Cybersecurity is one of the top challenges facing electric cooperatives. Protect Our Power's Best Practices conference will provide insights on ways that co-ops and other entities throughout the electric sector can better secure the electric grid.

Curtis Wynn, president and CEO, Roanoke Electric Cooperative; president, National Rural Electric Cooperative Association board of directors

Best Practices in Utility Cybersecurity Conference 2020

Nearly half of all power and utility CEOs expect to be the victim of a cyberattack, according to a recent KPMG study, while the U.S. Department of Homeland Security acknowledges that Russian state actors are already in the nation’s grid. Meanwhile, new focus on the industry’s supply chain reveal further vulnerabilities to the system.

1/27/2020 |  Henry B. Gonzalez Convention Center, San Antonio, TX


Welcome from Shanna Ramirez

Interview With Jim Cunningham, Richard Mroz, and Blake Sobczak

Vulnerability Disclosure Issues & You

Monta Elkins | Security Architect | FoxGuard Solutions
Download .pptxDownload .pdf

Supply Chain CIP-13 - Best Practices to Pursue WhileAccomplishing Compliance as a Byproduct

Tom Alrich | Owner | Tom Alrich LLC
Download .pptxDownload .pdf

Supplemental slides for: Supply Chain CIP-13 - Best Practices to Pursue WhileAccomplishing Compliance as a Byproduct

Tom Alrich | Owner | Tom Alrich LLC
Download .pptxDownload .pdf

Monitoring - Real-Time Operational Technology Network Analysis and Security

Adam Hahn | Assistant Professor | Washington State University
Download .pptxDownload .pdf

Zero Trust – What Is It? Associated Best Practices and Vendors

Tony Massimini | Senior Industry Analyst | Frost & Sullivan
Download .pptxDownload .pdf

Firmware – Best Practices

Brad Whipple | Researcher | Idaho National Laboratory
Download .pptxDownload .pdf

Anatomy of SCADA Risk: Leveraging Lifesaving Epidemic Models for a Novel Evaluation of SCADA/ICS Risks

Yehonatan Kfir | CTO | Radiflow
Download .pptxDownload .pdf

Compliance & Moving To Best Practices

Robin Berthier | Research Scientist | University of Illinois
Download .pptxDownload .pdf

Cybersecurity for Wind Energy

Jake Gentle | Senior Power Systems Engineer | Idaho National Laboratory Jay Johnson | Principal Member of Technical Staff | Sandia National Laboratories
Download .pptxDownload .pdf

Identity and Access Management for Electric Utilities

Harry Perper | Chief Engineer | The MITRE Corporation
Download .pptxDownload .pdf

Cybersecurity for utilities is a paramount concern.

Protect Our Power’s 2nd Best Practices – Utility Cybersecurity conference, will provide critical updated information for anyone who can benefit learning from or contributing to best practices for the utility cyber sector.

Taking place immediately before the opening of DistribuTECH, this conference is a must for:

  • Utility executives and network security managers
  • Cyber security and IT / OT professionals
  • Software and hardware technology providers
  • Planning and risk management analysts
  • SCADA and industrial control system managers
  • Cyber security consultants and analysts
  • Executives at energy management service providers
  • Universities and research labs focusing on cybersecurity issues

To view the 2019 conference agenda and speakers: propose a topic and/or speaker, contact Paul Feldman:  pfeldman@protectourpower.orgFor sponsorship information, contact Jim Gold:

Agenda: January 27, 2020

8:00 – 8:15 - Welcome to Texas | Shanna Ramirez– Interim Vice President & Chief Integrated Security Officer, CPS Energy

8:15 – 8:45 - Interview - Best Practices in Utility Cybersecurity | Jim Cunningham - Executive Director, Protect Our Power | Richard Mroz - Senior Advisor, State & Government Relations | Blake Sobczak  - Deputy Editor-Energywire, E&E News

8:45 – 9:30 - Vulnerability Disclosure | Monta Elkins– SANS Instructor, ICS Researcher, author of “Defense against the Dark Arts”

09:30 – 10:15 – Supply Chain CIP-13 - Best Practices to pursue while accomplishing Compliance as a byproduct | Tom AlrichBlogger Extraordinaire, CIP 13 Expert, Independent consultant, past contributor at Deloitte and Honeywell | Details

10:15 – 10:45 – Break

10:45 – 11:30 – ICS/OT Network Real-Time Monitoring, Vendor comparison Results | Dr. Adam Hahn –Assistant Professor, Washington State University

11:30 – 12:15 – Zero Trust – what is it?  Associated Best Practices and Vendors | Tony Massimini –Senior Industry Analyst – Frost & Sullivan, Information & Network Security | Details

12:15 – 01:00 – Lunch

01:00 – 01:45 – Firmware: not so fast! | Brad Whipple – Critical Infrastructure Power System Researcher, Idaho National Labs– Firmware expert including code deconstruction | Details

01:45 – 02:30 – Anatomy of SCADA Risk: Leveraging Lifesaving Epidemic Models for a Novel Evaluation of SCADA/ICS Risks | Yehonatan Kfir– technology road-map expert, formerly responsible for new product research for a military intelligence group. | Details

02:30 – 03:15 – Compliance and moving to Best Practices – Robin Berthier– University of Illinois Research Scientist | Details

03:15 – 03:45 – Break

03:45 – 4:30 – TBD – Wind Farm Cybersecurity | Jake Gentle – Senior Power Systems Engineer, Critical Infrastructure Security and Resilience, Idaho National Labs | and Jay Johnson – Principal Member of Technical Staff at Sandia National Laboratories– Cybersecurity expert developing technology for DOE, DHS, and DoD. | Details

04:30 – 05:15 – Identity Access Management Best Practices | Harry Perper – Chief Engineer – The MITRE Corporation | Details

05:15 – 06:45 - Reception

Questions or Comments – contact


Anatomy of SCADA Risk: Leveraging Lifesaving Epidemic Models for a Novel Evaluation of SCADA/ICS Risks  How does a virus propagate within a real network?What is the single best node to immunize? While these questions seem to have been taken from a computer network domain, they are in fact questions that have been researched for several decades for the sole purpose of eliminating biological viruses. The well-researched biological epidemic models demonstrate astounding results in the prediction of disease and planning of immunization programs.In this discussion, we investigate these types of models and reveal how ideas derived from biological epidemic models can be replicated in a SCADA/ICS cybersecurity environment. We present an epidemic-based mathematical definition for SCADA/ICS network vulnerability and we show how this epidemic model can be used to prioritize security mitigations within a SCADA/ICS network. This presentation will kick-off Protect Our Power’s effort to compare vendors involved in SCADA and cybersecurity. Yehonatan Kfir is the Chief Technology Officer of Radiflow. He is a cyber researcher and accomplished certified hacker. Yehonatan also leads the research team at Radiflow with the sole purpose of uncovering new threats and developing novel OT security technologies that combat possible attacks. During his career Yehonatan served for 12 years in the cyber intelligent unit of the IDF, in both hardware and software roles. Whilst serving Yehonatan initiated and lead research and development teams in multiple cyber domains. He is also a graduate of the elite Talpiot Military Academy, has a BSc in Physics and Math from the Hebrew University and an MBA from the Technion and MSc in Electrical Engineering from Tel-Aviv University. Currently, Yehonatan is currently working on his PhD in Cyber Security in Bar-Ilan University. His main research interests are cryptography and attacks on Cyber Physical Systems. Return

Compliance, and Moving to Best Practices - We know that the industry has developed a “culture of compliance” rather than a “culture of resilience” – resilience meaning pursuing the best practices that will provide sufficient protection.  But NERC CIP is not going to go away and it is the law – so companies must at least obtain this lower bar.  Robin will talk about the Vendors in the NERC CIP space, but also thoughts on how we can be both Compliant, but to pursue Best Practices as well. Return

Identity Access Management Best Practices - To better protect power generation, transmission, and distribution, electric utilities need to be able to control and secure access to their resources, including OT systems, buildings, equipment, and IT systems. Identity and access management (IdAM) systems for these assets often exist in silos, and employees who manage the IdAM systems lack methods to effectively and securely coordinate access to devices and facilities across these silos. Learn how the NCCoE developed an example solution that unifies IdAM functions across OT networks, physical access control systems, and IT systems. The solution is packaged as a “How-To” guide that demonstrates how to implement standards-based cybersecurity technologies in the real world, based on risk analysis and regulatory requirements.  Return

Firmware: not so fast! This presentation focuses on firmware that low-level control for a device’s specific hardware.  Where to get updates, what to do with them when you get them – including not trusting them, and patching.  The presentation will include many references to important resources, and examples related to the dangers of outdated firmware, as well as firmware contaminated “out of the box” from vendors that have relied on software components obtained elsewhere.   Return

Supply Chain CIP-13 - Best Practices to pursue while accomplishing Compliance as a byproduct. Supply chain security seems at first to be the Impossible Dream. Not only do you have to secure your own organization, you have to secure your suppliers’ organizations. And their supplier’s organizations. And their suppliers’ organizations. And… The only way to approach supply chain security is through risk management; fortunately, NERC CIP-013 supports this view. As NERC CIP-13 makes its debut it remains vague however as to what the utilities should actually be executing to make their Supply Chain safe. How does a utility pursue best practices in this area and accomplish CIP-13 compliance as a byproduct? Tom Alrich will outline strategy and tactics related to best practices utilities should be pursuing both now and into the future to secure the Supply Chain.   Return

Wind Farm Cybersecurity This presentation focuses on the unique cybersecurity challenges posed by a remote large-scale distributed energy production wind farm facility.  The presentation will overview related best practices in cybersecurity and offer a set of resource references to help guide practitioners.   Return

Zero Trust is a security concept centered on the belief that organizations should not automatically trust anything inside or outside its perimeters and instead must verify anything and everything trying to connect to its systems before granting access. CIOs, CISOs and other corporate executives are increasingly implementing Zero Trust as the technologies that support it move into the mainstream, as the pressure to protect enterprise systems and data grows significantly, and as attacks become more sophisticated.   Return

Additional possible presentations

Network Segmentation, Vendor comparison Results | Dr. Art Conklin – Associate Professor and Director of the Center for Information Security Research, the University of Houston. Return

Media Partner