Monthly archive

Power Utility Data Protection Policies and Practices

October 1st, 2020

This is the tenth in the series of USAID webinars on Digitalization and Cybersecurity in the Energy Sector hosted by E3.

Data protection is a critical aspect of compliance in many industries, including the energy sector. In fact, sensitive data is the most common target of cyber attacks.

This webinar will address data protection considerations, best practices, and legal/regulatory frameworks in an era of smart grids and sophisticated cybersecurity threats.

Drew Bagley

Job Title: 
Vice President and Counsel for Privacy and Cyber Policy
Organization: 
CrowdStrike
Drew Bagley, CIPP/E, CrowdStrike Vice President and Counsel for Privacy and Cyber Policy, is responsible for leading CrowdStrike’s data protection initiatives, privacy strategy and global policy engagement. He serves on the Europol Advisory Group on Internet Security and the U.S. Department of State’s International Digital Economy and Telecommunications Advisory Committee. Recently, Drew helped lead the ICANN Competition, Consumer Choice, and Consumer Trust Review Team, which assessed the expansion of the Internet’s Domain Name System. Prior to joining CrowdStrike, Drew served in the Office of the General Counsel at the Federal Bureau of Investigation. He is a member of the New York State Bar and a former German Chancellor Fellow.
Profile Type: 
Speaker

Cybersecurity Standards and Best Practices: Part 2 - Utilities and ISO/IEC 27001 ISMS 2005/2013

September 24th, 2020

This is the ninth in the series of USAID webinars on Digitalization and Cybersecurity in the Energy Sector hosted by E3.

ISO/IEC 27001 is a globally recognized standard providing requirements for the setting up of an information security management system (ISMS). The standard describes how an organization must set its security objectives and determine the risks that threaten these objectives.

Stefano Bracco

Job Title: 
Knowledge Manager
Organization: 
Agency for the Cooperation of Energy Regulators (Slovenia)

Stefano Bracco is Knowledge Manager in the Corporate Services at the Agency for the Cooperation of Energy Regulators. Among his functions, he is also a Senior Security Officer and Chief Information Security Officer since the foundation of the Agency.

He has been working in EU Institutions/Bodies for the past 20 years, focusing on implementation of policies in different areas. He has been a researcher and co-author of papers and books published in peer-reviewed international journals or presented at international scientific conferences, covering several topics (Law, Cybersecurity, Energy, Nuclear Energy, Natural Language Processing and Bio-Informatics).

He has an extensive knowledge of energy cybersecurity in Europe. He is chairman and co-chairman of Task Forces focusing on cybersecurity for Energy from a Regulatory perspective and member of the Expert Group 2 of the Smart Grid Task Force of the European Commission. He has been studying Computer Science at the University of Rome “La Sapienza”. He has been serving the EU Institutions and Bodies around Europe and is actually living in Slovenia, where the Agency is located.

Profile Type: 
Speaker

Cybersecurity Standards and Best Practices: Part 1 - US Standards (NERC CIP)

September 17th, 2020

This is the eighth in the series of USAID webinars on Digitalization and Cybersecurity in the Energy Sector hosted by E3.

Given the complexity of business processes and the wide variety of cyber assets used in the energy sector, there is a long list of cybersecurity standards that address security requirements, security controls, resilience strategies, and technologies.

The NERC CIP Standards are an important first step for cyber professionals to use when assessing and improving their cyber environments. The webinar will address questions such as:

Forging a Cybersecurity Defense for Utilities

September 10th, 2020

This is the seventh in the series of USAID webinars on Digitalization and Cybersecurity in the Energy Sector hosted by E3.

Jason D. Christopher

Job Title: 
Principal Cyber Risk Advisor Threat Operations Center
Organization: 
Dragos, Inc.

Jason D. Christopher is the Principal Cyber Risk Advisor at the industrial cybersecurity company Dragos, Inc., where he blends innovative approaches for risk management with state-of-the-art technology and services across the company’s product catalogue. With over 15 years’ experience in cybersecurity and industrial control systems, Jason offers critical infrastructure expertise in developing successful cyber risk strategies.

Prior to Dragos, Jason held multiple roles in industry as an executive leader, researcher, regulator, and engineer. As CTO of Axio, a cyber risk management SaaS company, he pioneered new cyber risk techniques for clients to measure and address their risk exposure. He previously led security metrics R&D at the Electric Power Research Institute where he worked directly with utilities on actionable measurement capabilities. While working for the United States government, Mr. Christopher spearheaded the energy sector strategy for the National Institute of Standards and Technology (NIST) Cybersecurity Framework, the Cybersecurity Capability Maturity Model (C2M2), and was the technical lead for the North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) Standards.

Jason continues to focus on developing cybersecurity standards & best practices for critical infrastructure. He is a Certified Instructor for the SANS Institute & often presents at leading ICS security conferences. He was awarded Cybersecurity Leader of the Year in 2019 by the Energy Sector Security Consortium.

FORMAL EDUCATION

  • Bachelors of Science, Computer Engineering, Binghamton University
  • Masters of Electrical Engineering, Cornell University

CERTIFICATIONS

  • GIAC Critical Infrastructure Protection (GCIP)
  • Global Industrial Cyber Security Professional (GICSP)
Profile Type: 
Speaker

Christopher Taylor

Job Title: 
Cyber Engineering Team Lead
Organization: 
Southern Company

Christopher Taylor is a Cyber Engineering Team Lead in the Technology Security Strategy & Architecture department of Southern Company, with a focus on power delivery systems. The department is responsible for managing cyber security risk across the enterprise including development of reference security architectures, performing risk assessments and providing cyber security strategy, architecture and engineering services. At Southern he has spent the last seven years focused on cyber security for Power Delivery and has led efforts on strategy development, technology deployment and adoption of risk frameworks and assessments within the organization.

Christopher has seventeen years of experience in the cyber security field and previously worked as an officer in the U.S. Air Force and as a consultant at Booz Allen Hamilton. Christopher holds a CISSP certification and he received his Bachelor of Science in Computer Science & Engineering from the University of Florida and his Master of Science in Cybersecurity Technology from University of Maryland Global Campus.

Profile Type: 
Speaker

Galen Rasche

Job Title: 
Senior Program Manager
Organization: 
Electric Power Research Institute (EPRI)

Galen Rasche is a Senior Program Manager in the Power Delivery and Utilization (PDU) Sector at the Electric Power Research Institute (EPRI), managing the Cyber Security Program P183.  This program performs collaborative, applied research to improve the security and resilience of transmission, distribution, and grid-edge systems.  In this position, Galen engages with cyber security teams and executives from electric power utilities around the world to develop cyber security technologies, standards, and business processes to address the emerging threats to the electric sector.  He has 15 years of experience performing research in various aspects of cyber security and OT security. 

Prior to joining EPRI, Galen led the Embedded and Application Security Group at Southwest Research Institute (SwRI). In this position, he was the project manager for several Smart Grid security projects and also performed cyber security research for government research laboratories and commercial clients.

Galen earned a Master of Science in Electrical Engineering from the University of Illinois at Urbana-Champaign and a Master of Business Administration and Bachelor of Science in Electrical Engineering from the University of Kentucky.

Profile Type: 
Speaker

Introduction to the Cybersecurity Capability Maturity Model (C2M2)

September 3rd, 2020

This is the sixth in the series of USAID webinars on Digitalization and Cybersecurity in the Energy Sector hosted by E3.

The C2M2 model is one of the most important tools for assessing the cybersecurity posture of the energy sector organizations and enhancing their cybersecurity capabilities. Presenters from the Electric Power Research Institute (EPRI) and Southern Company will walk the audience through the NIST Cybersecurity Framework and link it with the C2M2 framework. In addition the webinar will cover EPRI’s Technical Assessment Methodology (TAM).

Pages