT&CK framework and its latest update covering techniques against industrial control systems (ICS). We’ll explore how organizations can use this readily-available tool to gain actionable intelligence on the hacking methods used to disrupt delivery of service, damage equipment, or cause catastrophic failures. Attendees will learn of various use cases for how the tool can be applied in their own environments, including testing assets, threat hunting and mapping defensive controls. Attendees will leave this session with a better understanding of ATT&CK, how to turn intelligence into action, and best practices for getting started.

Travis Smith

03:30 PM
to
04:00 PM
04:00 PM
to
05:00 PM

Supply Chain Panel

$0.00

Harry Regan

Tom Hoffstetter

05:30 PM
to
07:00 PM
09:00 AM
to
09:30 AM

A Risk-Informed Automated Vulnerability and Patch Management Solution

$0.00

As the number of reported vulnerabilities each year continues to rise, utilities are under increasing pressure to assess vulnerabilities in a timely manner while remaining compliant with regulatory standards. A lack of risk-based optimization means that severe vulnerabilities are treated with the same urgency as minor ones. This presentation will address how machine learning can specifically benefit smaller utilities with few or no full-time employees dedicated to vulnerability and patch management by generating risk-informed work decisions. This approach shows a 97% accuracy in the machine learning predictions and overall time savings of two full-time employees in small electric utilities, allowing employees with valuable knowledge and experience to focus on other priorities.

Kylie McClanahan

09:30 AM
to
10:00 AM

Moving the Needle in Cloud Regulation: A Call for Collaboration

$0.00

The cloud has the potential to combat a number of challenges in the utility industry. By taking systems off the ground and into the cloud, critical infrastructure organizations can experience more flexibility and scalability while reducing costs. However, regulators, auditors and standards developers need hard data with which to build safe uses of cloud processing in electrical utilities. In this session, we invite the audience to participate in a collaborative approach between utilities, CSPs, auditors and security companies. The objective of this joint effort is to create a real-world dataset that can be made available to interested parties for thoughtful deliberation. Specifically, we envision a group that will create various cases for utilizing cloud resources to support typical utility workloads. We expect the group to create an operational security infrastructure capable of withstanding red team attacks. Lastly, the group will describe how cloud auditing can be performed on the resulting systems. Through this collaborative effort, utility companies can be better prepared to respond to reliability and safety concerns, technological innovation and new regulatory drivers.

Gabe Authier

10:00 AM
to
10:30 AM

Presentation

$0.00

Richard Mroz

10:30 AM
to
11:00 AM
11:00 AM
to
11:30 AM

Using Joint Action to stand up an assessment program for small and medium public power utilities

$0.00

Carter Manucy

11:30 AM
to
12:00 PM
12:00 PM
to
01:00 PM
01:00 PM
to
01:45 PM

An ‘All-Hands on Deck’ Approach to Enhancing Cyber Resilience in New York State

$0.00

Critical infrastructure sector owners, operators, and supervisors have been a part of an evolving operating environment that has proved to be beneficial with more ‘smart’ technology investment, but also challenging because of looming asymmetrical and sophisticated threats – cyber and physical. Recognizing these current and emerging changes occurring in the utility environment, the New York Power Authority (NYPA), supported by Toffler Associates, convened other key New York State (NYS) critical infrastructure stakeholders throughout 2019 to establish a collaborative partnership. The purpose of the collaborative partnership was to establish NYS as a leader in utility cyber preparedness and resilience, also creating a template guide titled: “New York State Cyber Partnership Capabilities Guide” with the intention for other states to leverage and apply in their respective environments with their National Guard units. Stakeholders included leaders from NYPA, New York National Guard (NYNG), National Guard’s 91st Cyber Brigade, Office of the Governor, Department of Homeland Security and Emergency Services (DHSES), New York State Intelligence Center (NYSIC), and the Public Services Commission (PSC). This presentation will guide the audience through details of how the idea was developed, the process of defining problem, needs, and wants of stakeholders with respect to cyber (and physical); mapping capabilities and identifying gaps that must be considered to build preparedness and resilience.

Caitlin Durkovich

Kenneth "KC" Carnes

01:45 PM
to
02:15 PM
02:15 PM
to
03:15 PM