Technical Talk with RF

Agenda Topics:

Cybersecurity, Energy Security, and Emergency Response (CESER) and Idaho National Laboratory (INL) Cybersecurity Training for the Utility Workforce

Cynthia Hsu – Cybersecurity Program Manager, Rural and Municipal Utilities, Department of Energy Office of Cybersecurity, Energy Security, and Emergency Response (CESER)

• Cynthia will provide an update on upcoming cybersecurity training events hosted by CESER and INL. Each training event will cover the same material but will be offered in different locations – one event will be located in each of the six NERC regions.  Participants do not need to be from a NERC registered entity. The training is designed for technical practitioners in electric utilities that require a hybrid of skills across information technology (IT), industrial control systems (ICS), operation technology (OT), cybersecurity, and electric grid operations.

BES Cyber Security (BCS) in the Cloud

Tom Alrich – Independent Consultant, Blogger and Leader of Open Web Application Security Project (OWASP), Software Bill of Materials (SBOM) Forum project.

• Tom will share his thoughts regarding cyber-security and CIP compliance in cloud environments. He will be discussing opportunities, risks and mitigations as industry explores the possibility of implementing BES Cyber Systems (BCS) into the cloud including implications on CIP-002 and additional NERC Standards.

BES Cyber System Information Access Management

Shon Austin –Principal Technical Auditor, ReliabilityFirst

• Shon will discuss Project 2019-02 BES Cyber System Information Access Management. This initiative enhances BES reliability by creating increased choice, greater flexibility, higher availability, and reduced‐cost options for entities to manage their BES Cyber System Information, by providing a secure path towards utilization of modern third‐party data storage and analysis systems. In addition, the proposed project would clarify the protections expected when utilizing third‐party solutions (e.g., cloud services).

​Who should attend:

These presentations are especially relevant to compliance personnel and CIP Subject Matter Experts (SMEs) across all NERC registrations, especially those interested in cloud computing and virtualization. We encourage you to forward the webinar link and invitation to anyone interested in learning more about cyber security emerging technologies, risks, and revisions to upcoming standards.

Reference Materials:

2023-10-23 Cybersecurity Tech Talk