Friday, August 19, 2016

Webinar: Do Virtualization and NERC CIP Play Nicely Together?


One of the most important developments in IT in the past ten years has been the rapid growth of virtualization – compute, network and storage. Use of virtualization has led to huge cost savings, as well as large efficiency gains, in IT environments – especially data centers. Even more importantly, virtualization greatly expands IT's repertoire of services they can call upon to enable new business initiatives.

However, electric utilities subject to NERC CIP requirements are still struggling to take advantage of virtualization in their OT environment, even though they realize they would receive huge benefits – especially in control centers. This is because the CIP standards are totally silent on this topic – and this silence continues in CIP versions 5 and 6. Many utilities are too worried about inadvertently falling afoul of some CIP requirement to try virtualization in OT.

At the same time as utilities implement compliance with CIP versions 5 and 6, NERC and the Regions have made it clear they want utilities to feel comfortable introducing virtualization. However, they have not provided any definitive guidance on how to do this in a CIP-compliant manner. NERC has ordered the new "CIP v7" Standards Drafting Team to develop revised requirements or guidance, so that CIP will finally address this topic. But it will be close to three years before the new version comes into effect.

Where does this leave the utilities? This webinar will try to answer that question.
  • Tom Alrich and Joe Andrews of Deloitte will discuss how virtualization can work under CIP versions 5 and 6, and how v7 may finally settle this issue.
  • John Reno of Cisco will discuss the many advantages that electric utilities and IPPs can realize through implementing virtualization on their OT networks. This includes server, switch, and storage virtualization
  • Steve Sumichrast of Northern Indiana Public Service Company will discuss some of the lessons learned from NIPSCO's successful implementation of virtualization in their control centers in 2011.
Date: Thu, Sep 15, 2016
Time: 2:00 PM EDT
Duration: 1 hour
Host: Bob Lockhart
 
Presenters:
Tom Alrich, Deloitte & Touche LLP
Tom Alrich is a Manager in Cyber Risk Services with Deloitte Advisory, part of Deloitte & Touche LLP. He has worked in cyber security for 16 years, and with NERC CIP since CIP version 1 was approved in 2008. He has worked with over 30 NERC entities to understand and implement CIP versions 1 through 6. He writes a popular blog on developments in CIP.
 
Joe Andrews, Deloitte & Touche LLP
Joe Andrews is a Manager in Cyber Risk Services with Deloitte Advisory, part of Deloitte & Touche LLP. He spent five years as a CIP auditor with the Western Electricity Coordinating Council (WECC). Previously, he worked in cyber security for the US Department of Defense, based in the US, Europe and Japan. He holds many certifications, including CISSP, CISA and PSP. 


John Reno, Cisco
John Reno manages product and solutions marketing for Cisco IoT. Previously, John directed the product marketing group at Silver Spring Networks, drawing on over fifteen years of experience in software applications, infrastructure management and system design. For the past ten years John has launched and led go to market initiatives for network and data security companies such as Securify (acquired by Intel/McAfee) and EMC/RSA

Steve Sumichrast, NIPSCO
Steve Sumichrast is the Lead System Engineer for NIPSCO's Operations Technology department, and has worked in the department since 2010.  He is responsible for implementation and adherence to NERC CIP standards for all server, workstation, storage and virtualization infrastructure used by real-time systems.  He holds numerous industry certifications, including certification from Cisco, NetApp and VMware. 

To register, go here



The views and opinions expressed here are my own and don’t necessarily represent the views or opinions of Deloitte Advisory.

2 comments:

  1. I notice people are still hitting this post even though the webinar was last week. The webinar was recorded and will be posted, along with the slides, on UTC's web site. I'll put out a new post with the URL when that happens.

    ReplyDelete
  2. Nice blog... I really appreciate your work which you have done about the Securing OT Networks, many thanks and keep it up.

    ReplyDelete