Accenture & NextNine – Medium Size Oil & Gas Company Cyber Security Case Study

October 7, 2014Coden-MacLeod

ICS-CERT-JWG, Idaho National Laboratory, October 7, 2014. By Michael Coden and Pete MacLeod. Copyright © 2014 NextNine Inc. and Accenture. All rights

reserved.

Scalability of ICS

Cyber Security

By:

Michael Coden, CISSP, Vice President, NextNine Inc.

Pete MacLeod, Senior Manager, Accenture

October 7, 2014

Idaho National Laboratory

Idaho Falls, ID, USA


ICS-CERT-JWG, Idaho National Laboratory, October 7, 2014. By Michael Coden and Pete MacLeod. Copyright © 2014 NextNine Inc. and Accenture. All rights reserved. 2

Introductions

Michael Coden, CISSP

Vice President

• 30+ years experience in Cyber Security for

Critical Infrastructure Systems

• Research Affiliate at MIT-(IC)3, the M.I.T.

Interdisciplinary Consortium for Improving

Critical Infrastructure Cybersecurity

• Co-Architect of NextNine Secure Remote Site

Cybersecurity Automation Suite

• Co-architect of Real Time Operating Systems

used in Industrial Automation

• Contributor to ISA/IEC 62443-2-3 IACS Cyber

Security Standard

• Received Letter of Appreciation from the White

House for leadership on the NIST Cybersecurity

Framework.

• BSEE, MIT; MSBA, Columbia University; MS

Applied Math, Courant Institute of Mathematical

Sciences, NYU.

Pete MacLeod

Senior Manager – ICS Security

• 30 Years experience in the Oil & Gas Industry

• Data Acquisition, horizontal drilling, production

engineering & systems optimization

• Experience in United States, Canada, Gulf of

Mexico and South America

• 15 Years Designing, Deploying and

Commissioning field data capture, SCADA &

DCS

• 7 Years Industrial Automation & Control

Systems Security

• Contributor to ISA/IEC 62443-3-3 IACS Cyber

security standard



• Pete MacLeod will walk through a real live case study with actual

results

• Michael Coden will illustrate how centralized OT Cybersecurity

automation results in: improved cyber security, time savings, and cost

savings

How we are going

to do it:

Presentation Goals, and Plan of Attack

• Scalability of a security solution,

• Control Systems Security Project team and Run & Maintain

organization

• Reduce dependence upon rare hard to develop skill sets

• Minimize the Zero Day window of vulnerability

• Reduce the mean time to respond & remediate incidents

We would like to

provide an

understanding of

We plan to illustrate

significant time savings,

security enhancements

& cost reductions in

implementing ICS

cyber security

• How to scale and leverage the limited skill sets

• How to quantify savings and start building reasonable budget

estimates

• Control Systems Security Project team and Run & Maintain

organization

We hope to provide

you with an

understanding of:



Alignment to Cybersecurity Standards

ISA – International Society of Automation

ISA/IEC 62443 Series

International

2007 – Present

US – CERT

Vulnerability monitoring for industrial systems

US

NERC

Critical Infrastructure Protection (CIP) Standards

US

American Petroleum Institute

API 1164 Pipeline SCADA Security

US

NIST – US Department of Commerce

NIST 800-82 Guide to Industrial Control System Security

US

2011

Consensus Audit Group – SANS 20 Critical Controls

SANS 20 Critical Security Controls v5.0

US

2014


5ICS-CERT-JWG, Idaho National Laboratory, October 7, 2014. By Michael Coden and Pete MacLeod. Copyright © 2014 NextNine Inc. and Accenture. All rights

reserved.

Case Study of Encana Corporation

A Mid-Size Oil and Gas Producer



ICS Cyber Security Case Study – Actual Example

Identify what you haveClassify what you haveScope of Encana North American Operations Project:

Operations criticality

• Approximately 10% of all

of the Servers, Hosts and

devices were classed as

critical to operations

Safety Rating

• Approximately 7% of the

systems were classed as

SIS level systems

30 Plants and Facilities with:

• 154 Servers, 490 Hosts, 2,500 WinCE Devices L1 – L3

(Excludes WinCE in L0)

• 1,800 of Ethernet Enabled Devices direct networked

• 60 Terminal Servers, 80+ media convertors

• 44 WAP’s or Wireless Mesh (plus 18 unidentified &

unsecured WAP’s)

52 Fields across Colorado, Wyoming, Texas, BC,

Louisiana, Michigan, Alberta, Nova Scotia with:

• 150+ Microwave backhaul Wireless hops & 1000’s of

SCADA Radios

• 30,000+ Wellheads plus 100’s of pipeline custody

transfer meters

• Each Wellhead having from 3-5 devices on average

(~90,000 – 150,000 devices)



Encana – 30 Plants & 52 Fields:– We Examine a Typical Facility in Detail

Property or Plant SCADA Plant DCS

Fort Nelson BU

Deep Basin BU

Cutbank Ridge Plant #1A XXXXXX XXXXXXXXX

Cutbank Ridge Plant #1B XXXXXXXXX

Cutbank Ridge Plant #1B Field XXXXXX

Cutbank Ridge Plant #2 CygNet DeltaV

Kakwa XXXXXX

Bissette XXXXXX

Resthaven XXXXXX

Sexsmith XXXXXX XXXXXXXXX

Carrot Creek XXXXXXXXX

Cutbank XXXXXX

Edson West XXXXXX

Clearwater BU

North Rockies BU

South Rockies BU

Mid-Continent BU

1 of 5 Plants

and 9 Fields In

1 of 6 Business

Units



Encana Cutbank Ridge Plant #2:– ICS Asset Inventory Included 19 Types of ICS Systems

Gear On Site

Control System Site

XXXX = 50+ Devices

XXX = 10+ Devices

XX = 3-9 Devices

X = 1-2 Devices

Primary

WAN

Link Ro

ute

r

Sw

itch

Wire

less R

ad

io T

x/R

x

IP -

Se

ria

l C

on

ve

rte

r

Co

rp D

C

Corp

MP

Co

rp A

pp

Se

rve

r

Prin

tin

g

Vo

IP

De

skto

ps

HM

I's

Wo

rksta

tio

ns

Engin

eering S

tations

SC

AD

A a

nd

End c

on

trol D

evic

e

UP

S

SC

AD

A S

erv

er

Po

rt S

erv

er

Pla

nt D

CS

Clu

ste

r

PI D

ata

Co

llecto

r

Space C

onstr

ain

ed

Po

we

r C

on

str

ain

ed

Cutbank Ridge Plant #2 5 Mbps XX XX XX XX X X XX XX XXX XX XX X XXXX X Cyg X DV X

Swan (A-33-I) 6 Mbps X X X X X X X X X

A-33-I Riser 2 Mbps X X X X X X

C-19-H 3 Mbps X X X X X X X XX X

B-29-H 600 Kbps X XX X X X X XX X

1310F 100 Mbps X X X X XX X X

1310G 100 Mbps X X XX X X

1310H 100 Mbps X X XX X X

C-5-G 3 Mbps X X X X X X XX X

B-38-I 3 Mbps X X X X X X XX X

D-29-A 3 Mbps X X X X X X XX X

A-100-B 1 Mbps X X X X X X X X X

D-27-B 3 Mbps X X X X X X XX X

A-85-G 1 Mbps X X X X XX X X X



reserved.

Comparison of Manual vs. Automated

Asset Inventory



Step 1 in Securing ICS Systems: Inventory – Know what you need to protect

Identify what you haveClassify what you haveIdentify what you have

Operations criticality

• How critical is this

equipment to the

operations?

Safety Rating

• How critical is this

equipment to the health

and safety of the

operations, employees,

and nearby civilian

locations?

Plant Inventory and walk down

• Windows, Unix, & Linux: Servers & Hosts

• Embedded devices Embedded Linux and Windows CE

• Ethernet enabled PLC’s, RTU’s, and devices

• Networking equipment

• IP – Serial Media Convertors

• WAP’s, Wireless Meshes, etc.

Field Inventory and walk down

• All of the above plus:

• Wireless field communication gear (e.g.: Microwave

backhaul, PTP, PMP

• Inventory of remote unmanned stations



Step 3: Rebuild existing

networks

Step1: As built Drawings

for existing systems

networks

• Rebuild the network

– Segment the network

according to Perdue

principles

– Minimize IP

Readdressing to

eliminate operations

impacts

– Work within operational

work permitting process

& procedures

• As built drawings were

woefully inadequate

– Years out of date –

representative of “as

designed”

– 100’s of systems/devices

had been added but not

documented.

• Develop As Built

Drawings

– 2 Network Engineers 4

weeks in the Plant

– 2 Network Engineers 8

weeks in the associated

fields

Initial Walk-through and Inventory – Manual – Showed: Lack of, and need for, As-Built Documentation

Step 2: Design secure

network segmentation

baseline

• Redesign a segmented

network along the Basic

Perdue model

– Existing networks

typically designed by

operations and ICS

vendors rather than

skilled ICS network

engineers

– Segment into zones and

conduits based on

ISA/IEC 62443

– Classify zones based on

operational risk

assessment



• The As-Built drawings are created from the Asset Inventory DatabaseStep 4: Documentation

• An engineer installs a Virtual Security Engine (VSE) –- time to install

< 30 minutes

• The VSE is connected securely to a Central OT Security Center

staffed with experts

• The VSE then auto-discovers and creates a database inventory of

approximately 100 devices per hour (compared to a manual inventory

of 1-2 devices per hour)

• The VSE discovers all devices connected to the network (no matter

in what closet or drawer they are hidden ).

We would like to

provide an

understanding of

Step 1: Before the initial

walk-through

• Then engineer does a walk through to verify all auto-discovered

devices

• Simultaneously, the engineer uses a utility installed on a secure laptop

to inventory “islands” that are not connected to the network

• The engineer answers questions from the centralized secuirty experts

• The engineer collects certain “manual only” data

• The laptop then uploads its data to the VSE

Step 2: Walk-through

with auto-discovered

data, and laptop

discovery of islands

• The VSE securely uploads the complete inventory to a Security

Center database in a regional or corporate headquarters data centerStep 3: Auto-creation

of asset database

Initial Walk-through and Inventory – Automated– Auto-Discovery of Assets, Auto-Creation of Database



Comparison of Manual vs. Auto Inventory Time and Costs(For 1 of 30 Plants)

Function

Manual

Engineer

Time

Automated

Engineer

Time

Manual

Cost

Automated

Cost

Install VSE Software 0 30 minutes ~$40,000

Discover Networked

Devices

24 Weeks

for ~ 8000

devices

80 hours for

~8000

devices

$252,000 $0

Verify Auto Discovery included 4 weeks $42,000

Auto-Discover Islands Included 1 week $10,500

Enter Manual Information Included 1 week $10,500

Create As-Built Drawings 2 weeks 2 weeks $14,000 $14,000

Total Initial Inventory 26 weeks 8 weeks $266.000 $117,000

Elapsed Time 10 weeks 2 weeks

Ongoing Inventory Update Not Done~1

hour/week$266,000 <$500/week



reserved.

Modified Perdue Model:

- Greater Security

- Lower Cost

- Secure Remote Connectivity

- Cyber Expert Centralization



Basic Perdue Model:– How Cyber Security needs vary by level

Real Time0 – 25ms

Near RT25 – 50ms

SIS0-15ms

0%

10%

20%

30%

90%

100%

100%

90%

80%

70%

10%

0%

L E V E L 0

L E V E L 1

L E V E L 2

L E V E L 3

L E V E L 4

L E V E L 5

IT OT



Typical Actual Perdue Model Implementation:– A “Swiss Cheese” of Remote Access Exceptions



Limiting the Attack Surface While Implementing DID– Centralization of OT Cyber Security Improves DID

Design your baseline with Defence in

Depth (DiD)

• Implement Perdue model with level

segmentation via firewall with routing

controls

– Proper configuration and maintenance on

Firewalls and ACL’s

– Dropping the firewall and disabling ACL’s is

not an accepted solution to connectivity

issues

• Build and commission a DMZ at level 3.5 for

IT services, agents, patch management etc.

– Virtualization can help solve space and power

constraints

– Virtualization requires proper design,

configuration and tuning

– Connect the DMZ to the Central Security

Operations Center via secure tunnel

– All communication with the remote site should

go through a single, well defended tunnel.

DiD Issues

• Scaling for large companies

– Centralized security experts

– Centralized patch management and AV

consolidation – by vendor, product, model,

version

– Remote distribution of patches and signature

files to plant and field site DMZ servers

– Remote monitoring for Intrusion Detection,

Event Detection

• Scaling for small companies

– Shared resources for effective use of limited

skill sets

– Cross training operations staff, IT staff, and

contractors



A Single, Carefully Protected, Outbound-Only, Remote Connection Provides

Complete Security, with the Advantages of Centralized Experts & Scalability

Manage Connectivity from Remote Site to Central Site Properly– Single Firewall Rule = The Most Security & Easiest to Manage



A Single Firewall Rule: One-Port, Outbound Only– Mutual Two-Factor M2M Authentication

Virtual Security Engines: -Use one port, outbound only.

-All remote connectivity is through thissingle outbound only connection.

-FIPS 140-2 Compliant & TLS Encrypted.

Remote Site A

Remote Site B

Remote Site C

Secure Center

– Data is compressed, encapsulated, encrypted.– No possibility of VPN bleed, or fake

connections. – A secure multipurpose tunnel to remote sites.

CertificateSomething I know




Finger PrintSomething I AM



Finger PrintSomething I AMFinger Print

Something I AMFinger PrintSomething I AM



Secure Remote Access – Site Engineers Have Control– Cyber Security Experts are “Virtually On-Site” in Seconds

“Virtual Security Engineers:”

– With Remote Access, view what your remote site

is seeing on their system

– Remote Site controls granting of access

– An invaluable training aid

Remote Site A

Remote Site B

Remote Site C

Secure Center

End-customer approves

remote access

VSE Interface



Adapted Perdue Model – Single Port for All Remote Access

Virtual

Security =

Engine

Single

Protected

Entry Point



Minimizing Attack Surfaces – Manual– Turn off and remove all unused ports and services

Network

Equipment

Capabilities

Systems Services

Baseline Imaging

• Remove any

unnecessary

firewall rules

• Close all

unnecessary

ports

• Windows Hosts

Services

• UNIX & Linux

Daemons

• Application

Services

Requirements

Minimize your

Zero-Day

Footprint

• Turn off all

unused ports

• Remove all

unused Windows,

Linux, and UNIX

services

• Minimize your

footprint / attack-

surface, while

meeting your

system

requirements

Zero-Day

footprint is a

measure of the

services running

or the potential

exposure

• Minimize your

exposure duration

of the existing

footprint – this

requires

continuous

review of all

systems for

new open

ports, and

new services

running

Vulnerability

exposure duration

is a measure of

time between a

patch release and

install

Approved Services

Windows Image

Default

Services

ICS Secured Image



• The As-Built

drawings are

created from the

Asset Inventory

Database

Vulnerability exposure

duration is reduced by

weeks or months, with

no on-site manual

intervention

• Virtual Security engine scans all ports and services in use –

reporting to central Cyber Security experts

• Central Cyber Security Experts create Whitelists and Blacklists

We would like to

provide an

understanding of

System Services

Baseline Imaging

• Central Cyber Security Experts use VSE to remotely close ports

and remove services on hosts

• Similar centralized / automated actions close ports and remove

unnecessary rules on network equipment

Minimize your Zero-

Day Footprint

• Continuously

monitoring your

footprint /

attack-surface

while meeting

your system

requirements

VSE Scans all Assets

and Network

equipment daily

Minimizing Attack Surfaces – Centrally Automated– Ports and Service in use are monitored daily

Scan Open Ports

– Verify against Whitelist & Blacklist

Scan Windows Services

– Verify against Whitelist & Blacklist

Collect Event Logs & Syslogs

– Input to SIEM Analysis Tool

Analyze for Anomalies

- Services Use

- SIEM Output

- Ports Use

Access Equipment to

Investigate Anomalies



• Virtualization

engines need to

be tuned for AV

scans

• Appropriate

hardware resource

allocation to Real

Time processing

• Remote storage

increases latency

for store and recall

as well as AV

scans

• Deliver to site only

patches qualified

by vendors –

available for

installation

• Installation of

patches and AV

must be tied into

operations work

permitting system

• Make sure to

install only patches

qualified for a

product & version

Protecting ICS from New Attacks - Manually– Installing Patches and Anti-Virus Updates

• Vendor Anti Virus

Directory

Exclusions listing

• install only AV

updates approved

by vendor for each

product

• AV Scheduling

• Avoid batch

processing and

bulk data

extractions

• Take advantage of

existing work

permitting systems

• OS and Product

patches should be

installed as soon

as possible

• You are in a

race: Will you

install the

patch, before

the

vulnerability is

attacked?

Virtualization

Design & Tuning

for Industrial

Control Systems

Operational

Awareness of OS

and Product Patch

Management

ICS Antivirus

Baseline

Patch and A/V

Management is a

Continuous

Process – “A

Lifestyle”



Dynamics of Threats and Resilience

Systems Not

at RiskSystems At

Risk

Affected

Systems

Risk Promotion

Risk Reduction

Attack Onset

Recovery

Adverse Behaviors &

ManagementRisk Management

Threat

Management

Real-World

Implications

Financial,Data,

Integrity,Reputation

* Verizon Data Breach Report

67% were aided by significant

errors (of the victim)

How did breaches (threats) occur? * 64% resulted

from hacking

38%

utilized Malware

Over 80% of the breaches

had patches available for

more than 1 year

How are security and threat processes (resilience) managed? *

75% of cases go

undiscovered or

uncontained for

weeks or months

Note: System Dynamics Modeling cybersecurity research and breach research courtesy of MIT-(IC)3, the MIT Interdisciplinary Consortium for Improving Critical Infrastructure Cybersecurity – http://ic3.mit.edu



Protecting ICS from New Attacks – Centrally AutomatedCentralized Synchronization of Patches and Anti-Virus Updates

WSUS

ePO

SEP

WSUS

ePO

SEzP

Devices

Systems

Applications

Network

Devices

Virtual

Security

Engine™

Network

& Security

Devices

Virtual

Security

Engineer™

Devices, Systems, Applications

Remote Sites

Internet

External Users

Partner / SI / OEM

Field Service

Full Web UI

Your

Product

Patch

Server

Full Web UI

Internal Users

DMZ

Central

Security Center

Application

Server

Comm

Server

Real-Time

Database

Server

Windows

WSUS

Server

McAfee

ePO

Server

Symantec

SEP

Server



Securely Backup and Restore Critical Files:Multiple-Sites with Automated Verification

Devices

Systems

Applications

Network

Devices

Virtual

Security

Engineer™

Local

Peronnel

Network

& Security

Devices

Virtual

Security

Engineer™

Local

Personnel


Internet

External Users

Partner / SI / OEM

Field Service

Full Web UI

Backup

Location

# 2 With

Auto-Verify

of Backups

Backup

Location

# 1 With

Auto-Verify

of Backups

Full Web UI

Internal Users

DMZ

Houston

Central Security

Center

Application

Server

Comm

Server

Real-Time

Database

Server

Nigeria

California

Amsterdam

Qatar



One Critical Thing Missing From the Manual Budget:– Run and Maintain – People, Processes, Technology, COST

Run & Maintain

Hybrid skill sets developed through the project

One critical thing is missing!

OS patch levels, firewalls, network drawings, inventories, remote access,

application patch levels, HW & device firmware versions, code vaults, password

maintenance, backups, restores, emergency remediation ….

Issue 3Issue 1

Make backups,

verify backups,

test restores.

Important to

update Asset

Inventory daily

or weekly –

looking for

rogue devices,

ports, services

and

configuration

changes.

Issue 2

Important to

continuously

patch OS,

Applications, AV

– and to

enforce this

policy.

Have a secure

remote access

capability for

Cyber Security

experts to “be

virtually on-site”

in seconds. We

are in a race

against

attackers.

Issue 4

Centralize OT

Security – The

only scalable &

cost effective

approach.

Issue 5



Site Compliance Report

Secure Remote Site 1September 30, 2014

Compliance

Criticality Type IP Address Unique ID OS AV Log Complt. RMP Ports Services

WIN2003 Critical Connected 192.168.200.21 911101-D931818F-9752-43D9-9BD2-9B60 False False False True False True False

WIN2008 Critical Connected 192.168.200.22 911101-4B306D51-F7A1-41EE-9EAC-614C True False False True False True False

WIN7 Essential Connected 192.168.200.23 911101-AB0500F9-817D-4468-943A-7CF0 False False False True False True False

WINXP Necessary Connected 192.168.200.24 911101-F32D9FEB-E86D-4062-BC6E-B8FD True False False True False True False

1

Site Compliance Report

Secure Remote Site 1September 30, 2014

Compliance

Criticality Type IP Address Unique ID OS AV Log Complt. RMP Ports Services

WIN2003 Critical Connected 192.168.200.21 911101-D931818F-9752-43D9-9BD2-9B60 False False False True False True False

WIN2008 Critical Connected 192.168.200.22 911101-4B306D51-F7A1-41EE-9EAC-614C True False False True False True False

WIN7 Essential Connected 192.168.200.23 911101-AB0500F9-817D-4468-943A-7CF0 False False False True False True False

WINXP Necessary Connected 192.168.200.24 911101-F32D9FEB-E86D-4062-BC6E-B8FD True False False True False True False

1

Reports are used:

1. By management, on a daily basis, to ensure that assets are

hardened up to date, and to enforce compliance with company

security policies.

2. To provide auditors with a complete picture of the latest cyber

security status

Compliance and Enforcement of Cyber Security Policies



Instant App Delivery from Central ExpertsHeartbleed Scanner was delivered in 48 hours

DMZ

Central Security

Center

Application

Server

Comm

Server

Real-Time

Database

Server

Network

& Security

Devices

Virtual

Security

Engine™


Remote Site/s

Internet

External Users

Partner / SI / OEM

Full Web UI

Full Web UI

Internal Users

• GUI based App Development Environment

• Develop new Apps in a few hours

• Distribute Apps to all VSE’s

• No recompile or reboot of VSE is

required

• App is used immediately

We are already working on a Shellshock

scanner now!



Case Study – Cost Comparison – Mid-Size Oil and Gas– Initial Installation

Project Network Engineers – CCNA (Security/Router & Switch)

• As Built diagrams, redesign, VLAN segment, DiD, Firewalls

– 30 Plants and 52 Fields

$3,500,000

Project OS Specialists – MCSE (Desktop/Server)

• Reimage all systems to baseline, patch, software & firmware

– 154 servers, 490 hosts

$2,500,000

Project Automation Technicians & OS Specialist (Windows CE)

• Remediate embedded systems “Windows CE”

– 30,000 wellheads@ 4-12 Wells / day

$4,000,000

Direct Security Project Estimate $10,000,000

Indirect Operations Costs

• Operators & Electricians, Systems & Maintenance Engineers$4,000,000

Total Cost $14,000,000

$5,000,000

$3,000,000

$10,000,000

$18,000,000

$10,000,000

$28,000,000

Initial Installation Costs

• to Secure 30 Plants and 52 Fields

Automated**

with NextNine

Software &

Accenture

Services

Manual

**Note: The Automated costs include installation of a complete

Automated – Centralized Run & Maintain OT Security System



Case Study – Cost Comparison – Mid-Size Oil and Gas– Annual Run and Maintain Budget / Costs

Manual Run and Maintain Program:

• Inventory – 1/3 of plants each Year

• Patching, Ports & Services Scanning – once per Quarter

• Compliance Reports & Backups – once per Quarter

• Annual Software Cost ……………………………………..

• Annual Labor Cost …………………………………………

N/A

Total Cost $2,500,000

$ 100,000

$3,000,000

$3,100,000

Annual Run & Maintain Costs

• to Keep 30 Plants and 52 Fields Secure

Automated**

with NextNine

Software &

Accenture

Services

Manual

**Increased Cyber Security – Lower Annual Cost – Fewer personnel

Automated – Centralized Run and Maintain Program:

• Inventory of all plants – daily or weekly

• Patching, Ports & Services Scanning – Daily

• Compliance Reports & Backups – Daily

• Annual Software Cost ……………………………………..

• Annual Labor Cost …………………………………………$1,500,000

$1,000,000

Prohibitively

Expensive &

Impractical

to

Implement



Acknowledgements

• The authors would like to acknowledge the important contributions and gracious support of the following organizations in providing the data, research, and resources to produce this analysis and report:

– Encana Corporation

• For graciously permitting us to use their actual data. In particular we would like to thank Mr. Steve Biswangerwithout whose help this analysis could not have been done.

• http://www.encana.com

– NextNine

• http://www.nextnine.com

– Accenture

• http://www.accenture.com

– Massachusetts Institute of Technology (IC)3

• MIT Interdisciplinary Consortium for Improving Critical Infrastructure Cybersecurity

• http://ic3.mit.edu

http://www.encana.com

http://www.nextnine.com

http://www.accenture.com

http://ic3.mit.edu


Feedback & Brainstorm

34

Thank you

Michael Coden, NextNine

[email protected]

Pete MacLeod, Accenture

[email protected]

Email us for a copy of the presentation!