About Infracritical

Who and what is “Infracritical”?

SCADA and Control Systems Security Group (SCADASEC)Bi-Partisan Technologist Conference (“The Gathering”) – First MeetingTentative Plan – late April / early May 2009

Bob Radvanovsky, CIFI, CISM, CIPSJacob Brodsky, PE

Creative Commons License v3.0. 1

Who and what is“Infracritical”?

• Leading industry and business in Critical Infrastructure Protection (CIP).

– Provides guidance and direction to both public and private sectors through information sharing and ‘best practices’.

– Established open public discussion forums on current and relevant topics and affairs.

– Defines strategic vision of ‘future thought’ in infrastructure development and support.

• Liaisons government and industry strategies.

2

Presentation Agenda

• Our mission.• Our founders.• Publications and whitepapers.• Our membership.• About our immediate project:

– Hosting a bi-partisan meeting of technologists and business people to exchange ideas and information regarding the security of SCADA and industrial control systems.

– Establish a ‘grassroots’ foundation to (1) educate, (2) inform, and (3) learn from experiences encountered at the meeting.

3

Our Mission

• Established in 2001, Infracritical’s mission is to define and support a strategic level vision of standards and protocols used for Critical Infrastructure Protection.

• Infracritical believes that the open sharing of data and concepts throughout and between private and public sectors is essential to securing our Nation’s infrastructure.

4

Our Founders

• Tammy Olk, President and Co-Founder of Infracritical– Specializing in business and marketing, Tammy has a

proven background of leading organizations who have generated multi-million dollar ROI.

• Jacob Brodsky, BSc, Professional Engineer– Background of over 23 years of experience working on just

about every aspect of SCADA and industrial control systems, is a voting member of the DNP3 Technical Committee (a contributing member of ISA-99), and is an active member of the American Water Works Association.

5

Our Founders

• Bob Radvanovsky, Co-Founder of Infracritical– Considered a technical visionary and one of the Nation’s

leading CIP researchers.– Published several reference books and whitepapers in the

field of risk management, emergency preparedness and critical infrastructures.

6

Publications and Whitepapers

7

"Critical Infrastructure: Homeland Security and Emergency Preparedness" (published by Taylor & Francis Publishing, released in May 2006) outlines issues pertaining to homeland security and emergency preparedness, but mentions about 'CIP' and critical infrastructure information ("CII"), and how all is tied together.

"Transportation Systems Security" (published by Taylor & Francis Publishing, released in June 2008) represents a comprehensive text presenting strategic, practical, and operational applications for physical, procedural, and psychological safeguards needed to keep all modes of transportation up and running.

"Critical Infrastructure: Homeland Security and Emergency Preparedness – Version 2" (published by Taylor & Francis Publishing, released in December 2009).

Publications and Whitepapers

8

• “Arranging Fragility in Systems”, written by Allan McDougall and Bob Radvanovsky, represents a conveyance to the general public of the importance of properly defining and establishing terms and definitions used to determine methods of failure of any given system or infrastructure. Without establishing such a crucial elemental piece to the overall puzzle, validity and security of our critical infrastructures depends upon an accurate method of describing how these systems fail. This whitepaper addresses several of those issues.

• “Certified Time as an Infrastructure”, written by Bob Radvanovsky, addresses the importance of properly defining what CIT is and why it is important to a properly coordinated recovery process. Without time as an accurate and crucial time source, can cause serious disruption to our critical infrastructures. This whitepaper proposes several solutions which can be defined and established, thereby making our infrastructures more secure and reliable.

Our Members

9

• Infracritical has established and maintains several information sharing programs pertaining to our Nation’s infrastructures through the use of several communication mediums:– Electronic mailing & distribution lists– Blogs– RSS feeds– Podcasts / Webcasts– On-site / On-premise presentations– Mobile device communications

Our Members

10

• Memberships are generally free-of-charge and available to the public, consisting of discussions in:– SCADA and Industrial Control Systems Security (SCADASEC)– Transportation Systems Security (TRANSEC)– Water Security (WATERSEC) *NEW*

• Infracritical has membership of over one thousand participants consisting of representatives from various infrastructure sectors (and their industries) as well as several public sectors.

ImmediateProject

• Our immediate project is to host a joint testing exercise centered around cyber technologies that would typically be used by organizations subject to CIP regulation (energy, water, transportation, etc.).

• Equipment shared / discussed include the following:– SCADA devices– PLC (Programmable Logic Controllers)– RTU (Remote Terminal Units)– Devices used in a typical Smart Grid deployment– Devices used to support an AMI (Automated Metering Infrastructure)– HMI (Human Machine Interface)

• The concept is to provide real-life scenarios with current (or near-current) technologies in use today, and how to secure them as best as possible.

• Examples do not target any one specific sector or industry.

11

Immediate Project

12

• We are seeking your support in obtaining a meeting room/facility for this exercise.

• Sample agenda will include:– Hardware inventory, setup and configuration.– Introductions and group objectives.– Presentations.– Hands-on testing and evaluations.– Discussion and conclusion.– Postmortem.

Meeting Requirements

13

• An area that is capable of hosting approximately 30 to 40 associates plus equipment (includes electric).

• Tables and chairs.• Meeting will be approx. two (2) days, sometime in

May (tentative dates are May 14 and 15).• Nice to have, but not a requirement, include:

– Some degree of networking, separate from local Intranet.– Minimal access to the Internet, perhaps through a “guest

network” connection.

Conclusion

14

• There will be a (tentative) postmortem, along with a write-up conclusion from the exercise.

• If your organization is interested, we can provide you with a copy of our findings, to share within your organization and its participants, free of charge.

• Provide a scheduled presentation regarding the outcome from the exercise to your organization and its participants.

Questions?Bob Radvanovsky, (630) 673-7740

[email protected]

Jacob Brodsky, (443) [email protected]

Creative Commons License v3.0. 15