![Page 1: A Steven Briggs Story - SANS Institute · A Steven Briggs Story. Power Operations Cyber Security Risk Profile •Nation States Highly Skilled Hackers ... Gathering Support From other](https://reader030.vdocuments.site/reader030/viewer/2022041015/5ec760b83bbec3588743096c/html5/thumbnails/1.jpg)
A Steven Briggs Story
![Page 2: A Steven Briggs Story - SANS Institute · A Steven Briggs Story. Power Operations Cyber Security Risk Profile •Nation States Highly Skilled Hackers ... Gathering Support From other](https://reader030.vdocuments.site/reader030/viewer/2022041015/5ec760b83bbec3588743096c/html5/thumbnails/2.jpg)
![Page 3: A Steven Briggs Story - SANS Institute · A Steven Briggs Story. Power Operations Cyber Security Risk Profile •Nation States Highly Skilled Hackers ... Gathering Support From other](https://reader030.vdocuments.site/reader030/viewer/2022041015/5ec760b83bbec3588743096c/html5/thumbnails/3.jpg)
![Page 4: A Steven Briggs Story - SANS Institute · A Steven Briggs Story. Power Operations Cyber Security Risk Profile •Nation States Highly Skilled Hackers ... Gathering Support From other](https://reader030.vdocuments.site/reader030/viewer/2022041015/5ec760b83bbec3588743096c/html5/thumbnails/4.jpg)
Power Operations Cyber Security Risk Profile• Nation States Highly Skilled Hackers
• Insider Threats Trusted VendorsAttackers
• Establishing external connectivity Compromised machine
• Removable Media Combined physical and cyber Means
• Destroy capabilities Degrade capabilities
• Publicity Customer impactMotive
• Insider Threat Outside Connections Process Failures
• Unstaffed sites VisitorsOpportunity
• Cause loss of life Damage our assets Security protections gap Impacts reputation Difficult to regain control Regulatory failureBusiness Impact
MitigationsLimited External Connections Security Conscious Staff Engaged System Owners
Regulatory Controls Security Monitoring Service Security Assessments
Physical Security Protections Diversity in hardware/software Customized configurationDocumented repeatable processes Built in security checks and balances Fear
![Page 5: A Steven Briggs Story - SANS Institute · A Steven Briggs Story. Power Operations Cyber Security Risk Profile •Nation States Highly Skilled Hackers ... Gathering Support From other](https://reader030.vdocuments.site/reader030/viewer/2022041015/5ec760b83bbec3588743096c/html5/thumbnails/5.jpg)
Define
Identify / Locate
Classify
Document
Protect
Review
Power Operations Data Protection Process
![Page 6: A Steven Briggs Story - SANS Institute · A Steven Briggs Story. Power Operations Cyber Security Risk Profile •Nation States Highly Skilled Hackers ... Gathering Support From other](https://reader030.vdocuments.site/reader030/viewer/2022041015/5ec760b83bbec3588743096c/html5/thumbnails/6.jpg)
Automating your reoccurring items
![Page 7: A Steven Briggs Story - SANS Institute · A Steven Briggs Story. Power Operations Cyber Security Risk Profile •Nation States Highly Skilled Hackers ... Gathering Support From other](https://reader030.vdocuments.site/reader030/viewer/2022041015/5ec760b83bbec3588743096c/html5/thumbnails/7.jpg)
Plants will work with out computers
Computer Remote Analysis Programs
![Page 8: A Steven Briggs Story - SANS Institute · A Steven Briggs Story. Power Operations Cyber Security Risk Profile •Nation States Highly Skilled Hackers ... Gathering Support From other](https://reader030.vdocuments.site/reader030/viewer/2022041015/5ec760b83bbec3588743096c/html5/thumbnails/8.jpg)
Learn the system geography and site importance
http://emilygrubert.org/wp-content/uploads/2019/01/eia_860_2017_map_upload.html
![Page 9: A Steven Briggs Story - SANS Institute · A Steven Briggs Story. Power Operations Cyber Security Risk Profile •Nation States Highly Skilled Hackers ... Gathering Support From other](https://reader030.vdocuments.site/reader030/viewer/2022041015/5ec760b83bbec3588743096c/html5/thumbnails/9.jpg)
Learn the network configuration
![Page 10: A Steven Briggs Story - SANS Institute · A Steven Briggs Story. Power Operations Cyber Security Risk Profile •Nation States Highly Skilled Hackers ... Gathering Support From other](https://reader030.vdocuments.site/reader030/viewer/2022041015/5ec760b83bbec3588743096c/html5/thumbnails/10.jpg)
Develop a long term plan
![Page 11: A Steven Briggs Story - SANS Institute · A Steven Briggs Story. Power Operations Cyber Security Risk Profile •Nation States Highly Skilled Hackers ... Gathering Support From other](https://reader030.vdocuments.site/reader030/viewer/2022041015/5ec760b83bbec3588743096c/html5/thumbnails/11.jpg)
Bring your knowledge of helpful IT appsRules!
• The current process works.
• Technology doesn’t always work given the conditions in the field.
• Understand the business function that is going on before you suggest tech.
• Approach in a supportive manner.
![Page 12: A Steven Briggs Story - SANS Institute · A Steven Briggs Story. Power Operations Cyber Security Risk Profile •Nation States Highly Skilled Hackers ... Gathering Support From other](https://reader030.vdocuments.site/reader030/viewer/2022041015/5ec760b83bbec3588743096c/html5/thumbnails/12.jpg)
Go back and tell your friends
![Page 13: A Steven Briggs Story - SANS Institute · A Steven Briggs Story. Power Operations Cyber Security Risk Profile •Nation States Highly Skilled Hackers ... Gathering Support From other](https://reader030.vdocuments.site/reader030/viewer/2022041015/5ec760b83bbec3588743096c/html5/thumbnails/13.jpg)
Information Technology
Respond politely when IT wants to come in to OT and provide additional services
that you didn’t ask for.
Gathering Support From other business units Throwing their systems and services out of your environment
![Page 14: A Steven Briggs Story - SANS Institute · A Steven Briggs Story. Power Operations Cyber Security Risk Profile •Nation States Highly Skilled Hackers ... Gathering Support From other](https://reader030.vdocuments.site/reader030/viewer/2022041015/5ec760b83bbec3588743096c/html5/thumbnails/14.jpg)
Questions
Steven BriggsSenior Program Manager I&C systems Generation Cyber SecurityTennessee Valley Authority• E-mail: [email protected]• Twitter: @tnvolsfan29