Securing Grids & Smart CitiesCyber Security ∙ Critical Infrastructure Protection ∙ Energy Management

Cyber Labs as a Service® (CLaaS®) • 2021 MPUA Virtual Conference

Since 2014: California | Louisiana | New Jersey | Texas | Virginia

No Vaccines for today’s CyberSecurity threats & vulnerabilitiesHigh Impact Cyber Security Vulnerabilities across all concerns

https://www.forbes.com/sites/stevebanker/2019/02/04/which-global-risks-are-increasing-in-2019/#719614a051e3

Weapons of mass

destruction

Failure of climate-change mitigation

and adaptation

Extreme weather events

Natural disastersWater crises

GLOBAL SITUATION

Significant cyber vulnerabilities exist across US Critical Infrastructure

USA GRID SITUATION: White House 100 Day Initiative

• Persistent & Sophisticated Cyber threats • Operational Technology (OT)• Information Technology (IT)• Industrial Control Systems (ICS)• Cloud Infrastructure

• Recent High Profile attacks• Colonial Pipeline & JBS Foods

• Critical Infrastructure Systems• Degradation• Destruction• Malfunction

https://www.whitehouse.gov/briefing-room/statements-releases/2021/07/28/fact-sheet-biden-administration-announces-further-actions-to-protect-u-s-critical-infrastructure/

USA GRID SITUATION: White House Results

Cascading physical Consequences & Debilitating effects on

https://www.whitehouse.gov/briefing-room/statements-releases/2021/07/28/fact-sheet-biden-administration-announces-further-actions-to-protect-u-s-critical-infrastructure/

• National Security• Economic Security• Public Health • Safety of the American people

Provide Secure technology solutions and Services for today’s complex global challenges & problems

Cyber Security Threats • Energy Grid Stability Risks • Public Safety Dangers

Vision & Mission – IPKeys Role

IPKeys solutions portfolio encompasses standards-based cybersecurity, networks, data

centers, software & IoT

Artificial Intelligence meets Human Intelligence

Cyber Lab as a Service (CLaaS )

CLaaS Networks Implementation

®

® ®

Lock All Cyber Doors• Access Controls• Assessments• Software Assurance• Physical Security Analysis• Incident Response

Readiness Review• Supply Chain Risk

Management

Monitor Networks & Cyber Locks

• Utility IT & OT network monitoring• Managed Anomaly Detection &

Response• Automated Vulnerability Scanning• Expert SOC Analyst• Threat Intelligence

Automate Cyber Compliance

• Evidence Collection

• Workflow Automation

• Compliance Reporting

• Baseline Monitoring

• Patch Management

• Tickets• Concerns• Alert Classifications• Geo Map• Sensor Status

Customer Portal

Reporting: In-depth knowledge and expert insights

Secure Critical Infrastructure

• Focus on key systems, not everything all at once• Identify critical servers and focus on:

• Isolating these servers from the network and limiting access by IP and Port

• Patching• Physical isolation• Regular backups can make ransomware less painful while

redundancy can make it only about the data

Defending Against Ransomware

Defending Against Cyber-Physical Attacks

What is a Cyber-Physical attack?• It’s a cyber attack with the side effect that it can affect a physical devices in an OT network

• Water supply systems• Gas pipeline

What is considered a Physical Device?• A physical device can be a switch, pump, generator or really any kind of SCADA device

The solution to protect against a cyber physical attack is:• Identify the critical servers that affect physical devices• Identify the physical devices that can be controlled remotely• Continuous monitoring of the networks both isolated and otherwise• Scan the network for vulnerabilities

Secure Critical Infrastructure

• Most utilities are understaffed or lack cyber expertise

• Spotify, Facebook, Dropbox, and other internet facing services are possible ways for hackers to gain an internal foothold to the network

• Phishing emails will eventually be successful

• Remote access to networks that used to have no external access is becoming the norm due to COVID

• Social engineering is still the biggest threat to any network

• Internal threats are not always malicious

• Make sure you can trust your IT vendor to be secure or they could be a possible attack vector

Lessons learned from our customers and my experience in the OT industry

Cyber Labs as a Service® (CLaaS®) • 2021 MPUA Virtual Conference

Mike HooverVice President, Municipal & Public Safety

847-875-3700

mhoover@ipkeys.com