AEP Enterprise Security Program Overview - June 2021 Update

Slide Note
Embed
Share

In the June 2021 update for the Kentucky Interim Committee on Natural Resources and Energy, American Electric Power (AEP) addresses recent ransomware events, their security program updates, and details about their enterprise security measures. AEP, one of the largest electric utilities in the U.S., serves millions of customers across multiple states and boasts a robust security infrastructure to manage cyber risks effectively, including a 24x7 Cyber Intelligence Response Center. The company's pandemic security risk management strategies ensure uninterrupted security operations amid changing work practices caused by COVID-19.

aubriella
aubriella Follow

Uploaded on Jul 13, 2024 | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

E N D

Presentation Transcript

  1. AMERICAN ELECTRIC POWER ENTERPRISE SECURITY PROGRAM June 2021 UPDATE FOR KENTUCKY INTERIM COMMITTEE ON NATURAL RESOURCES AND ENERGY

  2. RECENT EVENT: COLONIAL PIPELINE RANSOMWARE DarkSide RansomwareAttack Saturday May 8, 2021 Reports of Colonial Pipeline ransomware event began appearing Colonial and Government reporting - only IT systems and network impacted, Pipeline shutdown was precautionary Nearly 100GB of data ex-filtrated prior to launch of encrypting ransomware threat of public data release 2. ENTERPRISE SECURITY PROGRAM UPDATE

  3. DARKSIDE RANSOMWARE - Not targetingEnergy Source: BAE SYSTEMS INTEL 2021-05-10 3. ENTERPRISE SECURITY PROGRAM UPDATE

  4. WHO IS AEP? AEP is one of the largest electric utilitiesin the U.S., serving nearly 5.4 million customers in 11 states, with the nations largest TransmissionNetwork Revenues: Assets: Employees: $15.6 billion $79 billion Approximately 18,000 Service Territory: More than 200,000 squaremiles More than 40,000 miles Miles of transmission lines: Nations largest 765kvnetwork Miles of distribution lines: Approximately 221,000 miles Generating capacity: Approximately 24,000 megawatts

  5. AEP ENTERPRISE SECURITY Responsible for all Operating Companies, BU s, IT/OT andNuclear Approx. 195 FTE s 20 Physical 20Aviation 155 Cyber 200 Contract Guards 5. ENTERPRISE SECURITY PROGRAM UPDATE

  6. AEP SECURITY RISK BULLSEYE Key Takeaway AEP Security Risk is continually evaluated through a variety of efforts Maturity assessments from EY, Lockheed & Cyber Insurance Future assessment from DOE or DHS 6. ENTERPRISE SECURITY

  7. AEP 24X7 CYBER INTELLIGENCE RESPONSE CENTER Established 2005 Key Takeaway AEP is managing cyber risk 24x7x365 7. ENTERPRISE SECURITY

  8. PANDEMIC SECURITY RISK MGMT Key Takeaway COVID- 19 change in work practices has not impacted AEP s Security Cyber Team is operating 100% remote - full mitigation, monitoring &response Physical Security continues to staff 24x7 Monitoring and FieldInvestigations User Activity / Connectivity All user activity from home is routed into AEP through secure communications. Allowing full security capabilities. Good, stable & secure connectivity provided by AEP Telecommunications and InformationTechnology No significant change in threat countries targeting AEP. Email & Text/SMS Phishing and Malware Activity COVID-19 crisis has created further opportunities for state-sponsored cyber actors to perform cyber espionageoperations AEP monitoring and controls are performing as expected 8. ENTERPRISE SECURITY PROGRAM UPDATE

  9. NERC CRITICAL INFRASTRUCTURE PROTECTION (CIP) STANDARDS MANDATORY COMPLIANCE SINCE 2007 These standards address the security of cyber assets that are critical to the operation of the North American electricity grid. CIP-008 Cyber Security Incident Reporting and Response Planning CIP-002 BES Cyber System Categorization CIP-009 Recovery Plans for BES Cyber Systems CIP-003 Cyber Security Management Controls CIP-010 Configuration Change Management and Vulnerability Assessments CIP-004 Security - Personnel & Training CIP-005 Cyber Electronic Security Perimeter(s) CIP-011 Information Protection CIP-006 Physical Security of BES Cyber Systems CIP-013 Supply Chain Risk Management CIP-007 Cyber System Security Management CIP-014 Physical Security 9. ENTERPRISE SECURITY PROGRAM UPDATE

  10. APPENDIX 10. ENTERPRISE SECURITY PROGRAM UPDATE

  11. Key Takeaway AEP Security aligns with industrystandards across Projects, Policies and even operational areas like Incident Response. NIST framework can be mapped to other existing frameworks which AEP Security also aligns AEP NIST FRAMEWORK Discussion AEP Incident Response Mapping to NIST AEP Policies & Standards Mapping to NIST National I Standards Technology (NIST) Cybersecurity Framework industry standards and best practices to help organizations manage their cybersecurity risks 11. ENTERPRISE SECURITY PROGRAM UPDATE

  12. Key Takeaway A2V is well received by industry FORTRESS/AEP A2V TPRG A2V (Asset to Vendor) Update Third Party Risk Service Offering Facilitates CIP 013 compliance All vendors are Risk Ranked Assess vendor security Scan software provided by vendors Communication to vendors 12. ENTERPRISE SECURITY PROGRAM UPDATE

Related


Understanding Supplier Diversity: Grange Enterprise Program

Understanding Supplier Diversity: Grange Enterprise Program

lorcan
Overview of VA Research Support Division Program

Overview of VA Research Support Division Program

ariyah
Understanding the Roles of a Security Partner

Understanding the Roles of a Security Partner

zaara
Addressing Contemporary Challenges in Research Security Program Development

Addressing Contemporary Challenges in Research Security Program Development

plum
Understanding the Role of Security Champions in Organizations

Understanding the Role of Security Champions in Organizations

irvin
Observing Optimization of IEEE 802.11be Release 1 for Enterprise AP Use Cases

Observing Optimization of IEEE 802.11be Release 1 for Enterprise AP Use Cases

beauden
Understanding Security Management in an ICT Environment

Understanding Security Management in an ICT Environment

truett
Update on DoD Travel Card Program by Alec Cloyd, Chief of Travel Operations at DTMO

Update on DoD Travel Card Program by Alec Cloyd, Chief of Travel Operations at DTMO

rheya
Presentation and Discussion on Chairs' Conclusions - SOM2, 14 December 2021

Presentation and Discussion on Chairs' Conclusions - SOM2, 14 December 2021

rusty
Enterprise Zambia Challenge Fund - Supporting Sustainable Agriculture

Enterprise Zambia Challenge Fund - Supporting Sustainable Agriculture

draco
Establishing a Storm Water Enterprise Fund in Groton: A Solution for Regulatory Compliance

Establishing a Storm Water Enterprise Fund in Groton: A Solution for Regulatory Compliance

celine
National Industrial Security Program Policy Updates April 2021

National Industrial Security Program Policy Updates April 2021

kaliyah
Overview of Social Security and Health Care System in Turkey

Overview of Social Security and Health Care System in Turkey

violeta
Update to Aerodrome Reports and Forecasts: A Users Handbook to the Codes (WMO-No. 782) - SERCOM-3 Session

Update to Aerodrome Reports and Forecasts: A Users Handbook to the Codes (WMO-No. 782) - SERCOM-3 Session

desmond
Organizational Structure Overview of HSE and Security Functions

Organizational Structure Overview of HSE and Security Functions

achilles
Airport Emergency Preparedness for Commercial Services

Airport Emergency Preparedness for Commercial Services

reva
BCA 601(N): Computer Network Security

BCA 601(N): Computer Network Security

danna
Enhancing Security Definitions for Functional Encryption

Enhancing Security Definitions for Functional Encryption

kalila
International Approaches to Enhance Nuclear Safety and Security

International Approaches to Enhance Nuclear Safety and Security

mazarine
TSA Updates on Security Training Rule for OTRB Companies

TSA Updates on Security Training Rule for OTRB Companies

aziza
Evolving Security Practices in DevOps: A Holistic Approach

Evolving Security Practices in DevOps: A Holistic Approach

madisyn
Certification and Training in Information Security

Certification and Training in Information Security

buck
Understanding Security Onion: Network Security Monitoring Tools

Understanding Security Onion: Network Security Monitoring Tools

sadhbh
Understanding Transport Layer Security (TLS)

Understanding Transport Layer Security (TLS)

amabel

More Related Content

Symbolic Representation of Azure Cloud Enterprise Services
Symbolic Representation of Azure Cloud Enterprise Services
National Small Enterprise Amendment Bill
National Small Enterprise Amendment Bill
Empowering NNSA Cyber Professionals Through Enterprise Tools and Data Analytics
Empowering NNSA Cyber Professionals Through Enterprise Tools and Data Analytics
Introduction to Enterprise Databases for GIS Professionals
Introduction to Enterprise Databases for GIS Professionals
Governance for Digital Solutions and Enterprise Architecture Review
Governance for Digital Solutions and Enterprise Architecture Review
Understanding Irish Enterprise Policy and Development Challenges
Understanding Irish Enterprise Policy and Development Challenges
Understanding Enterprise: Types and Impact on Society
Understanding Enterprise: Types and Impact on Society
SANBS Enterprise & Supplier Development Program Overview
SANBS Enterprise & Supplier Development Program Overview
Clinical Update: 2021 AHA/ASA Guideline for Stroke Prevention
Clinical Update: 2021 AHA/ASA Guideline for Stroke Prevention
Exciting Adventure at PGL Osmington Bay - June 7th to June 10th, 2023
Exciting Adventure at PGL Osmington Bay - June 7th to June 10th, 2023
California Serves Grant Program Request for Applications - Webinar Summary
California Serves Grant Program Request for Applications - Webinar Summary
TEXAS DEPARTMENT OF INFORMATION RESOURCES
TEXAS DEPARTMENT OF INFORMATION RESOURCES
Employee Health Update and Risk Factors Overview by 30th June 2023
Employee Health Update and Risk Factors Overview by 30th June 2023
Understanding LXI Network Security in Industrial Environments
Understanding LXI Network Security in Industrial Environments
Enterprise Software Solutions Lab Pvt Ltd Drop Bolt Lock Project Proposal
Enterprise Software Solutions Lab Pvt Ltd Drop Bolt Lock Project Proposal
Understanding Enterprise Resource Planning (ERP) Systems
Understanding Enterprise Resource Planning (ERP) Systems
Food Security and Nutrition Monitoring Survey Round 22 Trends
Food Security and Nutrition Monitoring Survey Round 22 Trends
Tshwane University of Technology Enterprise Holdings Report
Tshwane University of Technology Enterprise Holdings Report
Building Resilience and Changing Lives: Citizen Security and Justice Programme III
Building Resilience and Changing Lives: Citizen Security and Justice Programme III
Building Enterprise Information Technology and Mission Systems
Building Enterprise Information Technology and Mission Systems
ERCOT Passport Program Update and EMS/RTC Bifurcation Summary
ERCOT Passport Program Update and EMS/RTC Bifurcation Summary
WildCAD-E (WildCAD Enterprise) Development Update
WildCAD-E (WildCAD Enterprise) Development Update
European Strategy Update: Progress and Future Plans for DUNE Collaboration
European Strategy Update: Progress and Future Plans for DUNE Collaboration
2021 DME Manual Update Overview: Accessibility and Mobility Supports
2021 DME Manual Update Overview: Accessibility and Mobility Supports