Download - 2017 MRO Security Conference MRO Security... · 2017 MRO Security Conference . Addressing Tomorrow’s Threats Today . Conference Agenda and Speaker Biographies . Thursday, September

2017 MRO Security Conference

Addressing Tomorrow’s Threats Today

Conference Agenda and Speaker Biographies

Thursday, September 28, 2017 MRO Corporate Offices, King Conference Center

380 St. Peter Street, Suite 800

St. Paul, MN 55102

2017 MRO Security Conference

CLARITY ▪ ASSURANCE ▪ RESULTS 2

This conference is intended to provide security education to registered entities in the MRO Region, and other parties interested in securing the reliability of the bulk power system. This conference, sponsored by the MRO Security Advisory Council, is designed to expand security awareness and strengthen cyber and physical security through clarity, information sharing with experts from within the security industry, as well as analyzing real world security lessons and best practices.

2017 MRO Security Conference Agenda


Breakfast A catered hot breakfast will be provided from 7:00 a.m. – 8:00 a.m. in the lounge of the conference area. If you have any dietary restrictions, please see a person at the registration table or the server in the lounge. Beverages Beverages will be available in the conference room, as well as in the lounge. Please help yourself. Lunch A catered lunch will be provided. If you have any dietary restrictions, please see a person at the registration table or the server in the lounge. Please follow the emcee’s instructions for dismissal to lunch. Restrooms Restrooms are located outside of the conference room, as well as on floors 6 and 7. If you choose to use a restroom on another floor, please take the elevators. The staircases only open on the first floor. Conference Etiquette As a courtesy to presenters and conference participants, please observe the following rules of conference etiquette: • Silence all of your electronic devices prior to sessions • Please defer to speakers’ preferences for questions;

however, when you ask your question, please wait for a microphone runner to come to you first, for the benefit of those that are located in the overflow room

• Be seated prior to the beginning of each session Name Badges Please wear your name badge at all times. Conference Evaluation Your feedback is appreciated; a feedback form is included in this packet. Please complete the form and leave it at your seat or place it in the feedback form box at the registration table.

Luggage Storage for any size travel luggage can be found in MRO’s lobby by the registration desk. Please ask MRO staff at the registration desk for assistance. Lost and Found An MRO representative will always be in the meeting room; however, personal belongings are left at your own risk. If you find or lose an item, please visit the registration desk. After the conference, please contact Chris Adam at: [email protected] Power Power will not be supplied at the tables. Please refrain from plugging into floor outlets to minimize the hazard from tripping. Power strips are available at two counters within the conferencing space. Photographs MRO may take videos or photos of its conferences and events for use on the MRO website or in MRO publications or other media produced by MRO. MRO reserves the right to use any image taken at any event sponsored by MRO, without the express written permission of those individuals included within the photograph and/or video. To ensure the privacy of conference attendees, images will not be identified using names or personal identifying information without the express written approval from the individual shown. If you do not wish to have your image taken for future publication, please notify MRO event staff. By participating in this MRO event or by failing to notify MRO of your desire to not have your image taken by MRO, you are agreeing to allow MRO to use your image as described. Thank you for your understanding and cooperation!

mailto:[email protected]



2017 MRO Security Conference Agenda “Addressing Tomorrow’s Threats Today”

Sponsored by MRO Security Advisory Council (MRO SAC)

Thursday, September 28, 2017 – 8:00 a.m. to 4:45 p.m.

TIME AGENDA ITEM 7:00 a.m. – 8:00 a.m. Registration and Hot Breakfast 8:00 a.m. – 8:05 a.m. Conference Kick-off

Emcee: Steen Fjalstad, Security and Mitigation Principal, MRO 8:05 a.m. – 8:15 a.m. MRO SAC Welcome Address

Mike Kraft, MRO SAC Chair, Basin Electric Power Cooperative 8:15 a.m. – 8:25 a.m. Adapting to Tomorrow’s Risks

Dan Skaar, President and CEO, MRO 8:25 a.m. – 9:45 a.m. Morning Keynotes - Executive Security Perspectives

Steve Brown, MRO SAC Member, Vice President Enterprise Security Services & Chief Security Officer, Xcel Energy Keri Glitch, Vice President & Chief Information Security Officer, MISO (Q&A Executive Panel immediately following Keynotes)

9:45 a.m. -10:15 a.m. Morning Break 10:15 a.m. – 11:00 a.m. Physical Security-A Cadillac Strategy on a Buick Budget: Tomorrow’s

Threats Addressed Today Jeff Imsdahl, Director of Physical Security, Xcel Energy

11:00 a.m. – 11:45 a.m. Cyber Security-Active Defense and the Cyberhunting Maturity Model Chad Connell, Senior Manager, Cyber Intelligence, Hunting, and Response, MISO

11:45 a.m. – 12:45 p.m. Lunch Break 12:45 p.m. – 1:30 p.m. Electricity Subsector Coordinating Council (ESCC) Update

Duane Highley, President and CEO of Arkansas Electric Cooperative Corporation (AECC) and Co-Chair of the ESCC

1:30 p.m. – 2:15 p.m. E-ISAC Update Marc Sachs, Senior Vice President and Chief Security Officer, E-ISAC

2:15 p.m. – 2:30 p.m. Enigma-Encore Presentation Marc Sachs, Senior Vice President and Chief Security Officer, E-ISAC

2:30 p.m. – 2:45 p.m. Afternoon Break 2:45 p.m. – 4:30 p.m. Afternoon Keynote – ICS/SCADA Security

Robert Lee, CEO, Dragos, Inc. 4:30 p.m. – 4:40 p.m. MRO SAC Closing Address

John Hochevar, MRO SAC Member, Information Security Officer, ATC 4:40 p.m. – 4:45 p.m. Conference Closing

Emcee: Steen Fjalstad, Security and Mitigation Principal, MRO



7:00 a.m. – 8:00 a.m. Registration is located in MRO’s lobby directly outside of the King Conference Center. Breakfast is located in the conference lounge.

8:00 a.m. – 8:05 a.m. Conference Kick-off Emcee: Steen Fjalstad, Security and Mitigation Principal Midwest Reliability Organization

8:05 a.m. – 8:15 a.m. MRO SAC Welcome Address Mike Kraft, MRO SAC Chair, Senior Compliance Engineer Basin Electric Power Cooperative

8:15 a.m. – 8:25 a.m. Adapting to Tomorrow’s Risks Dan Skaar, President and CEO, MRO

8:25 a.m. – 9:45 a.m. Morning Keynotes – Executive Security Perspectives

Steve Brown, MRO SAC Member, CSO, Xcel Energy Keri Glitch, VP, Chief Information Security Officer, MISO

Steve’s presentation, Building a Cyber Security Program Today for Tomorrow’s Threat will showcase one CSO’s journey on taking a company from a compliance-focused security model to a threat and risk-based security model that is better able to address and adjust to today (and tomorrow’s) dynamic cyber environment. Keri will discuss “5 keys” that a security professional needs to understand in order to be prepared today for the potential threats of tomorrow. These “keys” are foundational to ensuring a sustainable and resilient security program applicable to the utility field.

10:15 a.m. – 11:00 a.m. Physical Security-A Cadillac Strategy on a Buick Budget: Tomorrow’s Threats Addressed Today Jeff Imsdahl, Director of Physical Security, Xcel Energy

Physical Security consists of a risk-based approach with an eye for innovation, spread with common sense, and lastly, flexibility in standards. Reducing risk by sharing, partnering, and communicating is the key to a successful physical security program. Innovate and fail fast!

8:00 a.m. – 9:45 a.m. Conference Opening / Morning Keynotes

10:15 a.m. – 11:00 a.m. Physical Security

9:45 a.m. – 10:15 a.m. Break

7:00 a.m. – 8:00 a.m. Registration and Breakfast



11:00 a.m. – 11:45 a.m. Cyber Security-Active Defense and the Cyberhunting Maturity Model Chad Connell, Senior Manager, Cyber Intelligence, Hunting, and Response, MISO Chad will talk about changes that have driven the current threat landscape, and also provide a brief overview of certain threats, and how threats are carried out. Rather than technical solutions and magical boxes, he will focus on the importance of mature core capabilities across departments, with strong support from the business. Chad will discuss how MISO has transitioned from a heavy reliance on security technologies, towards a proactive capability that uses a variety of data, tools, and skillsets to look for signs of potential threats, in order to prevent cyber threats from impacting critical business functions. Finally, Chad will discuss MISO’s approach to addressing the current threat landscape.

Please follow the emcee’s instructions for lunch dismissal. If your section is not the first to be called, please feel free to network, or use the restroom. Additional restrooms are found on floors 6 and 7; please take the elevators. The staircases only open on the first floor. * If you registered with special dietary needs, please see the person at the registration table or the server in the lounge for assistance.

12:45 p.m. – 1:30 p.m. Electricity Subsector Coordinating Council (ESCC) Update Duane Highley, President and CEO, Arkansas Electric Cooperative Corporation

(AECC) and Co-Chair of the ESCC

Duane serves as co-chair of the Electric Subsection Coordinating Council (ESCC), a partnership between electric utilities and the government designed to make the grid more secure and resilient to physical and cyber threats by promoting information sharing, developing tools and technologies, sponsoring threat exercises, and coordinating on recovery. Duane will discuss the good, the bad and the ugly of the partnership.

1:30 p.m. – 2:15 p.m. E-ISAC Update Marc Sachs, Senior Vice President and Chief Security Officer, E-ISAC

Marc will provide updates from the Electricity Information Sharing and Analysis Center (E-ISAC). This update will show you all of the recent changes, what is going on now, some security incidents you might be interested in, and what new capabilities are coming in 2018. He will also talk about how you can use the E-ISAC to help reduce security risks in your operations.

2:15 p.m. – 2:30 p.m. Enigma-Encore Presentation Marc Sachs, Senior Vice President and Chief Security Officer, E-ISAC

In World War II the Germans believed that their Enigma machine was unbreakable and provided completely secure tactical information exchange between Army, Navy, and Air Force units. One of the

11:45 a.m. – 12:45 p.m. Lunch

12:45 p.m. – 2:30 p.m. Electricity Subsector Coordinating Council (ESCC)



few surviving Enigma machines will be on display and Marc will talk about how the German assumptions about communication security led to their eventual defeat. It was not a weakness in the Enigma machine that was at fault so much as the shortcuts taken by field units combined with implementation errors in the way the machines were used. Could we be suffering from the same hubris when it comes to the security of the North American electric grid?

2:45 p.m. – 4:30 p.m. Hunting the Unknown: Adapting Defenses to Industrial Threats Robert Lee, CEO, Dragos, Inc.

The ICS threat landscape is mostly unknown, yet best-practices from IT security continually get copy/pasted into the ICS. Much of this is a good starting place but tailored defenses to industrial threats are needed. This presentation serves as an extension to the MRO webcast that was given on Exploring the Unknown ICS Threat Landscape, although participants need not have attended that discussion to benefit from this presentation. The talk will focus on how to understand your specific ICS threat landscape, what efforts are being done in the community to hunt the unknown threats, and recommendations on how we all need to adapt to threats such as the ELECTRUM group's CRASHOVERRIDE attack on Ukraine's Kiev substation in 2016.

4:30 p.m. – 4:40 p.m. MRO SAC Closing Address John Hochevar, MRO SAC Member, Information Security Officer, American Transmission Company

4:40 p.m. – 4:45 p.m. Conference Closing

Emcee: Steen Fjalstad, Security and Mitigation Principal, MRO

2:30 p.m. – 2:45 p.m. Break

4:30 p.m. – 4:45 p.m. Conference Closing

2:45 p.m. – 4:30 p.m. Industrial Control System (ICS) Keynote

Speaker Biographies


Mike Kraft Senior Compliance Engineer, Basin Electric Power MRO Security Advisory Council Chair Email: [email protected]

Mike is a registered Professional Engineer in ND and an IEEE Senior Member. He has spent the majority of his 20+ year career with Basin Electric Power Cooperative with experience in IT, OT and project management. As the CIP Program Manager, he is leading a cross departmental team including transmission, generation and control center staff addressing physical and cyber security.

Mike is an active member of the MCCF and WICF CIP Working Groups, the NATF Security Practices Group, the NAGF Security Practices Working Group, the NRECA Cyber Security Task Force and the ESCC SEWG. He is the Chair of the MRO Security Advisory Council (SAC), an MRO Alternate Representative to the NERC Critical Infrastructure Protection Committee (CIPC), a member of the WECC Situational Awareness and Security Monitoring Subcommittee (SASMS), and a member of the WECC Physical Security Work Group (PSWG).

Dan Skaar President and Chief Executive Officer, Midwest Reliability Organization

As president and CEO of MRO, Dan oversees the reliability of the bulk power system for the Upper Midwest region of the United States and Canada consistent with its delegated authorities from the applicable governments. The MRO Region includes investor-owned utilities, generation and transmission cooperatives, municipalities, joint action agencies, generators, regional transmission organizations, marketers, U.S. federal power entities, and two Canadian provinces. MRO's governance structure includes a balanced hybrid board that includes both stakeholders and independents. Dan holds a BA and MBA from the University of St. Thomas in St. Paul, MN, and is also a graduate of the University of Minnesota's Advantage Executive Program. Dan retains an active CPA license.

Speaker Biographies


Steve Brown Chief Security Officer, Xcel Energy MRO Security Advisory Council Member

Steve Brown is the Vice President, Enterprise Security Services and Chief Security Officer of Xcel Energy. He is responsible for all aspects of the company’s Cyber Security, Physical Security, Enterprise Continuity, Strategy Performance, and Security Governance & Risk Programs. A seasoned information security executive, Steve has over 35 years of industry and military experience in the field of security. Prior to Xcel Energy, he was the Vice President & Deputy CISO at Hewlett Packard, responsible for global security operations. He spent 13 years with Wells Fargo as the Senior Vice President of Information Management and Enterprise Information Security Operations. He started his career in the US Navy, where he spent 20 years in technical and leadership positions in Information Warfare, Signals Intelligence, and Network Operations. Steve previously sat on the Board of Directors for the Information Technology Information Sharing Analysis Center (IT-ISAC), the Board of Directors of the Financial Services ISAC (FS-ISAC), and was co-chair of the Minnesota CSO Summit. Steve has a Bachelor of Science in Information Management from the University of Maryland and an Executive MBA from the University of Michigan.

Keri L. Glitch Vice President, Chief Information Security Officer Senior Manager, Critical Infrastructure Protection, MISO Email: [email protected]

Keri Glitch was named vice president and chief information security officer for Midcontinent Independent System Operator Inc. in May 2017. She serves concurrently as MISO’s senior manager for Critical Infrastructure Protection.


Speaker Biographies


A veteran technology leader, Keri is responsible for MISO’s comprehensive information security strategy, execution, and operations. Keri joined MISO having most recently served as the chief security officer for AVANGRID, where she was responsible for physical and cyber security, threat and incident management, and security compliance for all operations. Previously, Keri was Iberdrola USA’s chief information officer. While in that role, she managed the strategic and operational aspects of all IT applications, communications, and infrastructure across four regulated utility operating companies in Maine and New York. Keri earned a B.S. in business management from the State University of New York at Geneseo and an M.S. in multidisciplinary studies with concentrations in human resource management, instructional technology, and service management from the Rochester Institute of Technology.

Jeff Imsdahl Director of Physical Security, Xcel Energy Email: [email protected]

Jeff Imsdahl, CPP, PSP is the Director, Physical Security and Deputy, Chief Security Officer for Xcel Energy. He has direct responsibility for all Xcel Energy physical security functions, including the Security Operations Center, Investigations, Security Systems, Badging/Access Control, Personnel Security, Contract Security and Regulatory security compliance departments supporting over 11,000 employees and over 1,700 assets in nine states. Jeff has been with the company 17 years.

Jeff is responsible for numerous Federal regulatory security programs to include his position as the Corporate Security Officer (CSO) for Xcel Energy’s Chemical Facilities Anti-Terrorism Standards (CFATS), and is overall responsible for physical security requirements and procedures related to the Transportation Security Administration (TSA) physical security plans for all critical gas assets. He is currently the Vice Chair of the Edison Electric Institute (EEI) Security Committee Leadership Team. Jeff retired after 26 years of US Air Force Active Duty and Reserve service to his nation as a Chief Master Sergeant, US Air Force Security Forces career field. A combat veteran, he has deployed in support of Operations JUST CAUSE, DESERT SHIELD, DESERT STORM, PROVIDE COMFORT, and IRAQI FREEDOM.


Speaker Biographies


Chad Connell Senior Manager, Cyber Intelligence, Hunting, and Response, MISO Energy

Email: [email protected]

Chad enlisted in the United States Air Force in response to the attacks on September 11, 2001. He was hand selected to work on the Government Network Operations Center (GNOC), and provided direct secure communications to Air Force One, Air Force Two, and the rest of the Presidential Airlift Group (PAG). Chad received an Air Force Achievement Medal for Meritorious Service for his work supporting the President, Vice President, Secretary of State, Secretary of Defense, and the Joint Chiefs. After his enlistment, Chad became a contractor for Booz Allen Hamilton. While at Booz Allen Hamilton, Chad acted as an Information Security Subject Matter Expert (SME), and held numerous Industry Certifications. He has received recognition supporting the United States Marshals Service (USMS), Defense Intelligence Agency (DIA), Defense Threat Reduction Agency (DTRA), Joint Improvised Explosive Device Defeat Organization (JIEDDO), National Security Agency (NSA), and the Central Intelligence Agency (CIA).

Duane Highley

President and Chief Executive Officer, AECC

LinkedIn: http://linkedin.com/in/Highley Twitter: @highleyunlikely Email: [email protected]

Telling the cooperative story for 34 years, Duane serves as President/CEO for Arkansas Electric Cooperative Corp. (AECC) and Arkansas Electric Cooperatives, Inc. (AECI). Through 17 member systems AECC provides reliable, affordable power to over 1 million Arkansans. AECI and its subsidiaries ERMCO, GridBridge and Today’s Power provide services, equipment, and solar energy solutions to utilities across the country. Outside of Arkansas Duane serves on the Southwest Power Pool Members’ Committee and serves as co-chair of the Electric Subsector Coordinating Council, partnering with cabinet-level administration officials on improving electric system resiliency and providing testimony before the U.S. House and Senate regarding security of the grid. Along with the electric cooperatives of Arkansas he is working to bring electricity to unserved families in Guatemala and Bolivia.

http://linkedin.com/in/Highley

Speaker Biographies


Marc Sachs Sr. Vice President & Chief Security Officer, NERC LinkedIn: https://www.linkedin.com/in/marcsachs Twitter: https://twitter.com/MarcusSachs (@marcussachs) Email: [email protected]

Marcus Sachs is the Senior Vice President and Chief Security Officer of the North American Electric Reliability Corporation in Washington, D.C. where he is responsible for the oversight of the Electricity Information Sharing and Analysis Center (E-ISAC), and for directing security risk assessment and mitigation initiatives to protect critical electricity infrastructure across North America. He leads day-to-day coordination with governmental agencies and stakeholders for analysis, response, and dissemination of critical information regarding security threats and events.

Marc’s professional experience includes a distinguished 20-year military career in the United States Army, two years of federal civilian service at the White House and the Department of Homeland Security, and over thirteen years as an executive in the private sector. He has appeared on several domestic and foreign television and radio networks as a computer security expert, has testified before the United States Congress, and is frequently quoted by on-line and printed media.

Marc retired from the United States Army in 2002 after serving over 20 years as a Corps of Engineers and systems automation officer. He specialized during the latter half of his career in computer network operations, tactical communication systems, and the application of information technology to the defense environment. In 1998, he was selected by the Secretary of Defense to serve with the Defense Department's Joint Task Force for Computer Network Defense, a small organization created to defend the DoD's computer networks from foreign intrusions.

In January 2002 Marc was appointed by the President to serve concurrently on the staff of the National Security Council as the Director for Communication Infrastructure Protection in the White House Office of Cyberspace Security, and on the staff of the President's Critical Infrastructure Protection Board. The Board was created in October 2001 to coordinate critical infrastructure protection issues across all US federal agencies in partnership with the industry sectors. In May 2003 Marc joined the National Cyber Security Division of the US Department of Homeland Security, where he was responsible for developing the implementation plan for the National Strategy to Secure Cyberspace.

Prior to joining NERC, Marc was the Vice President for National Security Policy at Verizon in Washington, D.C. where he represented Verizon in national security and emergency preparedness (NS/EP) coordination with Obama administration officials, the United States Congress, and the security industry.

Marc holds degrees in Civil Engineering, Science and Technology Commercialization, Computer Science, and is “All But Dissertation” on a Ph.D. in Public Policy. He is a registered Professional Engineer in the Commonwealth of Virginia.

https://www.linkedin.com/in/marcsachs

https://twitter.com/MarcusSachs


Speaker Biographies


Robert Lee Chief Executive Officer, Dragos, Inc. Twitter: @RobertMLee Email: [email protected]

Robert M. Lee is the founder and CEO of Dragos, Inc. He gained his start in the U.S. Intelligence Community where he established a first-of-its-kind mission to identify and analyze nation-state cyber-attacks on industrial infrastructure. Robert has performed offense, defense, and intelligence based missions in the U.S. government and is also a non-resident National Cyber Security Fellow at the DC-based think tank, New America, focusing on policy issues related to critical infrastructure security.

John Hochevar Information Security Officer, American Transmission Company MRO Security Advisor Council Member LinkedIn: linkedin.com/in/johnhochevar Email: [email protected]

As the Information Security Officer at American Transmission Company, John is responsible for the organization’s overall security strategy, identifying ways to align activities across cybersecurity, information security, operational security, and physical security. He holds a Bachelors of Management of Information Systems degree and Masters of Business Administration degree from the University of Wisconsin-Milwaukee. John is a MRO Security Advisory Council Member and a Critical Infrastructure Protection Committee alternate member for the MRO Region.


https://www.linkedin.com/in/johnhochevar

Conference Organizers


Mike Kraft Basin Electric Power Cooperative

MRO SAC Chair MRO NERC CIPC Representative, Alternate

Tim Anderson

Dairyland Power Cooperative MRO SAC Vice Chair

Stephen Brown

Xcel Energy MRO SAC Member

John Hochevar

American Transmission Company, LLC MRO SAC Member

MRO NERC CIPC Representative, Alternate

Jodi Jensen Western Area Power Administration

MRO SAC Member

Brian Kollmansberger Alliant Energy

MRO SAC Member

Warren LaPlante Minnesota Power Company

MRO SAC Member

Tyler Stinson Xcel Energy

MRO SAC Member

Marc Child Great River Energy

MRO NERC CIPC Representative

Paul Crist Lincoln Electric System

MRO NERC CIPC Representative

Damon Ounsworth Saskatchewan Power Corporation MRO NERC CIPC Representative

Armin Boschmann Manitoba Hydro

MRO NERC CIPC Representative, Alternate

Richard Burt VP Risk Assessment, Mitigation and Standards

Midwest Reliability Organization

Steen Fjalstad Security and Mitigation Principal Midwest Reliability Organization

Dana Klem

Standards, Certification and Registration Administrator


Chris Adam Administrative Meeting Coordinator


Lisa Stellmaker Operations Administrator and Office Manager


Desirée Sawyer Compliance Administrator


Thank You!


Thank you all for attending the MRO 2017 Security Conference! Your feedback is very important to MRO.

Please remember to fill out a feedback form and place it in the box on the registration table.