Fundamentals of Cyber Security for Utilities

August 15-16, 2024 | Online :: Mountain Time

0824-cyber-security

“I’ve taken two courses with EUCI and I have gotten a lot out of them. The courses are well-managed and presented in an easy to digest manner without making you just sit there and read a PowerPoint presentation all day. I continue to enjoy and gain a lot of valuable information from these courses and look forward to the next one.” – WAPA

“Very knowledgeable and delivers content in a way that is easy to comprehend.” – NMPP Energy

“Excellent presenter! Approachable and relatable!” – General Manager, Guam Power Authority

“Made a dry subject come alive and clarified the technical procedures/best practices. He puts everyone at ease, and I think everyone enjoyed the experience.” – Director, Dubriansly Consulting

“Good topic knowledge and experience. Well-spoken and engaging. If you are new to NERC/CIP/Cyber this is a good place to start!” — City of Redding

The Fundamentals of Cyber Security for Utilities course will provide attendees with invaluable insights into the evolving landscape of cyber threats and vulnerabilities facing the industry. From discussing common attack vectors to understanding to attacker motivations, participants will understand the importance of robust cyber security policies and frameworks.

The agenda will include:

• Ransomware, malware variants and social engineering
• Critical infrastructure and incident response planning
• Risks and exposure
• Supply chain vulnerabilities and implications
• Technical countermeasures, hardware/software, and physical security
• Regulatory compliance and risk-based decision planning

Upon completion of this training, electric utility professionals will have a comprehensive knowledge of the tools to navigate complex cyber security landscapes and how to safeguard critical infrastructure assets.  

Bulk discounts start at 20% when you register five or more, so sign up for this fundamentals course today!

Learning Outcomes

• Review the diverse landscape of cyber threats facing utilities, including common attacks, motivators, and characteristics of advanced threats
• Gain familiarity with cyber security policies and IT security frameworks and assess vulnerabilities
• Discuss the importance of social engineering awareness
• Identify critical infrastructure risks and exposure areas (i.e., supply chain, smart grid, and electronic media)
• Explore technical countermeasures essential for enhancing resilience, such as architecture, hardware, and software
• Explain NERC CIP compliance and discuss FERC, NERC, reliability standards, common challenges for BES providers and regulatory landscapes
• Develop foundational skills in incident response planning and how to create continuity of operational plans to reduce cyber attacks

Thursday, August 15, 2024 : Mountain Time

Introduction to Cyber Threat for Utilities

• The Most Common Cyber Threat Attack Vectors
• Who are the Attackers and What do They Want?
• Understanding Advanced Persistent Threat (APT) Actors
• Cyber Security Policy and IT Security Frameworks
• The Types of Assessments and Why You Would Use Them

Discussion on Ransomware and Other Common Malware Variants

 

Social Engineering and Why it Matters

• Platforms for Attacks: Phishing, Vishing, Smishing
• Other Social Engineering Methods
• Being Smart in the Digital World

Critical Infrastructure Provider Risks and Exposure

• Supply Chain Risks
• Smart Grid and Process Control
• Procurement Controls
• Electronic Media Security

General Overview of Technical Counter Measures

• Cyber Security and Enterprise Architecture
• Cyber Security Hardware and Software in a Defensive Architecture
• Physical Security and Remote Access
• Zero Trust and Secure Access Service Edge (SASE)
• Defense in Depth as a Discipline

NERC CIP: Compliance Preparation and Implementation

• Definition and Review of FERC, NERC and US Reliability Standards 
• Introduction and Description of the NERC CIP Standards
• Review of Common Challenges for Electric System (BES) Providers
• Regulatory Landscape Concerning NERC CIP

Basic Elements of Incident Response (Responding to Cyber Attacks)

• Cyber Incident Management Framework and Emergency Response Plan
• Cyber Incident Walk Through
• The Triad of Planning – Business Continuity, Disaster Recovery and Cyber Incident Response
• Continuity of Operations Plan or Disaster Recovery Plan
  • Crisis management teams
  • Manual overrides and temporary manual operations
  • Testing system redundancy

Friday, August 16, 2024 : Mountain Time

Assessing Risk and Making Risk-Based Decisions

• How Cyber Risks are Different from Financial, and other Operational Risks
• Realistic Risk Assessment
• Using Threat, Cyber Security Assessments, Audits and Penetration Tests
• Compliance and Developing Meaningful Compensating Controls

Establishing the Value Proposition for Cyber Security

Eric Smith, Senior Cyber Security Reliability Consultant

Mr. Smith is a Senior Cyber Security Reliability Consultant with 20+ years of experience focusing on the NERC CIP reliability standards. Skillful in developing and implementing successful internal compliance programs that have been tested through numerous audits and certifications in the WECC, RF, NPCC, SERC and MRO regions and Canada. Experienced in working with Medium and Low impact BES cyber systems, focused on GO/GOP, TO/TOP, and BA entities in the hydro, storage and renewable energy arenas. Mr. Smith is a creative and innovative solution leader developing results based in the NERC CIP, NIST 800, ISO 27000, and corporate business standards. Mr. Smith drives organizations to maintain focus on achieving a solid sustainable cyber security compliance program through preparation of communication documents to promulgate information related to the NERC CIP Reliability Compliance Program. He is a self-driven leader with the ability to thrive in a fast-paced environment coupled with proficiency to think outside the box as well as effective teamwork and communication skills.

We will be using Microsoft Teams to facilitate your participation in the upcoming event. You do not need to have an existing Teams account in order to participate in the broadcast – the course will play in your browser and you will have the option of using a microphone to speak with the room and ask questions, or type any questions in via the chat window and our on-site representative will relay your question to the instructor.

• Microsoft recommends downloading and installing the Teams app if possible. You may also use the Edge browser or Chrome.
• You will receive a separate email with a unique link to a personalized landing page which will include links to join all sessions of this event.
• If you are using a microphone, please ensure that it is muted until such time as you need to ask a question.
• The remote meeting connection will be open approximately 30 minutes before the start of the course. We encourage you to connect as early as possible in case you experience any unforeseen problems.

Please Note: This event is being conducted entirely online. All attendees will connect and attend from their computer, one connection per purchase. For details please see our FAQ

If you are unable to attend at the scheduled date and time, we make recordings available to all attendees for 7 days after the event

REGISTER NOW FOR THIS EVENT:

Fundamentals of Cyber Security for Utilities

August 15-16, 2024 | Online

Your registration may be transferred to a member of your organization up to 24 hours in advance of the event. Cancellations must be received on or before July 12, 2024 in order to be refunded and will be subject to a US $195.00 processing fee per registrant. No refunds will be made after this date. Cancellations received after this date will create a credit of the tuition (less processing fee) good toward any other EUCI event. This credit will be good for six months from the cancellation date. In the event of non-attendance, all registration fees will be forfeited. In case of conference cancellation, EUCIs liability is limited to refund of the event registration fee only. For more information regarding administrative policies, such as complaints and refunds, please contact our offices at 303-770-8800

Credits

EUCI is accredited by the International Accreditors for Continuing Education and Training (IACET) and offers IACET CEUs for its learning events that comply with the ANSI/IACET Continuing Education and Training Standard. IACET is recognized internationally as a standard development organization and accrediting body that promotes quality of continuing education and training.

EUCI is authorized by IACET to offer 1.1 CEUs for this event.

Verify our IACET accreditation

Who recognizes IACET Credits?

Requirements for Successful Completion of Program

You must be logged in for the entire presentation and send in the evaluation after the online course is completed.

Instructional Methods

This course will use PowerPoint presentations and group discussions.

---

Upon successful completion of this event, program participants interested in receiving CPE credits will receive a certificate of completion.

Course CPE Credits: 13.0
There is no prerequisite for this Course.
Program field of study: Specialized Knowledge
Program Level: Basic
Delivery Method: Group Internet Based
Advanced Preparation: None

EUCI is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its web site: www.nasbaregistry.org

 

Who Should Attend 

Utility and energy company staff from the following departments:  

• Directors and C-Suite Executives 
• Compliance and Regulatory Managers 
• Legal and Regulatory Staff 
• Information Technology and Information Security 
• Operations and Engineering 
• Administrative and Support Staff 
• Control Systems Maintenance Staff 

As well as:  

• Attorneys and Regulators 
• NERC Regional Entity staff 
• Contractors and Vendors