Safeguarding Critical Infrastructure: Enhancing Hacker Detection for NERC CIP Compliance

The hacker community continues to innovate and find creative ways to disrupt critical infrastructure that is becoming more reliant on digital technologies. Volt Typhoon is one example of a sophisticated, stealthy attack targeting real-time operational systems used to manage critical infrastructure operations that must be detected, before it can be used to disable key infrastructure, such as the Electric Grid.

It’s imperative that an entity maintain visibility over communications between networked devices within a trust zone and detect malicious activity that has circumvented perimeter controls. FERC’s INSM NOPR facilitates the detection of anomalous network activity indicative of an attack in progress, thus increasing the probability of early detection and allowing for quicker mitigation and recovery from an attack.

This session provides the audience with a clear understanding of the risks that are unique to time sensitive OT environments and guidance to help critical infrastructure operators detect suspected hacker activity as early as possible so that mitigation activities can begin and incident response plans put in place to prevent disaster. Experts from the energy industry and solution provider space provide their perspectives.

Here is what you will take-away from this session:

What’s driving these new INSM NOPR requirements and why it matters
How does the INSM NERC initiative differ from previous NERC CIP standards and requirements?

Different strategies for implementing effective monitoring and detection of hacker activity that complies with NERC CIP standards and achieves the objectives identified in the FERC INSM NOPR.

A high-level understanding of the various solution options along with approximate implementation timelines and effort.

Understand how Nozomi is uniquely qualified to provide an effective INSM solution that is different from other product and service offerings.

Next steps to planning an effective and compliant ISNM solution.

It’s important to understand the various challenges that come with INSM solutions for operational technology (OT) and real-time operations, which are time sensitive and resource constrained. The compliant solutions discussed in this session have been designed with these unique OT constraints and sensitivities in mind, in order to produce an effective solution that will not impact real-time functions and performance and provide early detection of hacker activity.

PANEL:
Gehron “Ronny” Fredericks | Field CTO
Nozomi Networks

Josh Sandler | Senior Manager | CISSP, CISA, CISM | Cybersecurity
Ernst & Young

Moderator: Dick Brooks | Co-Founder and Lead Software Engineer Business Cyber Guardian™ (BCG) a REA™ Company