Several Scenes from EnergySec Summit 2013

Click for much Gibber ... I mean, bigger

Was in Denver not far from flooded Boulder last week at the 9th annual EnergySec Summit ... my first.  I'm sure we'll be seeing more articles and posts from EnergySec scribes and some of the other 150 or so attendees soon, but wanted to get my observations out.

I missed a number of presentations due to a mid day arrival on Wednesday and missed a few others to field a few intermittent phone calls, but got to hear most of them (my apologies to speakers not covered below).

First off, Patrick Miller and Steve Parker, EnergySec Presidents past and present, were both outstanding ringmasters and herders of wandering speakers.

Cybersecurity Workforce Developers Need You, Part Deux

Yes we can. The following is number 2 in a series of 2 un-paid public service announcements from what remains one of my favorite organizations. It begins, as it did the first time on March 2, thusly:

Power industry security stakeholders (if you read this blog, that means you!),

The National Board of Information Security Examiners (NBISE) is partnering with the Pacific Northwest National Laboratory to contribute to the development of the U.S. cybersecurity workforce. Toward this effort, a utility SME panel has mapped power system cybersecurity job responsibilities to the objectives of two workforce frameworks (NICE and ES-C2M2), the domains of training/education programs, and the objectives of key certifications. 

Cybersecurity Workforce Developers Need You !!!

The following is an un-paid public service announcement from one of my favorite organizations (note: while this is intended for US-based cybersecurity professionals,  there's a lot to learn, and a lot of similar tasks that need to be accomplished, if you live and/or do your work in other regions):

Power industry security stakeholders!

The National Board of Information Security Examiners (NBISE) is partnering with the Pacific Northwest National Laboratory to contribute to the development of the U.S. cybersecurity workforce. Toward this effort, a utility SME panel has mapped power system cybersecurity job responsibilities to the objectives of two workforce frameworks (NICE and ES-C2M2), the domains of training/education programs, and the objectives of key certifications.

Fifteen Minutes for a Better Grid Security Workforce

Not too long I ago we posted on the NBISE effort to build a better security professional for critical infrastructure sectors like ours. A lot of work (especially ground work) has been done since then and now NBISE is ready to take it up a notch, with broader input from the wider world ... including potentially: you.

Check this out:

The National Board of Information Security Examiners (NBISE) is partnering with the Pacific Northwest National Laboratory to contribute to the development of the U.S. cybersecurity workforce by developing a detailed Job Performance Model (JPM) for Smart Grid cybersecurity personnel in the functional areas of security operations, intrusion analysis, and incident response.

NBISE and PNNL manage the Smart Grid Cybersecurity (SGC) Panel, which oversees and contributes to the Department of Energy’s efforts to develop a job competency model and assessment focused on the job responsibilities and unique skill set of Smart Grid cybersecurity specialists. This SGC survey seeks to determine the critical cybersecurity job tasks in the Smart Grid environment.

This survey is an important step towards the development of a job performance model for cybersecurity roles necessary to secure and protect the Smart Grid. If your expertise and experience is related to security operations, intrusion analysis, and/or incident response, then this survey is for.  Details: 

• The survey will require approximately 15 minutes 

• You may participate in this survey using any web browser and will require no special software 

• This survey is anonymous. The record kept of your survey responses does not contain any identifying information about you unless a specific question in the survey has asked for this. If you have responded to a survey that used an identifying token to allow you to access the survey, you can rest assured that the identifying token is not kept with your responses. It is managed in a separate database, and will only be updated to indicate that you have (or haven't) completed this survey. There is no way of matching identification tokens with survey responses in this survey.

Got it? Ready? Well here you go ... 

TO PARTICIPATE IN THIS SURVEY, PLEASE CLICK HERE.

For further information regarding the Smart Grid Cybersecurity Panel Job Analysis Questionnaire, please click HERE.  Additional information on NBISE and its Job Performance Methodology may be obtained by clicking HERE.

Photo credit: Dave Stokes on Flickr.com

Help Build the Cybersecurity Workforce the Electric Sector Needs Now

So reports of successful attacks in every geography and sector just keep coming and you wonder whether our increasingly connected industry is going to survive the cyber deluge, what with aging infrastructure, aging people, and fraying nerves.

Well, some highly motivated people, unhappy with the status quo, are organizing a response and now you and your org can be play an important part. The National Bureau of Information Security Examiners (NBISE) in conjunction with DOE's Pacific Northwest National Lab are building .. (their words now):

.... a detailed Job Performance Model (JPM) for Smart Grid cybersecurity personnel in the functional areas of security operations, intrusion analysis, and incident response. We are currently in the process of identifying organizations to assist in the distribution of a Job Analysis Questionnaire (JAQ) devised in collaboration with a team of 30 senior cybersecurity professionals from stakeholder organizations involved in the development, deployment, and maintenance of the Smart Grid. This is an important effort to gather the experience of existing cybersecurity professionals from the industry.

I've played a small part in some of the early work and can attest these folks really have their act together.

So don't just sit there. The JAQ is coming Jan 25th and that's a little less than a week away. Click HERE for an excellent 10 slide overview, and please consider adding your expertise, as well as the heavy duty cybersecurity SMEs you're lucky enough to work with, to the team.