gridseccon 2017 - nerc 2017 progr… · intercontinental st. paul riverfront 11 kellog boulevard...

GridSecCon 2017

October 17–20

InterContinental St. Paul Riverfront11 Kellog Boulevard East, St. Paul, Minnesota

3

Letter from NERC President and CEO

Welcome to GridSecCon 2017!

Our seventh annual grid security conference highlights the growing unity of effort between industry, government partners, and other stakeholders to strengthen grid security across North America. GridSecCon represents the vital, ongoing work of security professionals to enhance the protection of our shared critical infrastructure as our interdependencies increase.

GridSecCon focuses on the training and tools that are necessary for success in a dynamic threat environment. NERC, industry, and government must share information effectively, including actionable intelligence, and educate the public about the reality of cyber and physical security risks to the grid. A comprehensive approach to grid security builds on NERC standards and depends on strong collaboration by industry and government at all levels.

GridSecCon reflects the importance of a grid security program that is designed to address constantly changing risks. This year, you will hear discussions led by experts from organizations including the Canadian Electricity Association, the Defense Advanced Research Projects Agency, the Edison Electric Institute, the Electric Power Research Institute, and the FBI. These organizations will provide insight on the latest strategies and solutions to address known and potential cyber and physical security threats.

Other topics during this three-day event include a discussion of industry-government partnerships, law enforcement collaboration with the industry, insider threats, the cyber security supply chain, and rapid detection of cyber threats.

Cyber and physical security are integral to the mission of NERC and its Electricity Information Sharing and Analysis Center. The industry is innovative and so are its adversaries. GridSecCon is one way that NERC fosters a learning environment among stakeholders to promote the security and resiliency of the bulk power system.

I look forward to the discussion and to another successful conference.

Gerry Cauley

4

First Floor Meeting Rooms

Lobby Level Meeting Rooms

Lower Level Meeting Rooms

5

01 FoxGuard

02 NIST NCCOE

03 NUARI

04 John Hopkins APL

05 SANSInstitute

06 Dragos, Inc.

07 Curricula

08 TESU

09 SpotterRF

10 Qualtrax

11 Nozomi Networks

12 AttivoNetworks

13 Burns & McDonnell

14 Claroty

15 Cyberbit

16 NetworkPerception

17 UtilityServices

18 Harsco

19 Future Fiber Technologies

20 AlertEnterprise

21 CyberArk

22 Verve

23 WaterfallSecuritySolutions

24 IronNet Cybersecurity

25 OPSWAT

26 AESI

27 Gryphon Sensors and Welund

28 SigmaFlow

29 Circadence

30 Veoci

31 CAST Lightning

32 InstaKey

33 Dynetics

Minnesota Ballroom Exhibitions

34 FLIR Systems

35 Doble Engineering Company

36 OwlCyberDefenseSolutions,LLC.

37 TDI Technologies

38 SEL

39 Southwest Microwave

40 Ameristar

41 Medeco

42 Midwest Security Products

43 TRIPWIRE

44 CyberX

45 Minerva

46 Indegy

47 Radiflow

6

Agenda

Monday, October 16, 2017 | Preconference

6:00 – 8:00 p.m. Evening Registration (no reception) Great River Court

Tuesday, October 17, 2017 | Training Day

7:30 – 8:00 a.m. Continental Breakfast Great River Court

8:00 a.m. – 12:00 p.m. Morning Sessions

12:00 – 1:00 p.m. Lunch Great River Court

1A: GridEx IV – Move Zero TrainingGreat River Ballroom (200 seats)

E-ISACandSANSInstitute(Pick both 1A and 1B)

2A: Physical Security Workshop IKellogg Room (120 seats)

Physical Security Advisory Group (facilitated by the E-ISAC)

3A: Convergence of Cybersecurity Situational Awareness

Capabilities for the Energy SectorState Suite (100 seats)

NationalCybersecurityCenterofExcellence|NationalInstituteof

Standards and Technology

4A: Designing a Powerful NERC CIP Training and Awareness ProgramGovernors III (50 seats)

Curricula, LLC

5A: Live Exercise: Red Teaming the Micro Grid

Governors IV (75 seats)

Norwich University Applied Research Institutes

Training ProviderTraining Track

7

1:00 – 5:00 p.m. Afternoon Sessions

6:00 – 9:00 p.m. Welcome and Networking Reception Minnesota Court/Ballroom

Wednesday, October 18, 2017 | Strategies and Threat Day 7:30 – 8:15 a.m. Registration and Continental Breakfast Minnesota Court 8:15 – 8:30 a.m. Logistics Bill Lawrence, Senior Director of the E-ISAC

Great River Ballroom

8:30 – 9:00 a.m. Welcome Address and Opening Keynote Gerry Cauley, President and CEO, NERC


9:00 – 9:30 a.m. Host Utility Keynote Ben Fowke, Chairman of the Board, President and CEO, Xcel Energy


9:30 – 10:00 a.m. Energy Keynote Patricia Hoffman, Principal Deputy Assistant Secretary and Acting Assistant Secretary, Office of Electricity Delivery and Energy Reliability, DOE


1B: GridEx IV – Move Zero TrainingGreat River Ballroom (200 seats)

E-ISACandSANSInstitute(Pick both 1A and 1B)

2B: Physical Security Workshop IIKellogg Room (120 seats)

Physical Security Advisory Group (facilitated by the E-ISAC)

3B: Mission Dependency AnalysisState Suite (100 seats)

Johns Hopkins Applied Physics Laboratory

4B: Patching Lessons Learned: An Interesting PerspectiveGovernors III (50 seats)

FoxGuardSolutions

5B: Threat Modeling, Intelligence Consumption, and Hunting in ICS

Governors IV (75 seats)Dragos, Inc.

Training ProviderTraining Track

8

10:00 – 10:30 a.m. Break Minnesota Court/Ballroom

10:30 – 11:05 a.m. Industry’s Work with Government Partners Scott Aaronson, Executive Director, Security and Business Continuity, EEI

Francis Bradley, Chief Operating Officer, Canadian Electricity Association


11:05 – 11:40 a.m. Law Enforcement and the Electricity Industry Supervisory Special Agent Christopher Golomb, FBI


11:45 a.m. – 1:00 p.m. Off-Site Lunch at Union Depot 214 4th Street East, St. Paul, Minnesota

1:00 – 1:45 p.m. Insider Threat Moderator: Charlotte de Sibert, Principal Physical Security Analyst, E-ISAC Joseph Ladd, Information Technology Manager, Fusion Center, Southern Company

Sharon Chand, Principal, Deloitte and Touche Cyber Risk Services Team


1:45 – 2:45 p.m. Midwest Reliability Organization Security Advisory Council Moderator: Steen Fjalstad, MRO, Security and Mitigation Principal

Mike Kraft, Senior Engineer, Basin Electric Power Cooperative

Steve Brown, Xcel Energy, Vice President and Chief Security Officer

Jodi Jensen, Western Area Power Administration, Senior SCADA Specialist

Warren LaPlante, Manager, ALLETE Security


2:45 – 3:15 p.m. Break Minnesota Court/Ballroom

3:15 – 3:45 p.m. Geomagnetic Disturbances and High-Altitude Electromagnetic Pulse Research BobArritt,TechnicalExecutiveGridOperationsandPlanning,Electric PowerResearchInstitute


9

3:45 – 5:15 p.m. Collateral Damage in the Age of Hybrid War (The Threats of Modern Malware) Moderator: Timothy Roxey, Vice President and Chief Special Operations Officer, E-ISAC Robert Lee, Chief Executive Officer, Dragos, Inc. Michael Assante, Director of Critical Infrastructure and Curriculum Lead, ICS and SCADA, SANS Institute Sam Chanoski, Director of Situation Awareness and Event Analysis, NERC


5:15 p.m. Closing Remarks Great River Ballroom

6:00 – 9:00 p.m. Evening Networking Reception Minnesota Court/Ballroom

Thursday, October 19, 2017 | Solutions Day

7:30 – 8:15 a.m. Continental Breakfast Minnesota Court/Ballroom

8:15 – 9:45 a.m. E-ISAC Experts Present Moderator: Steve Herrin, Director, Operations and CRISP Senior Manager

Jesse Reisman, Watch Operations Chief

Carlo Castañeda, Manager for Cyber Security Analysis

Charlotte de Sibert, Principal Physical Security Analyst


9:45 – 10:15 a.m. Break Minnesota Court/Ballroom

10:15 – 11:45 a.m. Lightning Round Presentations (10 minutes each) Great River Ballroom

Drones and the Threat to Critical Infrastructure Ernie Hayden, ICS Cyber and Physical Security, BBA, Inc.

Dragonfly: Cyber Attacks Against Western Energy Sector Vikram Thakur, Technical Director, Symantec Corporation

The Elusive but Essential Return on Investment Donna Vignes, Security Program Manager, MISO

Implementing Application Whitelisting on Computers Used for Protection and Control Bernard Tatera, Principal Engineer in the Systems Automation Group, Pacific Gas & Electric

10

Thermal Perimeter Intrusion Detection Brady Flamm, Vice President of Business Development, Thermal Imaging Radar

Visibility is the Key to Protection Rick Kaun, Vice President of Solutions, Verve Industrial Protection

Designing Secure Remote Access Solutions for Substations John Biasi, Senior Cybersecurity Specialist, Burns & McDonnell

11:45 a.m. – 1:00 p.m. Off-Site Lunch at Landmark Center 75-5th Street West, St. Paul, Minnesota

1:00 – 2:00 p.m. Cyber and Physical Security Convergence Moderator: Tobias Whitney, Senior Manager of CIP Compliance, NERC

Pat Ervin, Power Grids Compact Substation Business Development Manager, ABB

Tyler Mullican, Vice President of Security Architecture, Fortress Information Security


2:00 – 3:00 p.m. Supply Chain Management Moderator: Howard Gugel, Senior Director, Standards and Education, NERC

James Chuber, Supply Chain Operations Manager, Duke Energy

Tom Alrich, Senior Manager, Enterprise Risk Services, Deloitte

Michael Toecker, Owner/Engineer, Context Industrial Security

Orlando Stevenson, Manager, Programs and Plans, E-ISAC


3:00 – 3:30 p.m. Break Minnesota Court/Ballroom

3:30 – 4:00 p.m. Rapid Attack Detection Isolation and Characterization Systems Information Innovation Office (I2O), Defense Advanced Research Projects Agency Great River Ballroom

4:00 – 5:00 p.m. GridEx IV (panel discussion) Moderator: Jacob Schmitter, Senior Manager, Exercises and Training, E-ISAC

Tim Conway, Technical Director, ICS and SCADA, SANS Institute Steven Briggs, Senior Program Manager, Instrumentation and Controls (I&C) Systems and Generation Cyber Security, Tennessee Valley Authority

Doug Flood, Associate, Booz Allen Hamilton


5:00 p.m. GridSecCon 2017 Closing Comments Great River Ballroom

11

Friday, October 20, 2017 | Tours and Briefings Day

7:30 – 8:00 a.m. Continental Breakfast Great River Court

8:00 – 9:00 a.m. Threat Briefing – For Official Use Only Kellogg Room

10:00 a.m. – 12:00 p.m. Classified Briefing (secret clearance required | transportation provided) 1501 Freeway Boulevard Brooklyn Center, Minnesota 55430

Utility Tours in the Local AreaTimes listed are for departure – please arrive early to the bus and ensure you’re on the correct tour; return times are approximate; some tours are restricted, involve heavy walking and climbing, and require waivers or other documentation).

The following information will be requested for security checks and badging:

• Legal name (as it appears on a driver’s license or passport)

• Citizenship status (US or Foreign National with Country Name)

• Job title and company

8:00 a.m., 9:45 a.m. Xcel Energy High Bridge Plant (1.5 hours with walking and stair or 1:00 p.m. climbing) Tour A (25 seats) Bus leaves at 8:00 a.m. Tour from 8:15 – 9:45 a.m. Bus returns at 10:00 a.m.

Tour B (25 seats) Bus leaves at 9:45 a.m. Tour from 10:00 – 11:30 a.m. Bus returns at 11:45 p.m.

Tour C (25 seats) Bus leaves at 1:00 p.m. Tour from 1:15 – 2:45 p.m. Bus returns at 3:00 p.m.

8:30 a.m. Xcel Energy Monticello Nuclear Plant (4 hours with walking and stair climbing)

Tour D (12 seats) Bus leaves at 8:30 a.m. Tour from 9:15 – 2:45 p.m. Lunch will be provided. Bus returns at 3:30 p.m.

12

Training Track Descriptions

GridEx IV Move Zero TrainingThe SANS Institute and E-ISACAll-day, 200 seats available, starts at 8:00 a.m.Audience: Accessible to a broad level of player skill ranges. Participants are encouraged to attend sessions 1A and 1B for this all-day training track

GridEx NetWars is a suite of hands-on, interactive learning scenarios that enable operational technology security professionals to develop and master the real-world, in-depth skills they need to defend real-time systems. It is designed as a challenge competition and is split into separate levels so that advanced players may quickly move through earlier levels based on their expertise. The GridEx Netwars experience has been themed for the electric sector and the scenario has been coordinated to align with the E-ISAC GridEx IV event occurring later in the year; however, participation in the full GridEx IV is not required in order to participate in GridEx NetWars event.

Track 2A: Beyond Guards, Guns, and Gates: The Details Matter!The E-ISAC Physical Security Analysis TeamHalf-day, 100 seats available, starts at 8:00 a.m.Audience: Physical security professionals and asset owners and operators

A Cadillac Strategy on a Buick Budget: Tomorrow’s Threats Addressed TodayHow to build a physical security strategy that consists of a risk-based approach with an eye for innovation and spread and a common sense and flexibility in standards. Reducing risk by sharing, partnering, and communicating are key to a successful physical security program. Innovate and fail fast!

Drones: The Current and Future State for Enterprise SecurityThis session provide in-depth look at the current threat environment related to drones. The discussion will begin with an overview of drone use by activists, criminals, careless citizens, and terrorists. Other topics will include safety issues related to enterprise flight operations, the current regulatory and legal environment (including both federal and state laws and regulations), detection versus mitigation, and the implementation of policies and procedures for organizations.

Track 2B: Beyond Guards, Guns, and Gates – The Details Matter!The E-ISAC Physical Security Analysis TeamHalf-day, 100 seats available, starts at 1:00 p.m.Audience: Physical security professionals; asset owners and operators

Activist Group Threat Monitoring – The How and The WhyAn interactive panel discussion regarding activist threat monitoring for electricity industry security professionals

Panel Speaker and moderator: Travis Moran, WelundFacilitated by: E-ISAC Physical Security Analysis Team

13

Track 3A: Convergence of Cybersecurity Situational Awareness Capabilities for the Energy SectorThe National Cybersecurity Center of Excellence | National Institute of Standards and TechnologyHalf-day, 100 seats available, starts at 8:00 a.m.Audience: technical/cybersecurity professionals

NCCoE engineers (alongside former Department of Energy CTO Pete Tseronis, Mark Rice of Pacific Northwest National Laboratory (PNNL), and Don Hill of University of Maryland College Park, Engineering and Energy) will share their expertise on Situational Awareness and discuss the recent NIST Special Publication 1800-7 that uses commercially available products to explore the methods for energy providers to more readily detect and remediate anomalous conditions and investigate the chain of events that led to the anomalies.

Track 3B: Mission Dependency AnalysisJohns Hopkins Applied Physics LaboratoryHalf-day, 100 seats available, starts at 1:00 p.m. Audience: Cybersecurity professionals.

To catch an attacker, you must think like an attacker. How would you attack your organization to cause the greatest impact?

Mission Dependency Modeling is a two-part systems approach for risk management that is used to identify the physical and cyber dependencies within an organization. Part 1 is focused on mapping the physical systems that support the corporate mission. Part 2 consists of mapping the information technology/cyber process that support those systems. This mapping process enables both physical and cyber security specialists to identify critical dependencies that, if impacted for any reason, would affect the organizational mission. This process graphically informs both senior leaders and security personnel on where to prioritize limited resources to reduce risk and validate current risk mitigation processes in place.

During this workshop, the Mission Dependency Modeling process will be explained, followed by walkthroughs of several organizational models. The workshop objective is to provide understanding for attendees to be able to apply this model to their own organizations to identify physical and cyber critical dependencies.

Track 4A: Designing a Powerful NERC CIP Training and Awareness ProgramCurricula, LLCHalf-day, 60 seats available, starts at 8:00 a.m. Audience: Cybersecurity professionals.

Gain expert insight on how to build and maintain an effective CIP training and awareness program in your organization. The industry has spent years developing cyber security programs across their organizations, everything from patch management and incident response to policies and procedures. We will examine a critical part of your cyber security program, including educating and training your personnel.

14

Track 4B: Patching Lessons Learned: An Interesting PerspectiveFoxguard SolutionsHalf-day, 60 seats available, starts at 1:00 p.m.Audience: cyber security professionals and industrial control systems owners

FoxGuard has learned many lessons over the past ten years and is excited to share our experiences. We will discuss challenges in building a compliant, as well as secure, patch management program, including intelligent electronic devices, relays, and other operationally focused equipment. Through hands-on opportunities, as well as classroom teaching, you will gain a better understanding of how to identify, analyze, search for, and consume applicable patch and update information.

Track 5A: Live Exercise–Red Teaming the Micro GridNorwich University Applied Research InstitutesHalf-day, 100 seats available, starts at 8:00 a.m.Audience: cyber security professionals

Every day we read of a new cyber breach compromising the integrity and operations of another company. Even organizations with defense in-depth and response playbooks are impacted. If your systems are breached, how will your organization respond and recover? This GridsecCon Training will engage individuals in a cyber-attack scenario that begins with indicators and warnings of an event. Each team (1 per table) will organize and respond to the event from a leadership perspective. When is the best time to stand up the incident response team? How should Operations, Public Relations, Legal, Compliance, Information Security, and Business Continuity roles respond? Who is in charge? When should the attack be escalated within the organization and to Law Enforcement or external constituents? This is an engaging crisis simulation that uses the DECIDE Platform in the exercise.

Track 5B: Threat Modeling, Intelligence Consumption, and Hunting in the ICSDragos, Inc.Half-day, 100 seats available, starts at 1:00 p.m.Audience: cyber security professionals

The cyber threats you face may not be the same as the threats your fellow electric industry members face; it is most certainly not the same threats that the larger IT security community faces. It is important to understand how to create a threat model based off of what threats you can anticipate facing, adapt it when new threats emerge, and use that to generate and consume intelligence about those threats. Upon doing so you will be able to perform better defense in your ICS, including leveraging more advanced models, such as threat hunting.

This workshop will show you how to create a threat model using best practices and models in the community, such as target centric modeling, and the ICS Cyber Kill Chain and bridging them with requirements in the larger community, such as the Cybersecurity Capability Maturity Model (C2M2) for the electricity industry. The workshop will introduce how threat intelligence can be useful once organizations understand the risks they are trying to reduce and the concept of threat hunting and strategies for performing it in the ICS.

The half-day workshop is well suited for personnel of all backgrounds and will be a lecture style with audience participation. If you’re a security practitioner looking to add intelligence into your toolkit, or if you’re not of a security background but want to understand how to start security off correctly to benefit ICS operations, this workshop is for you.

15

Scott AaronsonExecutive Director, Security and Business Continuity, Edison Electric Institute

ScottAaronsonhasbeenwithEEIsince2009whenhejoinedthegovernmentrelationsdepartmentfocusingonsecurityandseveralemergingtechnologyissues,includingelectricgridmodernization,cybersecuritypolicy,andtelecommunicationspriorities.HenowleadsEEI’ssecurityandbusinesscontinuityteamfocusingonindustrysecurityandresilienceinitiatives,establishingcollaborativepartnershipsbetweengovernmentandelectriccompaniesandacrosscritical infrastructuresec-tors.

InadditiontohisroleatEEI,AaronsonalsoservesasthesecretaryfortheElectricitySubsectorCoordinatingCouncil(ESCC),whichservesastheprimaryliaisonbetweenseniorgovernmentof-ficialsandindustryleadersrepresentingallsegmentsofthesector.Intheseroles,Aaronsonhasprovidedtestimonybeforestatelegislativeandregulatorybodies,bothhousesofCongress,andtotheUnitedNationsSecurityCouncil.Hespeaksfrequentlywithnationalmedia,isaboardmemberof The George Washington University’s Center for Cyber and Homeland Security, and has been a trustedsourceforpolicymakersonissuesofcriticalinfrastructuresecurity,includingboththePen-tagon’sDefenseScienceBoardandthePresident’sNationalInfrastructureAdvisoryCouncil.

Prior to joining EEI, Aaronson was a senior adviser to Members of Congress serving the 12th Con-gressionalDistrictofCalifornia,includingformerHouseForeignAffairsCommitteeChairmanTomLantos. From 2001 to 2007, he served as an economic policy adviser to Senator Bill Nelson.

Aaronson received a bachelor’s degree in journalism from the University of Colorado at Boulder, andamaster’sdegreefromTheGeorgeWashingtonUniversityGraduateSchoolofPoliticalMan-agement.HealsohasreceivedcontinuingeducationinexecutiveleadershipfromtheUniversityofPennsylvania’s Wharton School of Business.

Tom AlrichSenior Manager of Cyber Risk Services, Deloitte

In his role, Tom Alrich helps deliver cyber security and compliance services for energy sector or-ganizations.Heistheauthorofapopularblogthathasbecomealeadingsourcefordiscussionof developments in NERC CIP, including the development of CIP versions 4, 5, and 6, and more recently of CIP-013. Bob ArrittTechnical Executive, Grid Operations and Planning, EPRI

BobArrittjoinedEPRIin2007andhiscurrentresearchactivitiesincludeleadingthegeomagneticdisturbancework,distributedresources,protection,andequipmentevaluations.

Grid Security ConferenceSpeaker Profiles

16

PriortojoiningEPRI,ArrittworkedforRaytheoninSudbury,Mass.,whereheworkedinthePowerand Electronic Systems Department. At Raytheon, he was awarded the 2006 Raytheon Technical HonorsAwardforPeerandLeadershipRecognitionforOutstandingIndividualTechnicalContribu-tionandalsoreceiveda2005RaytheonAuthor’sAwardfordesignofaPhase-ShiftedTransformerforHarmonicReduction.SinceatEPRI,ArritthasbeenawardedtheChaunceyAwardforhisout-standinginnovativeandachievementsinscienceandtechnology.Arritthasauthoredseveraltech-nicalpapersandisaseniormemberoftheInstituteofElectricalandElectronicsEngineers(IEEE).

ArrittearnedaBachelorofScience,magnacumlaude,inelectricalengineeringfromWestVirginiaInstituteofTechnologyinMontgomery,W.Va.HereceivedaMasterofScienceinelectricalengi-neering fromWorcesterPolytechnic Institute inWorcester,Mass.He isaProfessionalEngineer,licensed in the State of Tennessee.

Michael AssanteDirector of Industrials and Infrastructure, SANS Institute

MichaelAssanteisfocusedonsecuringorganizationsthatmake,move,andpowertheworld.Heis also the SANS lead for Industrial Control System (ICS) and Supervisory Control and Data Acquisi-tion(SCADA)security.AsaseniorassociatewiththeCenterforStrategicandInternationalStudies(CSIS) Strategic Technologies Program, Assante authors papers and provides views on policy issues.

AssanteservedasvicepresidentandchiefsecurityofficeratAmericanElectricPower,engagedinresearchtoincludetheIdahoNationalLaboratoryvulnerabilityofelectricgeneratorstodestruc-tionthroughremotecyberattack,andservedasthefirstCSOatNERC.Government,intelligence,andmilitaryorganizationshavealsoreliedonhisleadershipandcounselformorethan20years.HehastestifiedbeforetheSenateandHouseandwasaninitialmemberofthememberoftheCom-mission on Cyber Security for the 44th Presidency.

Assante isa frequentguestatglobalsecurityevents,deliveringpresentationssuchasthe2017RSAKeynote:SevenMostDangerousNewAttackTechniques,chairingtheSANSICSSecuritySum-mit(whichisnowonits13thyear),andpresentingco-authoredreportssuchasOutpacingCyberThreats–PrioritiesforCybersecurityatNuclearFacilitiesfortheNuclearThreatInstitute.Hisworkin ICS security has been widely recognized and he was selected by his peers as the winner of In-formationSecurityMagazine’sSecurityLeadershipAwardforhiseffortsasastrategicthinker.TheRSA2005ConferenceawardedhimitsOutstandingAchievementAwardinthepracticeofsecuritywithinanorganization.

Assanteco-ledtheinternationalsteeringcommitteethatcreatedthemostwidelyrespectedindus-trialcontrolsystemssecurityskillscertificationprogram,theGICSP,whichisnowheldbymorethan1,300practitionersinmorethan30countries.TheGICSPensurescontrolsystemsengineersandITsecuritystaffhavethecoreskillsneededforstrengtheningdefensesagainstcyberattacks,servingasabenchmarkingtoolforpractitionersandhiringmanagersalike.

John BiasiSenior Cyber Security Specialist, Burns & McDonnell

John Biasi has more than 17 years of experience in cyber security and eight years of experience in designingsecureandcompliantsolutionsfortheutilityindustry.Hiscurrentpositionisaconsult-ingrolefornumerousutilityclients,andhepreviouslyworkedwithinautilityinarolesupportingregulatory compliance and network engineering.

17

Francis BradleyChief Operating Officer, Canadian Electricity Association

FrancisBradleyisdirectlyresponsibleforCEA’spolicydevelopmentthroughtheassociation’scoun-cilsandcommittees,aswellasitssecurityandcriticalinfrastructureprotectionprograms.Afre-quentspeakeronsecurityissues,publicopiniontowardselectricutilities,andrestructuringoftheelectricityindustry,hewasaco-authorforfiveyearsfortheannualNorthAmericanElectricIndus-tryOutlook,publishedjointlybytheWashingtonInternationalEnergyGroupandCEA. Bradleyisindustryco-chairoftheNationalCrossSectorForumoverseeingCanada’sActionPlanforCriticalInfrastructure;amemberoftheNationalAdvisoryCommitteeofCanada’sPlatformforDisasterRiskReduction;andco-chairs,alongwiththeStandardsCouncilofCanada,theSmartGridStandardsAdvisoryCommittee.

Steven BriggsSenior Program Manager, Tennessee Valley Authority

Steven Briggs has worked for the Tennessee Valley Authority (TVA) for the eight years and is cur-rently serving as a senior program manager responsible for the Hydro Fleets cyber security with theGenerationCyberSecurityteam.HeisaNERCCIPsubjectmatterexpertfocusingonvulner-abilitymanagementandincidentresponse.Thisishissecondtimeservingastheco-cyberteamleadaspartoftheGridExerciseWorkingGroupandthirdtimeasaleadplannerforGridExatTVA.

PriortojoiningTVA,BriggsgraduatedfromtheUniversityofTennesseeatChattanoogawithaCom-puterScienceInformationSecurityandAssurancedegreealsomajoringinSoftwareApplications.BriggsreceivedtwocertificationsfromUTCinInformationSecurityandAssurance.HeearnedhisCertifiedInformationSystemsSecurityProfessional,CertifiedAuthorizationProfessional,andSEICERTCertifiedComputerSecurityIncidentHandlercertifications.Beforecollege,Briggsservedfiveyears as an infantryman in theU.S.Army2-14 InfantryBattalion, 10thMountainDivision, FortDrum, N.Y., rising to the rank of sergeant. While serving, he completed two tours of duty to Iraq as partofOperationIraqiFreedom1and2.5,andasix-monthpeacekeepingoperationtoKosovo.

Steve BrownVice President, Enterprise Security Services and Chief Security Officer, Xcel Energy

In his role, Steve Brown is responsible for all aspects of the company’s Cyber Security, Physical Se-curity,EnterpriseContinuity,StrategyPerformance,andSecurityGovernanceandRiskPrograms.

Aseasonedinformationsecurityexecutive,Brownhasmorethan35yearsofindustryandmilitaryexperienceinthefieldofsecurity.PriortoXcelEnergy,hewasthevicepresidentanddeputyCISOatHewlettPackard,responsibleforglobalsecurityoperations.Hespent13yearswithWellsFargoastheseniorvicepresidentofInformationManagementandEnterpriseInformationSecurityOp-erations.HestartedhiscareerintheU.S.Navy,wherehespent20yearsintechnicalandleadershippositionsinInformationWarfare,SignalsIntelligence,andNetworkOperations.

BrownpreviouslysatontheBoardofDirectors for InformationTechnology InformationSharingAnalysis Center (IT-ISAC), the Board of Directors of the Financial Services ISAC (FS-ISAC), and as the co-chair of the Minnesota CSO Summit.

BrownhasaBachelorofScienceinInformationManagementfromtheUniversityofMarylandandanExecutiveMasterofBusinessAdministrationfromtheUniversityofMichigan.

18

Carlo CastañedaManager, Cyber Analysis and Context, E-ISAC

Carlo Castañeda is an experience cyber security professional with a focus on threat analysis and incident handling. Prior to joining the E-ISAC, Castañeda worked for the Criminal Division of the DepartmentofJusticewithafocusonAfricaandtheMiddleEast.

Castañeda earned a Bachelor of Science from the University of Maryland and a Master of Science in Cyber Security from the University of Maryland University College.

Gerry W. CauleyPresident and Chief Executive Officer, NERC

GerryW.CauleyassumedtheroleofPresidentandChiefExecutiveOfficeroftheNorthAmericanElectricReliabilityCorporationinJanuary2010.CauleyoverseesNERC’smissionofensuringthereliability of the North American bulk power system. As President and CEO, Cauley directs key programsaffectingmorethan1,900bulkpowersystemowners,operators,andusers, includingmandatoryreliabilitystandards,compliancemonitoring,enforcement,situationawareness,eventandriskanalysis,reliabilityassessmentsandforecasting,physicalandcybersecurity,andgovern-ment relations.Cauleyalsooversees theoperationsofeightRegional Entities that support thereliabilitymissionacrossNorthAmericabyimplementingdelegatedresponsibilitiesattheregionaland local levels.

From2007to2009,CauleyservedaspresidentandCEOoftheSERCReliabilityCorporation,oneof the reliability regions covering 16 states in the southeastern and central United States. During thistimeheestablishednewprogramsformonitoringandenforcingcompliancewithmandatorystandards,developedtrainingandeducationalprograms,andaprogramtotrackreliabilityrecom-mendations.

Prior to his CEO career, Cauley served as vice president and director of Standards at NERC and wasinstrumentalinpreparingNERC’sapplicationtobecomethegovernment-certifiedelectricreli-abilityorganization.HespearheadedthedevelopmentofaninitialsetofmandatorystandardstoensurethereliabilityofthebulkpowersysteminNorthAmerica.Cauleywasalsoaleadinvestiga-tor of the August 2003 Northeast blackout and coordinated the NERC Y2k program, supervising the reportingandreadinessof3,100electricorganizationsintheUnitedStatesandCanada.

Over a 35-year career, Cauley has been driven by a keen interest in serving the public while per-forming roles of increasing responsibility in the areas of electricity reliability and nuclear safety. He servedastheprogrammanagerforgridoperationsandplanningattheElectricPowerResearchInstitute.Hewasatrainingconsultantandestablishedcomprehensivereliabilityandsafetytrain-ingprogramsatdozensofelectricutilitiesforelectricsystemoperations,nuclearandfossilplantoperations,substations,anddistributionsystems.Priortohiscareerinthepowerindustry,CauleyservedfiveyearsasanofficerintheU.S.ArmyCorpsofEngineers.

Cauley earned a bachelor’s degree from the U.S. Military Academy at West Point, a master’s de-gree from the University of Maryland in nuclear engineering, and a master’s degree in business administrationfromLoyolaCollege–Baltimore.CauleyisaregisteredProfessionalEngineerintheCommonwealth of Virginia. Cauley also serves on the Board of Directors for the United States En-ergyAssociation.

19

Sam ChanoskiDirector, Situation Awareness and Event Analysis, NERC

Sam Chanoski joined NERC in July 2012. Before coming to NERC, Chanoski worked at Duquesne LightCompanyasashiftsupervisor,managingthereal-timeoperationofPittsburgh’stransmissionanddistributionsystem.Priortothat,heworkedasalinesupervisorwithFirstEnergyinEaston,Penn.,andwithConsolidatedEdisonasasubstationsshiftsupervisorandasanauxiliarysystemsmaintenance supervisor in New York City. Before coming to the electric industry, he worked for six years with the U.S. government.

Chanoskihasabachelor’sdegreeinComputerScienceandOperationsResearchfromasmalltech-nicalcollegeinColorado,aMasterofBusinessAdministrationfromLehighUniversity,amaster’sdegree in Transmission and Distribution Engineering from Gonzaga University, and a graduatecertificateinInformationSecurityandAssurancefromNorwichUniversity.HeisaNERCcertifiedsystemoperatorattheReliabilityCoordinationlevel,andisPJMcertifiedasaTransmissionSys-temOperatorandaGenerationSystemOperator,aswellasCertifiedEthicalHackerandSecurity+certificationsandactivesecurityclearancesfromtheDepartmentofEnergyandDepartmentofDefense.Hisprofessionalinterestsincludereal-timetransmissionanddistributionoperations,or-ganizationalbehavior,controlsystemscybersecurity,andemergencymanagementandresiliency.

James W. ChuberManaging Director, Enterprise Supply Chain, Duke Energy Corporation

JamesChuberisresponsiblefortheenterprisewidecontracts,informationtechnologyandtele-comsourcing,realestateservicessourcing,andcustomeroperationssourcing.Recently,hewasamemberoftheNERCCIP-013-1CyberSecuritySupplyChainstandardsdraftingteam.

He received a Bachelor of Science in Electrical Engineering from the University of North Carolina at Charlotte.HeisaCertifiedPurchasingManagerandanAccreditedPurchasingPractitioner.HeisamemberoftheInstituteforSupplyManagement.

Tim ConwayTechnical Director, ICS and SCADA programs, SANS

TimConwayisresponsiblefordeveloping,reviewing,andimplementingtechnicalcomponentsoftheSANSICSandSCADAproductofferings.ArecognizedleaderinCIPoperations,ConwayformerlyservedasthedirectorofCIPComplianceandOperationsTechnologyatNorthernIndianaPublicServiceCompany(NIPSCO)andwasresponsibleforOperationsTechnology,NERCCIPcompliance,andtheNERCtrainingenvironmentsfortheoperationsdepartmentswithinNIPSCOElectric.

Recognizing the need for NERC CIP training in these industries, Conway co-authored ICS’s newest courseICS456–EssentialsforNERCCriticalInfrastructureProtectionandisalsothecourseinstruc-tor. Previously, he was an EMS Computer Systems Engineer at NIPSCO for eight years, with respon-sibilityoverthecontrolsystemserversandthesupportingnetworkinfrastructure.ConwayservedastheformerchairoftheRFCCIPC,chairoftheNERCCIPInterpretationdraftingteam,chairoftheNERC CIPC GridEx Working Group, and chair of the NBISE Smart Grid Cyber Security panel.

20

Charlotte de Sibert Principal Physical Security Analyst, E-ISAC

CharlottedeSibertconductsanalysisonphysicalsecurityeventsandprovidesrelevantthreatas-sessments to the E-ISAC members via that portal. Prior to joining the E-ISAC, de Sibert worked with U.S.CyberCommandasacyberexerciseplanner.ShespentfiveyearsintheU.S.Armyasasignalsintelligenceanalystandliaisonbetweenvariousgovernmentagencies.SheattendedtheGeorgeWashingtonUniversityandtheDefenseLanguageInstitute.

GL “Pat” ErvinBusiness Development Manager, ABB Inc.

InhisroleforABB’scompactsubstationgroup,GL“Pat”Ervinisresponsibleforconvincingutilitiestoconvertfromlargetraditionalsubstationswitchingtechnologytomoderncompactsystems.HehassevenyearsofexperiencedevelopingcompactsubstationsforABBandanother30yearsofex-periencesellingdistributedcontrolsystems,generatorexcitationsystems,distributedgeneration(microturbines),distributionapparatus(capacitors,arresters,andcutouts),powertransformers,uninterruptiblepowersupplies,andcableaccessories.HereceivedaBachelorofScienceinGen-eral Studies from West Point.

Steen J. FjalstadSecurity and Mitigation, Principal, Midwest Reliability Organization

SteenFjalstadservesaspartoftheCriticalInfrastructureProtectionteamatMRO.Fjalstadper-formsphysicalandcyberriskmitigationworkwithelectricentitiesandcoordinateswithvariousagenciesonoutreacheffortsonthreatsandvulnerabilitiestothegrid.Previously,Fjalstad’sworkincluded security, audit, risk, and project management for advanced technology systems. Fjalstad earned a master’s degree from University of Minnesota in Security Technologies and a bachelor’s degree from the University of Wisconsin in Management Computer Systems. He has completed advanced training from the FBI, the Department of Homeland Security and the Department of Energy.

FjalstadalsohascompletedtheMinneapolisFBICitizensAcademyprogram,DHS’IndustrialCon-trol Systems Cyber Emergency Response Team (ICS-CERT) cyber security training, the City of Eagan Police–CitizensAcademy,andhaspresentedmultipletimesoncyberandphysicalsecurity.

Fjalstad is an active volunteer serving as past-president of theMinnesota Information SystemsAuditandControlAssociation(ISACA)BoardofDirectorsandasanactivememberoftheMinne-sotaInfraGardIntelligenceCommittee.HeisalsoamemberofOWASP,ISSA,ISC2,Sec.MN,UMSA,CyberSecuritySummit,andotherprofessionalsecurityorganizations.

Brady FlammVice President of Business Development, Thermal Imaging Radar

BradyFlammisresponsibleforeducatingthemarketaboutThermalImagingRadar–a360-degreeintrusiondetectionsystemwithtargetedsurveillanceoveralargearea.Flammworkswithsystemsintegrators, engineers, and customers fromaround theworldwith a focus on electric utilities.ThermalradarisdeployedacrossNorthAmericaprotectingsubstations,dams,laydownyards,etc.

HeearnedaMasterofBusinessAdministrationfromtheUniversityofOxfordandafinancedegreefrom the University of Utah.

21

Doug FloodAssociate, Booz Allen Hamilton

Doug Flood works on the Wargaming and Exercise team and has more than ten years of special-izedexperience in scenariodevelopment,exercisedesignandexecution,and facilitation.Floodpossessesmanyyearsofcyberincidentresponseanalyticalexperiencethathehasusedtoanalyzestategovernmentandprivatesectorcriticalinfrastructurecompaniesincidentresponseplans.

FloodcurrentlyservesastheleadsupporttoE-ISACforGridExIVplanning,design,andexecution.HealsoservesasthestatesleadfortheDepartmentofHomelandSecurity’sNationalCyberExer-cise, Cyber Storm VI.

Ben FowkeChairman of the Board, President, and CEO, Xcel Energy

Ben Fowke previously served as president and COO with responsibility for overall corporate opera-tionsaswellasXcelEnergy’sfouroperatingcompanies,whichdobusinessineightstates.PriortobeingnamedpresidentandCOO in2009,Fowkeheldavarietyofexecutivepositionsat thecompany,includingvicepresidentandchieffinancialofficer,andvicepresidentandCFOofEnergyMarkets,wherehewas responsible for thefinancialoperationsof the company’s commoditiestradingandmarketingbusinessunit.Priortothe2000mergerofNorthernStatesPowerCo.andNew Century Energies to form Xcel Energy, he was a vice president in the NCE Retail business unit.

Prior to working with Xcel Energy, Fowke served 10 years with FPL Group, Inc., where he held vari-ousmanagementpositions.HehasalsoheldpositionsoutsidetheenergyindustrywithDWGCorp.and KPMG.

FowkecurrentlyservesontheBoardofDirectorsoftheEdisonElectricInstitute,NuclearEnergyInstitute,EnergyInsuranceMutual,andInstituteofNuclearPowerOperations.

FowkeearnedaBachelorofScienceinFinanceandAccountingfromTowsonUniversityandob-tained his CPA in 1982.

Christopher J. GolombSupervisory Special Agent, FBI

Christopher Golomb is currently assigned as supervisory special agent for the Minneapolis Division responsible for the HUMINT intelligence program that includes corporate outreach. Golomb has worked for the FBI in the Minneapolis Division since 2010.

Priortohispromotionassupervisorofthehumanintelligenceprogram,Golombwasthedivision’sCounterintelligence Strategic Partnership Coordinator, focused on developing and building part-nershipsandliaisoninthebusinessandacademiccommunitiesinanefforttoproactivelyprotectAmerica’smostvaluableandsensitiveinformationandtechnology.

Golomb joined the FBI in 2003 and was assigned to the Cleveland Division. In Cleveland, Golomb was detailed to work counterintelligence at NASA’s John Glenn Research Center and focused on espionage and technology theft cases.Golomb transferred to theDetroitDivision in 2005 andworked counterproliferationcases involvingexport controlled commodities in addition toeco-nomic espionage cases targeting thedefense and automotive industries. In 2008,GolombwasassignedasasupervisoryspecialagenttoFBIheadquarters,workingonmattersinvolvingnationalsecurity and foreign investment in the United States.

22

PriortojoiningtheFBI,Golombworkedfortenyearsinbothproductengineeringandinternationalsales for the automotive industry.Golomb receivedbachelor’s degree in Chemical EngineeringfromPurdueUniversityandamaster’sdegreeinInternationalBusinessAdministrationfromCen-tral Michigan University.

Howard GugelSenior Director of Standards and Education, NERC

HowardGugel isresponsiblefordirectingallaspectsofNERC’scontinent-widestandardsdevel-opmentprocessbyprovidingoversight, guidance, and coordinationof thetimelydevelopmentof technically excellent Reliability Standards to ensure an adequate level of reliability of the bulk power system. Prior to this, Gugel was the director of Performance Analysis for NERC. His primary responsibility in that role was the development, maintenance, and analysis of reliability perfor-mance metrics, including those in NERC’s annual State of Reliability report. This includes analysis of variousdatabasesoftransmissionandgenerationoutagestolookforstatisticallysignificanttrends.

Prior to joining NERC, he was with Progress Energy Florida in the roles of transmission area main-tenance manager and transmission planning manager. His background also includes management experienceintransmissionoperationsandenergymarketing.

Gugel received both his Bachelor of Science and Master of Science in Electrical Engineering from the University of Missouri – Rolla, and is a licensed Professional Engineer in the State of Missouri.

Ernie HaydenSubject Matter Expert/Cyber Security Lead, BBA USA Inc.

In his current role, Ernie Hayden’s focus is on industrial controls cyber and physical security. He is a highly experienced and seasoned technical consultant, author, speaker, strategist and thought-leaderwithextensiveknowledge inthepowerutility industry,critical infrastructureprotection/informationsecuritydomain,industrialcontrolssecurity,cybercrimeandcyberwarfareareas.HehaspreviouslybeenanexecutiveconsultantatSecuricon;anon-resident fellowat theCaspianStrategy Institute; globalmanaging principal – critical infrastructure/industrial controls securityatVerizon;andheldinformationsecurityofficer/managerpositionsatthePortofSeattle,GroupHealthCooperative(Seattle),AlstomEscaandSeattleCityLight.

Hayden isoften invited to speakgloballyat international conferenceson industrial controlandenterprisesecurity.HeisalsoaprolificwriterwitharticlespublishedinSearchSecurity.comandIn-formationSecurityMagazine,whichincludedhisoriginalresearchondatalifecyclesecurityandanarticleondatabreaches;andchaptersinbooksfocusedoncybersecurityandsecurityknowledgeexchange.

Steve HerrinDirector of Operations and the Cybersecurity Risk Information Sharing Program (CRISP) Man-ager, E-ISAC

Steve Herrin joined the E-ISAC in August 2015. Prior to that, he was with the Department of Home-landSecurity’sOfficeofInfrastructureProtectionforeightyearsandservedasthebranchchiefofInfrastructureAnalysis,whichevaluatedthepotentialconsequencesofdisruptionfromphysicalorcyber threats and incidents.

23

AftergraduatingfromGeorgiaStateUniversitywithabachelor’sdegreeinBusinessAdministrationinRiskManagementandInsurance,hejoinedtheinsurancebrokeragefirmMcGriff,SeibelsandWilliams,Inc.asamarketingaccountexecutivemanagingportfoliosformanylargeelectricutilityclients.HerrinreceivedhisExecutiveMasterofBusinessAdministrationfromGeorgetownUniver-sity in 2015. He also served in the U.S. Navy submarine service for more than 12 years.

Patricia A. HoffmanPrincipal Deputy Assistant Secretary and Acting Assistant Secretary, Office of Electricity Delivery and Energy Reliability, Department of Energy

ServingastheprincipaldeputyassistantsecretaryfortheOfficeofElectricityDeliveryandEnergyReliabilityattheDepartmentofEnergy,PatriciaA.HoffmanassumestheroleofactingassistantsecretaryforOEuntilanewassistantsecretaryisconfirmedbytheSenate.HoffmanisalsoservingasactingundersecretaryforScienceandEnergyandwillserveinthatroleuntilanewundersec-retaryisconfirmedbytheSenate.

HoffmanservedasassistantsecretaryforOEfromJune2010toJanuary2017,afterservingasprin-cipal deputy assistant secretary since November 2007. The focus of her responsibility is to provide leadershiponanationalleveltomodernizetheelectricgrid,enhancethesecurityandreliabilityof theenergy infrastructure,andfacilitaterecovery fromdisruptionstotheenergysupplybothdomesticallyandinternationally.Thisiscriticaltomeetingthenation’sgrowingdemandforreliableelectricitybyovercomingthechallengesofourNation’sagingelectricitytransmissionanddistribu-tionsystemandaddressingthevulnerabilitiesinourenergysupplychain.

Priortohercurrentposition,HoffmanservedinadualcapacityasdeputyassistantsecretaryforRe-search and Development and COO within OE. During her tenure as the DAS for R&D, she developed the long-termresearchstrategyand improvedthemanagementportfolioof researchprogramsfor modernizing and improving the resiliency of the electric grid. This included developing and implementing sensorsandoperational tools forwide-areamonitoring,energy storage researchanddemonstrationand thedevelopmentofadvancedconductors to increase thecapacityandflexibilityofthegrid.Shealsoinitiatedanewresearcheffortfocusedonintegratinganddistribut-ingrenewableenergythroughtheelectricgrid,suchaspromotingplug-inhybridelectricvehiclesandimplementingsmartgridtechnologiestomaintainsystemreliability.AsCOO,shemanagedtheOEbusinessoperations,includinghumanresources,budgetdevelopment,financialexecution,andperformance management.

Prior to joining OE, she was the program manager for the Federal Energy Management Program withintheOfficeofEnergyEfficiencyandRenewableEnergyatDOE.Thisprogramguidesthefed-eralgovernmentto“leadbyexample”promotingenergyefficiency,renewableenergyandsmartenergymanagement.Complementingherbuildingenergyefficiencyexperience,shealsowastheprogram manager for the Distributed Energy Program, which conducted research on advanced nat-uralgaspowergenerationandcombinedheatandpowersystems.HeraccomplishmentsincludedthesuccessfulcompletionoftheAdvancedTurbineSystemprogramresultinginahigh-efficiencyindustrialgasturbinepowergenerationproduct.

HoffmanearnedaBachelorofScienceandaMasterofScienceinCeramicScienceandEngineeringfrom Pennsylvania State University.

24

Jodi A. JensenSenior SCADA Specialist, Western Area Power Administration

Jodi Jensen has more than 17 years of experience programming, leading, and managing the devel-opment,implementation,support,security,andcomplianceofanin-housedevelopedSCADAsys-temfortheUpperGreatPlainsRegion(UGP)ofWesternAreaPowerAdministration(WAPA).SheservedasOperationsSupportManagerforthelasteightyears,whichincludedmanagementandoversight of the Power Billing Division, SCADA Development Division, and SCADA Infrastructure Di-vision. Jensen led her teams through several successful CIP, IG, and FISMA compliance reviews, and ledacross-functionalITteamensuringsuccessfulSPPmarketintegrationforWAPA’sUGPRegion.

Jensen is a graduate from WAPA’s Leadership Emergence and Development Program and has servedWAPAinthefollowinginterimpositionsandopportunities:ChiefofStaff,RegionalInforma-tionOfficer,ContractsandEnergyServicesManager,andChangeLeadershipTrainer.InhernewpositionasSeniorSCADASpecialistforWAPA,JensenleadsallWAPASCADAteamstowardmoreresilient, secure, and compliant SCADA architecture. She currently serves on the MRO Security Advisory Council, MRO NERC Standards Review Forum, and NREL’s Industry Advisory Board. Jensen earned a Bachelor of Arts from South Dakota State University and a Master of Business Administra-tionfromtheUniversityofSouthDakota.

Rick KaunVerve Industrial Protection

Rick Kaun has more than 14 years in IT and security during which he has provided varying levels ofconsultingprojectstoawiderangeofclientsinmultipleindustriesincludingoilandgas,refin-ing, mining, power, pulp and paper as well a handful of discrete manufacturing industries. As the formerchairfortheNPRAcybersecuritycommitteeorasacontributingmembertotheControlSystem Security Working Group, Kaun always approaches any engagement with an eye toward buildingascalable,costeffective,andmanageablesolution.Andbecausesecurityisaprogramthatrequiresconstantattention,collaborationandinnovation,Kaunisastrongbelieverintheneedforco-operation,creativethinking,andconsistentfocusinordertodriveresults.

Mike KraftCIP Program Manager, Basin Electric Power Cooperative

MikeKraftisaregisteredProfessionalEngineerinNorthDakotaandanIEEESeniorMember.Hehasspentthemajorityofhis20+yearcareerwithBasinElectricPowerCooperativewithexperienceinIT, OT and project management. As the CIP Program Manager, he leads a cross departmental team that includestransmission,generation,andcontrolcenterstaffwhoaddressphysicalandcybersecurity.

KraftisanactivememberoftheMCCFandWICFCIPWorkingGroups,theNATFSecurityPracticesGroup,theNAGFSecurityPracticesWorkingGroup,theNRECACyberSecurityTaskForce,andtheESCC SEWG. He is the chair of the MRO Security Advisory Council, an MRO alternate representa-tivetotheNERCCriticalInfrastructureProtectionCommittee,amemberoftheWECCSituationalAwarenessandSecurityMonitoringSubcommittee,andamemberoftheWECCPhysicalSecurityWork Group.

25

Joseph LaddInsider Threat Manager and Fusion Center Director, Southern Company Services

Joseph Ladd joined Southern Company Services following a 29-year career in the U.S. intelligence community and federal law enforcement.

LaddbeganhiscareerasaforeignaffairsanalystattheDepartmentofState.In1989,hetrans-ferredtoDEAasanintelligenceanalystspecializing inLatinAmerica.LaddwasassignedtoDEAheadquarters for three years and then spent three years in the Tegucigalpa, Honduras Country OfficewhereheinitiatedaJointIntelligenceCenter.

LaddbegandutyasaspecialagentwiththeFBIin1995.HewasassignedtotheAtlanta,Ga.,fieldofficewhereheinvestigatedorganizedcrime,drugtrafficking,counterintelligencemattersandin-ternationalterrorism.LaddwasselectedasahostagenegotiatorandbecameamemberoftheFBI’seliteCriticalIncidentNegotiationsTeam.Heassistedininternationalterrorismandhostage-takinginvestigationsinLatinAmericaandtheCaribbean.

In2004,LaddwaspromotedtoassistantlegalattachéinBudapest,Hungary.AfterhisreturntoAt-lanta,hewaspromotedassupervisorofacounterintelligencesquadresponsibleforinvestigationsof insider threats, economic espionage, and adversarial foreign intelligence services. In 2010, Ladd wasselectedastheFBIlegalattachéattheU.S.EmbassyinRabat,Morocco.HewasresponsibleforallFBIoperations inMorocco,Mali,andMauritania. In2011,theKingofMoroccoawardedLaddwiththeOrderofOuissamAlaouite,equivalenttotheU.S.LegionofMerit, inrecognitionofhisassistanceintheinvestigationofaterroristbombinginMarrakech,Morocco,thatkilled17people and wounded more than 20 others.

LaddwaspromotedtoassistantsectionchiefandactingsectionchiefatFBIheadquartersCoun-terterrorism Division in 2012 and was responsible for the program management of all FBI inter-national terrorism investigations in theUnitedStates. In2013,Laddwaspromoted toassistantspecialagentinchargeoftheFBI’sSeattlefieldofficewhereheoversawalladministrative,nationalsecurityandcybercrimemattersinthestateofWashington.HeretiredfromtheFBIinDecember2015 and joined SCS as the IT manager, Fusion Center.

LaddearnedaBachelorofArts in InternationalRelations fromBrighamYoungUniversityandaMasterofArtsinLatinAmericanStudiesfromGeorgetownUniversity.

Warren LaPlante Manager, ALLETE Security, ALLETE/Minnesota Power

Warren LaPlante has been with ALLETE/Minnesota Power since November 2014 as the manager, ALLETE Security and most recently assumed the newly developed Emergency Management func-tions.Hehasmorethan33yearsofexperienceinsecurityandemergencymanagement.

Prior to joining the ALLETE team, LaPlante was employed by the U.S. Coast Guard at Marine Safety Unit Duluth where he oversaw the port and waterways homeland security and emergency pre-parednessfunctionsfortheWesternLakeSuperiorRegion.

LaPlante was employed by the U.S. Army Corps of Engineers at the St. Paul District in Minnesota andwasappointedasPhysicalSecurityOfficer,AntiterrorismOfficerandIntelligenceLiaison.Dur-inghistenurewiththeUSACE,hewasalsoheavilyinvolvedinseveralcontingencyoperationsin-cludingtheI-35BridgeCollapse,theRepublicanNationalConvention,andHurricaneGustavFieldRecoveryOperations.

26

LaPlantehadserved20yearsonactivedutywiththeU.S.AirForceintheSecurityForcescareerfieldandretiredattherankofseniormastersergeant.Throughouthiscareer,hehadvariousas-signmentsaroundtheworldandhadheldvariouspositionsthroughoutoperationalandlogisticalsupportunits.LaPlanteisalsoaveteranofOperationDesertStorm,OperationDesertShield,andOperationEnduringFreedom;alongwithsupportingtheSecretServicewithPresidentialandsev-eralVicePresidentialSecuritydetails.Heearnedabachelor’sdegreeinCriminalJustice.

Bill LawrenceSenior Director, E-ISAC

Bill Lawrence leads the department in its mission to reduce cyber and physical security risk to the gridinNorthAmerica.PriortojoiningNERC,heflewF-14TomcatsandF/A-18FSuperHornetsforthe Navy, and most recently was the deputy director, Character Development and Training Division, at the United States Naval Academy, where he also taught courses in Ethics and Cyber Security.

Lawrence has a bachelor’s degree in Computer Science from the U.S. Naval Academy, a master’s degreeinInternationalRelationsfromAuburnUniversityatMontgomery,andaMasterofMilitaryOperationalArtandSciencefromtheAirCommandandStaffCollege.HehasaProjectManage-mentProfessionalcertificationandseveralcybersecuritycertifications.

Robert M. LeeCEO and Founder, Dragos

Robert M. Lee is the CEO and founder of the industrial cyber security company Dragos, Inc. He is alsoanon-residentNationalCybersecurityFellowatNewAmericafocusingonpolicyissuesrelat-ingtothecybersecurityofcriticalinfrastructure.Apassionateeducator,LeeisthecourseauthorofSANSICS515–“ICSActiveDefenseandIncidentResponse”withitsaccompanyingGIACcertifica-tionGRIDandthelead-authorofSANSFOR578–“CyberThreatIntelligence”withitsaccompany-ingGIACGCTIcertification.

Lee obtained his start in cyber security in the U.S. Air Force where he served as a cyber warfare op-erationsofficer.Hehasperformeddefense,intelligence,andattackmissionsinvariousgovernmentorganizationsincludingtheestablishmentofafirst-of-its-kindICS/SCADAcyberthreatintelligenceand intrusion analysis mission.

Tyler MullicanVice President of Security Architecture, Fortress Information Security

Tyler Mullican is a 15-year veteran of the security industry and works daily with customers at For-tune200organizationstomeetcriticalsecurity,thirdpartyriskandbusinessobjectives.Mullicanhas been a researcher and writer on security and security architecture. He has authored several ar-ticlesonarangeofinformationsecuritysubjectsandcontributedtovariousnot-for-profitsecurityorganizations InformationSystemsSecurityAssociation, InformationSystemsAudit andControlAssociation,InfraGardandtheSoutheastCollegiateCyberDefenseCompetition.

BeforeFortress,MullicanheldmanagerandsecurityarchitectpositionswithFireEyeInc.andFish-NetSecurity.Beforethat,heheldsecurityandITpositionswithCommunityHealthSystemsCorp.MullicanhasaMasterofBusinessAdministrationandabachelor’sdegreeinInformationSystemsSecurity.Healsoholdsnumerouscertifications,includingCertifiedInformationSecuritySystemsProfessionalandthoserelatedtotheadministrationanduseofseveralsecuritysolutions.

27

Jesse ReismanWatch Team Chief, E-ISAC

JesseReismanjoinedtheE-ISACinApril2017afterspending15yearsworkinginmultiplecyber-related areas across the federal government, including counter terrorism, counterintelligence and threatanalysisattheDepartmentsofState,Energy,andDefense.AtDOE,hecreatedaclassifiedResearch and Development program focused on cyber-defense technology. A former Brookings fellowontheHouseOversightandGovernmentReformCommittee,ReismangraduatedfromCali-fornia State University, Fullerton with a degree in Journalism.

Tim E. RoxeyVice President and Chief Special Operations Officer, E-ISAC

TimRoxeyisresponsiblefordevelopmentandexecutionofkeycritical infrastructureprotectioninitiatives,suchasNERC’sCybersecurityRiskInformationSharingProgram.RoxeyalsoactsasakeycoordinationpointforNorthAmericangovernmentofficialsandisaNERCvicepresidentandchiefES-ISACoperationsofficer.

Roxeyhas30yearsofexperience inthenuclearutility industryserving inorganizationssuchasOperations,InformationTechnology,Licensing,andSecurity,amongothers.Roxeyhasmorethan45 years of computer-related experience working in environments from mainframes, minis, and microstohand-wiredspecialcontrolsystems.Hehaswrittennumerousprogramsinmanydiffer-ent languages.

Roxeyisawidelyrecognizedleaderinthefieldsofsecurityandinfrastructureprotection,formerlyservingasdeputychairoftheNuclearSectorCoordinatingCouncilandchairofitsCyberSecuritySub-Council. Roxey is the past private sector chair of the Industrial Controls System Joint Working Group (seven years) and the co-chair of the Cross-Sector Cyber Security Working Group.

Roxeyspentmorethan17yearswithConstellationEnergy,whereheservedastechnicalassistanttothevicechairforsecurity-relatedmattersandwasinvolvedinavarietyofphysicalandcyberse-curityissuesacrosstheentirenuclearsectoroftheUnitedStates.Intherealmofphysicalsecurity,RoxeywasinvolvedinreviewingsecuritysystemarchitecturesforthenextgenerationofnuclearpowerinAmericaasamemberofvariousoversightcommittees.Roxeyalsoserved,byinvitation,ontwoPresidentialCommissionshelpingtoprepareguidanceforthenextadministration.RoxeyledaglobalgrouptodevelopmitigationstrategiesaroundStuxnetwithaneyetowarditspossibleredeploymentasaweaponagainstotherplatforms.Workingwiththenationallabs,Roxeyhelpeddevelopsubstationreviews/modificationstoprotectutilitygenerationfrombeingexploit-ed.

Mostrecently,Roxeyhasspentconsiderabletimedeconstructingvariousphysicalandcyberat-tacksagainsttheUkrainianelectricalgrid.ThisworkhasledtonumerousE-ISACportalpostingsand industry-wide alerts. AsthechiefspecialoperationsofficerforNERC,Roxeyisresponsiblefortakingactionstoprotectthe North American grid from both cyber and physical risks.

28

Jacob SchmitterSenior Manager of Training and Exercises, E-ISAC

JacobSchmitter is responsible formanaging theNERC’sbiennialGridSecurityExercise,GridEx.PriortojoiningtheE-ISAC,SchmitterwastheleadplannerforU.S.CyberCommand’sCyberGuardexercise, the largest defensive cyber training event in the Department of Defense with more than 1,500participants.Heisaformernavalaviatorwithmorethan18yearsintheU.S.Navy,bothac-tiveandreserve.

SchmitterhasaBachelorofSciencefromtheU.S.NavalAcademyandaMasterofArtsfromtheNaval Postgraduate School. He is a commander in the navy reserve and currently assigned as the executiveofficerforaspacecadreunit.

Orlando StevensonManager of Programs and Plans, E-ISAC

Orlando Stevenson is a technology leader and assurance professional with more than 25 years of informationsystemsandcybersecurityexperience.SincejoiningtheE-ISACin2012,Stevensonhassupportedabroadrangeofsecurityanalysis,briefing,andtailoredexerciseoutreachactivitiesforthe electricity industry. While staying abreast of supply chain and industrial security developments, hiscurrentfocuscentersonadvancingmissioncapabilities.

PriortojoiningtheE-ISAC,Stevensonservedwithalargeverticallyintegratedelectricutilitydeal-ingwithanumberof challengingprogrammaticand technical issues that increasingly confrontmanycriticalinfrastructureorganizations.

Inadditiontoaddressingfinancialandenergy-relatedcybersecuritycomplianceandriskmanage-mentchallenges,includingindustrialcontrolsettings,adecadeofsupervisingtechnicalinfrastruc-tureandsecurityareas,hisbackgroundalsoincludesvolunteeringtoqualifyandsupportmultiplenuclearrefuelingoutagesasaRadiologicalProtectionTechnician.

HiseducationalfoundationincludesMasterofBusinessAdministration,master’sdegreeinCom-puter Science Management, and Bachelor of Science in Computer Science with an Electrical Engi-neeringminor.Stevensonalsohasanumberofprofessionalsecurityandtechnologycertifications,including CISM.

Bernard TateraSystem Automation, PG&E

BernardTaterahasbeenwithPacificGas&Electricformorethan25yearsandhasbeenworkingintheSystemAutomationgroupsinceitsinceptionin2000.TaterahasworkedinNERCCIPcompli-anceforsubstationssince2008andrecentlycompletedacertificationasGlobalIndustrialCyberSecurity Professional (GICSP). He is also a Professional Engineer.

Vikram ThakurTechnical Director of Security Response, Symantec

VikramThakurworksalongsideagloballylocatedteamofanalystsinvestigating,researchingandcompilingactionableintelligencearoundamultitudeofhighprofileattackshappeningeveryday.Inaddition,Thakurliaisonswithvariousgloballawenforcementagencies,governments,andin-dustrypartnerssharingresearchwiththeintentionofbringingcybercriminalstojusticeandmiti-gatingonlineriskforendusers.Hehasheldmultipleroleswithinthepast12yearsatSymantec,all

29

ofwhichencompassedresearching,analyzingandrespondingtoonlinethreatstobetterprotectend users. Thakur earned a graduate degree in Computer Science from Florida State University.

Michael ToeckerOwner/Engineer, Context Industrial Security

Michael Toecker is a security engineer specializing in the cyber security of control system systems, particularlythoseusedinpowergeneration.Toeckerhasspent12yearsworkinginelectricpowerandcontrolsystemsecurity,firstataBig5powerengineeringfirm,thenatthepowergenerationarmofamajorutility.

Toeckermost recentlyworked for the control system securityfirmDigital Bondbefore startingContext Industrial Security to provide security services in the context of process being secured. He hasconductedvulnerabilityassessmentsofmorethan40generationfacilitiesofvaryingfueltype,vintage,andcontrolsystemvendorinNorthAmericaandinternationally,hasdesignedfactoryac-ceptance tests for control system security products, and is far more comfortable in a hard hat than he is in a suit.

Tobias WhitneySeniorManagerofCriticalInfrastructureProtection,NERC

Tobias Whitney joined NERC in May 2012. He has more than 20 years of energy security and audit experience, including his role at NERC. He completed his undergraduate course work at the Univer-sityofMissouriandcompletedhisMasterofBusinessAdministrationatWashingtonUniversity’sOlinBusinessSchool. Inhis currentcapacity,Whitney leadsNERC’semerging technology initia-tive,whichanticipates,evaluatesand shares industrybestpracticeswith industryaddressingawiderangeoftopicssuchassubstationautomation,cloudcomputing,andsupplychainsecurity.Inaddition,WhitneyisresponsibleforCIPoversightandmonitoringwhereheworkswithNERC’sRegionalEntitiestoimprovethequalityofsecurityengagements.WhitneyalsoisthesecretaryoftheCriticalInfrastructureProtectionCommittee.PriortojoiningNERC,WhitneyworkedatPrice-waterhouseCoopers, Burns & McDonnell Engineering, and GE Energy.

Donna VignesSecurity Program Manager, MISO

In 2015, working as security program manager for MISO Energy, Donna Vignes was asked come upwithananswertohowsecurityorganizationscanbetterevaluate,prioritizeandthenmaketheright investmentdecisions.Recognizingthattraditionalmodelsdidnotfitthedynamicandfre-quently pivotal drivers behind security investment, she developed a methodology that included a structuredanalysisofreturnoninvestmentandevaluationagainststrategy,operationalelements,andestablishedframeworks.Vignescontinuestorefineandapplythismethodologyforprojectsandinitiativesacrosscybersecurity,physicalsecurityandsafety,BCP/DR,access,andresponseandrecovery.

Vignes has a master’s degree in Computer Management Systems and a Project Management Pro-fessionalcertification.PriortoMISO,Vigneswasaconsultantspecialized inhighlyregulated in-dustriesincludingbanking,insurance,pharmacy,defensecontracting,andecommerce.Shebuiltand served as director of an IT Support Center at the University of Florida and held CISSP and CISA certifications.

Platinum Exhibitors

Exhibitors

Gold Exhibitors

gridseccon 2017 - nerc 2017 progr… · intercontinental st. paul riverfront 11 kellog boulevard...

Documents