EFCOG Cybersecurity Working Group

Virtual Workshop 2020

October 27-29, 2020

The Energy Facilities Contractors Group (EFCOG) Cybersecurity Working Group Virtual Workshop will explore Cybersecurity topics such as reducing risk for remote work environments; cyber resilience; and tools, practices, guidance, and recommendations for compliance.

Virtual Panel Presentations

Virtual panel presentations will be scheduled for morning and afternoon sessions with an assigned moderator and Q&A capabilities for engagement and participation.  Sessions will be recorded for posting on this meeting collaboration site to allow attendees who were unable to attend at the designated time to log in and view the session.

Virtual Discussion Forums

After the virtual panels end, the recorded sessions will be posted in the virtual discussion forum to facilitate additional discussions to continue and allow for those who missed a panel to view.  Logged in users will be able to view and participate in the discussion forum.

Virtual Vendor Hall

Virtual vendor booths for leading technology vendors will be located in the virtual vendor hall for registered attendees to meet with vendors, view products, and collaborate.  Times for the scheduled vendor hall will be posted in the schedule area.

Cyber Awareness & Training

We are pleased to deliver training provided by InfoSec each business day beginning October 1 in honor of Cybersecurity Awareness Month.  There will be several opportunities to earn CEU hours in the Virtual Training Center and during the Workshop. The Virtual Training Center will provide shareable content to promote Cybersecurity Awareness, such as Posters, videos, and whitepapers, as well as training opportunities.

Featured Talks & Speakers 

(Speaking Engagement Pending Agency Approval) 
Mr. Emery Csulak is the Principal Deputy Chief Information Officer at the Department of Energy (DOE) where he works with the CIO to oversee the Department’s information technology (IT) portfolio, serves as an advisor to the CIO, and will lead the digital transformation of the Department of Energy for the CIO’s office. Prior to this role, he was the Deputy CIO for Cybersecurity and CISO for DOE. He led the integrated Joint Cybersecurity Coordination Center (iJC3) and the DOE Big Data Platform (BDP) for ensuring enterprise operational visibility, analytics, and threat hunting. He managed the cybersecurity strategy, policy, and oversight of $1.5B annual IT investment.

Mr. Emery Csulak,  Department of Energy, Principal Deputy Chief Information Officer

Tuesday, October 27th, 8:45 a.m. Eastern Time (Pending Agency Approval)

Dr. Ron Ross, NIST

Wednesday, October 28th, 8:30 a.m. Eastern Time

Ron Ross is a Fellow at the National Institute of Standards and Technology. His focus areas include cybersecurity, systems security engineering, and risk management. Dr. Ross leads the Federal Information Security Modernization Act (FISMA) Implementation Project, which includes the development of security standards and guidelines for the federal government, contractors, and the United States critical infrastructure. His publications include Federal Information Processing Standards (FIPS) 199, FIPS 200, NIST Special Publication (SP) 800-39, SP 800-53, SP 800-53A, SP 800-37, SP 800-30, SP 800-160 Volumes 1 and 2, SP 800-171, and SP 800-171A. Dr. Ross leads the Joint Task Force, an interagency group that includes the Department of Defense, Office of the Director National Intelligence, U.S. Intelligence Community, and the Committee on National Security Systems, with responsibility for developing a Unified Information Security Framework for the federal government and its contractors.

Ms. Katie Arrington will discuss CMMC program requirements for Department of Defense contracts. Ms. Arrington previous served in the South Carolina House of Representatives from the 94th district from 2017 to 2019. As the cyber lead and programmatic analytic advisor for strategic cyber programs, Ms. Arrington is responsible for conducting analysis within the major defense acquisition program portfolio and across the Department of Defense. She also meets with key Cyber personnel (across both DoD and Federal Agencies) as well as legislators to ensure that changes made in the National Defense Authorization Act (NDAA) support reaching the goals of decreased spending and increased compliance with current and future standards. CMMC will revolutionize the DOD Supply Chain’s cybersecurity and its effects and capabilities will enhance our nation’s security, and in the future how other agencies deal with their supply chain.

Katie Arrington,  Department of Defense, Chief Information Security Officer in the Office of the Undersecretary of Defense for Acquisition

Tuesday, October 27th, 11:00 a.m. Eastern Time

Dr. David Flanigan, John Hopkins University Applied Physics Laboratory

Thursday, October 29th, 9:35 a.m. Eastern Time

Dr. David Flanigan has worked at the Johns Hopkins University Applied Physics Laboratory for 21 years, and supports multiple government sponsors in the early stage systems engineering phases of development. In this position, he often works within an integrated product team structure with government, industry, and academia organizations to plan and execute analytical studies in support of advanced concepts and integrated acquisition strategies.

Dr. Flanigan will demonstrate a process has been developed to analyze the cybersecurity of Facility-Related Control Systems (FRCS) to assist in evaluating the cybersecurity posture of facilities that depend on control systems to perform their mission. This was developed to assess critical infrastructure operations for various government organizations. The process is described using an illustrative example.

Mr. Joe Maurio is a senior professional staff and chief scientist of the Critical Infrastructure Protection Group in the Asymmetric Operations Sector of the Johns Hopkins University Applied Physics Lab. Mr. Maurio has been the principal investigator on multiple internal research projects in developing innovative technologies for resilient cyber physical systems. Prior to joining APL, Mr. Maurio was a fellow electrical engineer at Northrop Grumman Corporation. He received his bachelor’s and master’s degrees in Electrical Engineering from the Pennsylvania State University. He is the recipient of eight US patents.

Mr. Maurio will demonstrate KAIROS: An Autonomic Approach to Industrial Control Systems. Today’s industrial control systems require many trained professionals to manage, control, maintain and secure. Additionally, these systems are often not able to respond to threats and failures that were not conceived of at design time. KAIROS was devised to create a self-aware system that is highly resilient to attacks and failures with adaptive responses and defenses superior to today’s systems. It is a distributed, real-time framework that utilizes software containers to encapsulate individual microservices comprising a control system application and utilizes autonomic control principles (self-configuring, -healing, -optimizing, -protecting) to continuously adapt and respond to changing operating conditions and threats.

Mr. Joe Maurio, John Hopkins University Applied Physics Laboratory

Thursday, October 29th, 10:40 a.m. Eastern Time

Mr. James Schaffter, John Hopkins University Applied Physics Laboratory

Thursday, October 29th, 9:35 a.m. Eastern Time

James Schaffter is a Cybersecurity Engineer at the Applied Physics Laboratory and a Doctor of Engineering Student at the Johns Hopkins University. His research interests include cyber-physical system security, virtualization, fog computing, and penetration testing. James received his M.S. from JHU’s information security institute where he completed his capstone project involving a security analysis of wireless smart-meter systems.

Mr. Schaffter will demonstrate Mitigating Incidents with Mock Industrial Control Systems (MIMICS). Industrial control systems (ICS) are fundamentally reliant upon programmable logic controllers (PLCs). PLCs are ruggedized, imbedded, real-time computers which run programmed logic. Additionally, PLCs have the ability to interact with physical control processes by reading and generating analog and discrete electrical signals. These logic-driven signals control the components which comprise the ICS. MIMICS utilizes virtualized programmable logic controllers to respond and recover from cyber-attack, faulty behavior, and physical damage. MIMICS can concurrently run multiple virtualized programmable logic controllers which execute an IEC standard of ladder logic or structured text files. These virtual PLCs are able to interface with physical control systems through the use of analog input/output cards. As a result, a compromised industrial controller can be quarantined, its equivalent logic and networking configuration can be orchestrated and brought up on MIMICS, and any remaining physical controllers will continue to interact with the newly instantiated PLC instance. The result is the equivalent logic now running on a newly instantiated, comparatively more secure platform thus recovering from incident and altering the attack surface of the affected industrial control system.

Dr. Russell “Russ” Fink has worked at APL for 16 years as a cybersecurity researcher. He has expertise in trusted computing solutions such as the Trusted Platform Module and Opal self-encrypting hard drives, as well as privacy preserving computations including homomorphic encryption for machine learning applications. Dr. Fink received his Ph.D. from UMBC, where he completed his dissertation on secure electronic election systems.

Dr. Russell Fink will demonstrate the Advanced Resilience against Malware / Ransomware (ARMR). Ransomware poses a significant threat against our critical infrastructure systems. Current mitigations require costly remediation as well as fast network connections, knowledge of the specific ransomware, or reprovisioning from media, none of which are suited to recovering critical infrastructure deployments. The Johns Hopkins University / Applied Physics Laboratory (APL) has developed a hardened, automatic, secure local backup solution that uses commercially available, hardware-based security to ensure that systems can always recover from crippling attacks. We will present the design, discuss one use case, and demonstrate how we recover from real ransomware.

Dr. Russell Fink, John Hopkins University Applied Physics Laboratory

Thursday, October 29th, 9:35 a.m. Eastern Time

Mr. Robert Lee, Chief Executive Officer and Founder of Dragos

Tuesday, October 27th, 1:00 p.m. Eastern Time

Mr. Robert M. Lee will provide a security training brief on industrial control system security. Mr. Lee is a recognized pioneer in the industrial security incident response and threat intelligence community. He gained his start in security as a U.S. Air Force Cyber Warfare Operations Officer tasked to the National Security Agency where he built a first-of-its-kind mission identifying and analyzing national threats to industrial infrastructure. He went on to build the industrial community’s first dedicated monitoring and incident response class at the SANS Institute (ICS515) and the industry recognized cyber threat intelligence course (FOR578). Robert helped lead the investigation into the 2015 cyber attack on Ukraine’s power grid, he and his team at Dragos helped identify and analyze the CRASHOVERRIDE malware that attacked Ukraine’s grid in 2016 and the TRISIS malware deployed against an industrial safety system in the Middle East in 2017.

Our Vendors