​MRO Security Advisory Council-sponsored webinars are listed below. Click the webinar link to access detailed information about the event.  
  
  
Notes
8/12/2020Extremist Groups: A Rising Threat
MRO’s Security Advisory Council (SAC) is pleased to announce it is hosting a webinar on Extremist Groups: A Rising Threat. Threats from extremist groups targeting critical infrastructure appear to be on the rise in recent years. Several plots to attack critical infrastructure have been disrupted already this year, thrusting various extremist ideologies into the public light. This presentation will provide an overview of the different extremist groups advocating for critical infrastructure attacks and disruptions. It will include insights, examples, and what sector partners should watch for.
7/30/2020Security Risk Assessment Virtual Roundtable
Event Details
MRO’s Security Advisory Council (SAC) is pleased to announce it is hosting a virtual roundtable on physical, cyber, and operational technology security risk assessment. This online event will start with a brief introduction providing an overview of the practical application of security risk assessment tools. A summary of plans for this year’s MRO Regional Security Risk Assessment will also be provided. The remainder of the event will involve a question and answer session Q&A and participant’s discussing their risk assessment methods, challenges, and successes. MRO registered entities are invited to attend this meeting. Please come to this meeting with questions and discussion topics related to security risk assessment prepared.
7/8/2020Information Risk Management Framework
(Recorded and Posted) MRO’s Security Advisory Council Threat Forum (SACTF) is pleased to announce it hosted a webinar on Information Risk Management Framework. MISO discussed how they utilized the NIST standards to develop their Information risk management program that includes a security risk register, security controls, and Plan of Action and Milestone. These three components to the Information Risk Management program allows them to look at their security risks holistically and have visibility to their security program maturity.
6/16/2020Third Party Vendor Review Cyber Process (Risk Management Approach) Webinar
(Recorded, Not Posted) MRO’s Security Advisory Council (SAC) is pleased to announce it hosted a webinar on Third Party Vendor Review Cyber Process (Risk Management Approach). Reviewing the cyber security posture of third party vendors and their applications is a major challenge for security departments. The Oklahoma Gas & Electric Enterprise Security team talked through our process for conducting those reviews, pitfalls we’ve observed and how we developed a strategy and business case for augmenting that process. They then discussed the ways that we addressed previous issues and how we believe we’ve increased the fidelity or our reviews while streamlining the process for both our company and the vendors.
5/12/2020MRO SAC Hosting Upcoming Webinar Defense Against Copper Theft and Vandalism with Open Architecture Technologies
(Recorded, Posted) MRO’s Security Advisory Council (SAC) is pleased to announce it hosted a webinar on Defense against copper theft and vandalism with open architecture technologies. Copper theft is increasing so how do you strengthen your perimeter? Copper thieves don't know whether their target substation is a low, medium or high impact site. So how do you manage intruders at your most critical substations?  We applied the systems approach methodology consisting of detect, deter, delay, assess, communicate and respond to effectively manage intruders while uncovering open architecture technologies that can be adopted to simplify your intrusion management plans. Also, we discussed how to make dramatic improvements to reduce nuisance alarms brought on by image noise in video analytics.
4/8/2020Industry Organizations' Aligned Approach for Supply Chain Cyber Security
(Recorded, Posted) This Model and complementary products provide a streamlined, effective, and efficient industry-accepted approach for entities to evaluate supplier cyber security practices, which, if applied widely, will enable suppliers to be less burdened and more responsive, provide entities with more and better information, and improve cyber security. This evaluation will provide critical information for entities to consider when conducting risk assessments for potential suppliers of products and services.
The Model describes methods for purchasing entities to gain assurance a supplier is adhering to key supply chain cyber security practices as set forth in the NATF Cyber Security Supply Chain Criteria for Suppliers (the NATF Criteria). The purchasing entity can consider any identified risks in its risk assessment and determine whether the risk is addressed.
The overall objectives of this work and industry’s alignment were to 1) streamline common approaches to evaluating a supplier’s cyber security practices, 2) provide for flexibility within the common approaches, 3) ensure the common approaches are scalable to include all suppliers and purchasing entities, and 4) while the focus is on good cyber security practices, if executed properly, the approaches may support requirements in the NERC supply chain related standards.
3/18/2020NERC Supply Chain Risk Management Requirements and Resources
(Recorded, Posted) MRO’s Security Advisory Council (SAC) and Compliance Monitoring and Enforcement Program Advisory Council (CMEPAC) is pleased to announce it hosted a webinar on NERC Supply Chain Risk Management Requirements and Resources. This presentation discussed Supply Chain Risk Management which is a hot topic in industry with new and updated NERC requirements becoming effective on July 1, 2020. Has your company developed a supply chain cyber security risk management plan and are you ready for the changes? This webinar covered the new requirements in CIP-013-1 and the changes to CIP-005-6 and CIP-010-3. Information will be provided on where to find additional resources.
2/6/2020Cyber Security: Where Should We Start?
(Recorded, Posted) MRO’s Security Advisory Council (SAC) hosted a webinar on Cyber Security: Where Should We Start? This presentation discussed of some simple and effective techniques for organizations to start implementing cyber security controls to protect themselves and their systems from cyber threats. Topics included some simple controls and how to start implementing them as well as pointing attendees to some resources available to help organizations of all sizes get started with cyber security.
12/18/2019Real World Lessons on Why You Should Build and Continuously Improve an Active Shooter Program
(Recorded, Not Posted) MRO’s Security Advisory Council (SAC) is pleased to announce it is hosted a webinar on real world lessons on why you should build and continuously improve an active shooter program. Building an active shooter program from the ground up. This webinar explains how an active shooter program is a living plan that needs to change with current threats. This webinar showed how our program has developed over the years and how our employee’s confidence of surviving an incident has dictated the rate of progression.
11/21/2019Video Surveillance Today
MRO’s Security Advisory Council (SAC) is pleased to announce it is hosting a webinar on Video Surveillance Today. Join Barrett Thompson and Erick Reynolds of Avigilon for an informative snapshot of the current state of the Video Surveillance Industry. Barrett and Erick have worked in the Security and Surveillance Industry for over twenty years and bring a unique perspective to the subject. In this webinar, they will touch on current challenges and trends, including Internet Protocol versus Analog cameras, other integrated technologies, and how the industry is migrating from CCTV to IP Video Surveillance.
8/19/2019One Company's Path to Establishing Threat Intelligence and Hunting
(Recorded) MRO Security Advisory Council (SAC) is pleased to announce that it hosted a webinar on One Company's Path to Establishing a Threat Intelligence and Hunting program. Jamie Buening presented on how MISO’s Threat Intelligence and Hunting team was established and has matured over the past four years. Learn why MISO decided a team was needed, how the team was built, and how the team functions today. Attendees will come away with an understanding of options to begin hunting along with ideas of how to establish the routine regardless of whether a dedicated team exists or not.
7/25/2019Leveraging Relationships Among Electric Utilities and Law Enforcement
(Recorded) MRO Security Advisory Council (SAC) hosted a webinar on Leveraging the relationships between electric utilities and law enforcement. Leveraging the relationships between electric utilities and law enforcement, prosecutors, judges, and legislators can become a force multiplier in the physical security of critical infrastructure owned or operated by the utility, with little to no financial investment required by the entity. The benefits of educating, training, and fostering relationships with the public judicial servants, is often an underused, or even untapped resource. This webinar provided specific and actionable steps a utility can pursue to enhance those relationships, regardless of the size or structure of the utility, as well as the current status of the utility’s current relationship with the relevant judicial actors in any jurisdiction the utility is responsible for protecting.
7/11/2019A Tale of Two Phishing Programs
(Recorded) MRO Security Advisory Council (SAC) hosted a webinar on A Tale of Two Phishing Programs. This session covered how phishing programs come in all shapes and sizes. We looked at the similarities and differences in the phishing programs of two Companies – ATC and OGE. We explored how these programs operate, how they tackle training their end users, and how they make use of reported emails to reduce the risk around phishing threats
5/30/2019Suspicious Packages and Bomb Threat Considerations
(Recorded) MRO Security Advisory Council (SAC) is pleased to announce that it is hosting a webinar on suspicious packages and bomb threat considerations. This session will cover current related events, past events and provide some examples of procedures for how to identify and respond to the threat of suspicious packages and bomb threat issues. Don’t think it can’t happen!  This information may be especially helpful to smaller companies with no procedures in place, and certainly helpful to mailroom personnel or others who regularly handle mail and phone calls.
2/15/2019MRO SAC Webinar Neighborhood Keeper
(Recorded) MRO Security Advisory Council (SAC) is pleased to announce that it is hosting a webinar on Neighborhood Keeper. Neighborhood Keeper is a collaborative threat detection and intelligence program, led by Dragos in partnership with the DOE that makes ICS threat analytics and data accessible to the greater ICS community. Its initial participants include: Dragos, Ameren, First Energy, Department of Energy’s Idaho National Labs, North American Electric Reliability Corporation’s Electricity Information Sharing and Analysis Center, and Southern Company.
12/19/2018MRO Security Advisory Council to Host Upcoming Webinar Enhancing Resiliency via Federated Real-time Secure Messaging
MRO Security Advisory Council (SAC) is pleased to announce that it is hosting a webinar on encrypting messaging. After recommending utilities adopt encrypted messaging in 2014, the E-ISAC published their must-have capabilities to help members evaluate a secure messenger. Soon after the peer-based Cyber Threat Intelligence Group published their own set of requirements with a more technical focus.
 
In 2017, the E-ISAC selected ArmorText secure messaging for its ability to satisfy both the E-ISAC’s requirements and the CTIG’s security requirements while also providing an industry-first federation capability.
 
The E-ISAC is now offering federated Trust Relationships among its asset owner and operator members for truly secure real time information exchange and incident response coordination.
 
Join the CEO of ArmorText, Navroop Mitter as he discusses why this initiative is so timely and why real time federation with organizations like the E-ISAC is more important to energy security than ever before.
12/5/2018MRO Security Advisory Council to Host Upcoming Webinar Learning from Cyber Security Close Calls
(Recorded - Please email estee.kolles@mro.net for the webinar link) MRO Security Advisory Council (SAC) is pleased to announce that it is hosting a webinar on Learning from Cyber Security Close Calls. Our co-workers in safety have well-vetted processes to analyze close calls in order to improve safety. This presentation will discuss taking that concept in conjunction with the Cyber Kill Chain to learn from Cyber Security Close Calls. This presentation will show how we can use such cases to determine what improvements can be made to help detect the attacks earlier in the Cyber Kill Chain. This presentation will also show how a slight modification to a close call could bypass existing security, allowing us to determine what can be done to detect and prevent similar attacks that might come in the future. 
It can be unnerving to watch an attack get past security measures designed to protect an organization, but what can be learned from these exercises is invaluable. They can help the entire organization understand the importance of having multiple layers of security and tuning different layers to mitigate weaknesses in others to avoid close calls and successful attacks.
10/31/2018MRO SAC Webinar Physical Perimeter Hardening in the Electric Sector
(Recorded) MRO Security Advisory Council (SAC) is pleased to announce that it is hosting a webinar on Physical Perimeter Hardening in the Electric Sector. This presentation is a high level look at perimeter physical security planning and products. Discussed will be Site Planning, Layers of Security (Standoff Blast Mitigation) as well as four principles of security (Deny, Deter, Delay, Detect). Presenters will cover the old DOS Ratings (K-Ratings) as well as the origin of the new United States Army Corp of Engineers ASTM 2656-07 standards. A brief look at vehicle and personnel access control as well as a look at options pertaining to perimeter active and passive barriers.
During the webinar presenters will offer lessons learned surrounding implementation of physical hardening.  Beyond vulnerability risk assessments, accounting for design limitations and partnership with stakeholders such as local ordinances and operational requirements while looking for creative solutions.  Partners such as AMICO will review a robust set of solutions, because there is not a one size fits all nor should it, if your mitigation is to be successful. 
8/29/2018MRO SAC Webinar Secure SCADA Protocol for the 21st Century (SSP-21)
(Recorded) MRO Security Advisory Council (SAC) is pleased to announce that it will be hosting a webinar on Secure SCADA Protocol for the 21st Century (SSP-21). The Secure SCADA Protocol for the 21st century (SSP-21) offers network operators the promise of secure communications facilities, even in environments with varying reliability, latency and bandwidth limitations. In this webinar we will introduce SSP-21, and discuss the problem space addressed by this innovative protocol. We will cover the current state of SSP-21 and look ahead to proposed future developments. Finally, we will discuss a new effort funded by the Department of Energy Office of Electrical Delivery and Energy Reliability (DOE OE) that looks to leverage Lawrence Livermore Nationals Laboratories extensive experience with modelling and simulation to provide an independent verification and validation of SSP-21’s operational capabilities.
8/22/2018MRO SAC Webinar Lessons Learned from FERC-Led CIP Reliability Audits
(Not Recorded) MRO Security Advisory Council (SAC) is pleased to announce that it will be hosting a webinar on Lessons Learned from FERC-LED CIP Reliability Audits. David DeFalaise, will provide further insight of the Lessons Learned from FERC-Led CIP Reliability Audits and the 2017 Commission staff report on lessons learned from those audits. In addition, an update about the plan for future FERC-Led CIP reliability audits will be provided. There will be time allocated at the end of the webinar for detailed Q&A. To aid in the preparation of questions you can review the 2017 Commission staff report located here:  https://www.ferc.gov/legal/staff-reports/2017/10-06-17-CIP-audits-report.pdf
5/8/2018GridEx Lessons Learned
(Recorded) This webinar provides lessons learned from the North American Electric Reliability Corporation’s biennial grid security exercise GridEx. GridEx is designed to simulate a cyber/physical attack on electric and other critical infrastructures across North America. This hour-long webinar will be presented by representatives from a diverse group of entities, including a small vertically-integrated utility (Lincoln Electric System), a Regional Transmission Organization (Southwest Power Pool) and two government agencies (Department of Homeland Security and North Dakota Emergency Services).
10/30/2017Physical Security Assessment
(Recorded- please email estee.kolles@mro.net for link) This webinar provided an in depth look at the DHS IST tool and a brief overview of a similar tool used by Public Safety Canada.
9/6/2017Intelligence 101: Establishing and Maturing an Effective Threat Intelligence Program
(Recorded) This webinar provides a common understanding of security and risk intelligence, discusses the foundational aspects of an intelligence program, and explores use cases that can be implemented to establish or mature intelligence functions without requiring complex projects or expensive feeds.
8/29/2017GridEx IV: Benefits of Participation
(Recorded) This webinar offers guidance on utility company participation in NERC's biennial grid security exercise, GridEx IV. GridEx provides an opportunity for utilities to demonstrate their abilities to respond and recover from a simulated coordinated cyber and physical attack on the bulk electric system.
6/2/2017Exploring the Unknown ICS Landscape
(Not Recorded) This webinar will be a discussion regarding unique research on industrial control system soft-ware, malware, and the consequences of poor operations security. The premise for this project is the belief that there is a wealth of information surrounding Industrial Control Systems that is unrec-ognized by the traditional IT cybersecurity industry. Robert M. Lee will walk through proven methodology, and show real-world findings and conclusions of what this means in our space.