THE METHOD

Most of the architectural and functional design for a given communications project has already been done for us through a myriad of applicable standards, (e.g. IETF, IEEE, ISA/IEC, CISA, NIST, INL CIE/CCE, HIPAA, PCI, CMMI/C, C2/M2, NERC, ISACA, ISC2, SANS, COBIT, ITIL, PMI PMBOK, and ISO).

With this over-abundance of guidance advising us, secure critical infrastructure data network design/build projects and their successful operation have the potential to self-define, if we let them. To elevate the prospect of creating a sustainable data communications system from a desired outcome to a certainty, remember…


'Follow the spec. so your data communications systems won't be a wreck.'


(…and be ever defending against the relentless onslaught of our seasoned adversary, Entropy.)




KNOWLEDGE SHARING and PROFESSIONAL CONTRIBUTIONS


Typical technology consultancies engage just long enough to solve an immediate issue or deliver a design…then collect the fee. At that point it's up to the owner/operator to keep things going.

For critical infrastructure this type of delivery is not an acceptable approach. Active knowledge-sharing of applied methods required for solutions sustainment is essential to ensure effective operations processes are in place AFTER the engagement is completed. Contributions in this section represent this philosophy.


Presenter, LinkedIn Live Event Co-creator and presenter for live cybersecurity discussion, 'Cybersecurity Resilience: Strategies for Water and Grid Infrastructure'. Discussion focused on steps to establishing long-term cyber posture enhancement through established frameworks and latest thinking regarding the importance of People and Process - COMPLETED 4th Qtr 2023

Interview Authority Magazine, Medium.com, 'Ransomware Attacks - 5 Things You Need To Do To Protect Yourself Or Your Business' - Published 1st Qtr 2022

Contributor Author 'Digitization at the Heart of Cybersecurity, Asset Management'. Black & Veatch Insights Group Electric Report - Published 1st Qtr 2022

Author IEEE Monthly Bulletin, 'Ransomware: A Change Would Do Us Good'. Short article promoting a change in approach to classic reliance on cybersecurity hygiene approaches to defense. The article suggests that network architecture, people and process aspects are equally important and should be emphasized in Cyber Attack For Ransom (CAFR) event response in utility OT environments - Published 4th Qtr 2022

Co-author and Presenter Distributech International - 'Practical Protections to Combat Rising Ransomware'. A joint industry customer/consultant presentation showing how concepts such as the Idaho National Laboratories (INL) Consequence-Driven Cyber-Informed Engineering (CCE) framework, combined with proper packet network architecture help define a more robust response to Cyber Attack for Ransom (CAFR) events COMPLETED 1st Qtr 2023

Author 'How to Build Your Gameplay in the Fight Against Utility Ransomware' - short article reviewing core principles or 'pillars' for establishing an effective response plan to ransomware attacks. The intent is for utility operations leaders to focus efforts on essential categories of capabilities yielding the best chance of continued operation and service delivery within the context of a CAFR event - COMPLETED 2nd Qtr 2023

Certified Trainer Course, Idaho National Labs Consequence-Driven Cyber-Informed Engineering Through in-person Accelerate Training, acquired knowledge to support investigating and assessing customer OT security postures utilizing newly released cybersecurity vulnerability assessment methodology for critical infrastructure. Evaluate possible efficacy, practicality of implementation of principles and any replication and/or enhancements of other established cyber assessment and protection approaches - September 2021

Contributing SME for Industry Standards Development
NERC CIP Critical Infrastructure Protection Committee (CIPC), participant for committee on Supply Chain Security. Formed to help North American Electric Reliability Corporation (NERC) advance the physical and cyber security of the critical electricity infrastructure of North America. The committee consists of both NERC-appointed regional representatives and technical subject matter experts - 2020/2021

Contributor/Co-presenter Utilities Technology Conference Speaker (UTC), Ransomware Planning Presentation – Joint presentation with customer to demonstrate methods and requirements used for establishing planned technical responses to a CAFR (Cyber Attack For Ransom) event, without paying ransom, Portland, OR, August 2021

Contributing Author/Developer, Strategy Engine
Assist in creation of model for support of critical infrastructure Telecom Network Master Planning activities. Provides repeatable process for creation, tracking and evaluation of infrastructure and security project Key Performance Indicators (KPI's) and technical project Key Objectives (KO's). Co-developed with an electric utility customer and made compatible with existing best-practice network/security infrastructure assessment, and implementation execution processes, e.g., PAADIO - May, 2020

Co-Author and Co-Presenter
'Low Impact Asset Assessment and Protections - Case Study', refined case-study examination of a successful NERC CIP Low Impact inventory and qualification-assessment involving 80 locations across a state, and thousands of devices. Work included implementation of over 40 industrial firewalls at select field locations, national North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) Committee meeting, Minneapolis, MN - September 2018

Requested Reviewer
'Energy Sector Asset Management for Electric Utilities, Oil and Gas Industry', National Institute of Standards and Technology (NIST) National Cybersecurity Center of Excellence (NCCoE) pre-publication release for public comment working draft - December 2017, Published 2018

Contributor Industry Standards
National Institute of Standards and Technology (NIST), National Cybersecurity Center of Excellence Partnership (NCEP), promoting mutual cooperation for collaboration to enhance trust in U.S. IT communications, data, and storage systems, lower risk for companies and individuals in the use of IT systems, and encourage development of innovative, job-creating cybersecurity products and services

Project Execution Process Co-developer and Custodian
I.T. and O.T. project planning, design and implementation process, 'PAADIO' Methodology builds upon ISO, PMI, Carnegie Mellon and other world-class contributors for promoting value-engineering project planning and execution, including CMMI principles and CAPEX / OPEX predictor inputs

Network Coursework Co-developer and Custodian
Customer-facing IP modernization education workshops, providing information and training on proven network and cybersecurity project and technology practices with practical fit, function and organizational impact perspectives. Assists business operations teams in developing their strategic telecommunications plans, execution and sustainment efforts

Invited Panelist
– Utilities Technology Council National Meeting, Security Summit, 'Mission Critical Security - Getting it Secure, Keeping it Secure', Charlotte, North Carolina - May 2017

Invited Panelist
North American Electric Reliability Corporation ("NERC") GridSecCon, NIST National Cybersecurity Center of Excellence (NCCoE), Cybersecurity Portfolio and Framework panel member, w/Utilities Technologies Council, Quebec City, CAN - October 2016

Organizer/Moderator
Joint review and comment forum for Special Publication 1800-2 Identity Access Management for Electric Utilities: Utilities Technologies Council (UTC), Customer Representation, Black & Veatch with IEEE contributor, MITRE representing NIST National Cybersecurity Center of Excellence Overland Park, KS - March 2016

Invited Panelist
– North American Reliability Corporation, Critical Infrastructure Protection, NERC CIP, 'Practical Implementations and Beyond', Utilities Telecom Council, US National Conference, Denver, Colorado - May 2016

Official Reviewer
– National Institute of Standards and Technology (NIST) National Cybersecurity Center of Excellence (NCCoE) SP 1800-2 - Identity and Access Management Practice Guide for Electric Utilities, WERB Draft - February 2016

Contributor/Co-presenter
'NERC Critical Infrastructure Protection (CIP) v5/6 Transitions', UTC Region 6 Meeting, Overland Park, KS - April 2016

Participant
NIST National Cyber Security Center of Excellence - Energy Provider Community, Situational Awareness Case Studies Review and Prioritization - 2015

Contributor/Co-presenter
Building a Practical Cyber Security Practice', Utility Telecom Council, Region 6, Overland Park, KS - March 2015

Participant
NIST National Cyber Security Center of Excellence - Energy Provider Community, Identity Access Management Case Studies - 2015

Author and Presenter
‘Practical IT/OT Convergence for Utility Networks’, UTC Canada National Conference, Calgary - September 2014

Invited Panelist/Presenter
– ‘Smart Grid Convergence Using Multi-protocol Label Switching (MPLS)’, UTC National Conference, Orlando, Florida - May 2012

Author and Presenter'Foundations for MPLS VPN’s’, UTC Region 4, Indianapolis, IN - October 2012

Invited Panelist/Presenter
'Network Infrastructure, Kansas Legislative Systems Strategic Plan (e-Democracy Strategies)', United States House of Representatives Executive Staff briefing, Topeka KS - December 2008

This site uses no tracking mechanisms of any kind - your privacy matters!