The Scoop on Insider Threat

Cyber Security - Insider Threats June 15 , 2021 9 : 00 a.m. - 12: 00 p.m. Eastern

AGENDA

Objectives : • Raise awareness and encourage a deeper understanding of Insider Threats as a risk to the electric utility industry • Encourage cyber and physical security professionals to incorporate Insider Threat mitigation strategies into existing security programs • Present examples of good practices from registered entities within the SERC region who have implemented Insider Threat Programs Target Audience: This event will be of interest to those responsible for cyber and physical security within their company as well as Risk Managers, Human Resources, Legal and others who may want to learn more about Insider Threats to the electric utility industry

WebEx Logon Useful Links Questions for SERC Speaker Bios

Click on speaker’s name on agenda

Tuesday , June 15 , 2021

Bill Peterson – SERC Manager Outreach and Training

Introduction and Logistics

9 : 0 0 a.m.

Greg Klein - FBI Special Agent

Insider Threat from an FBI Perspective

9:10 a.m.

9 : 40 a.m.

Insider Threat & the E-ISAC

Samantha Lee-Conroy - NERC Physical Security Analyst E-ISAC Jack Paul - TVA Compliance Manager

Inside an Insider Threat Program

10 : 0 0 a.m.

Break

10 : 30 a.m.

AGENDA

Tuesday, June 15 , 2021

WebEx Logon Useful Links Questions for SERC Speaker Bios

Bheshj Krishnappa - Reliability First Program Manager Risk and Resiliency Margaret Fenner - Duke Energy Corporation Director- Threat Intelligence and Investigations, Mike Hagee - SERC Princip al Reliability and Security Advisor

Insider Threat Risk Management

10 : 4 0 a.m.

Click on speaker’s name on agenda

Building an Effective Insider Threat Program

1 1 : 00 a.m.

Insider Threat Resources

1 1 : 3 0 a.m.

Bill Peterson – SERC Manager Outreach and Training

Wrap –Up

11 : 50 a.m.

Adjourn

1 2 : 0 0 p .m.

WebEx Logon

The WebEx session will be recorded. The recording will be available on the SERC Secure Portal by request

WebEx login information will be sent to registered attendees by Monday , June 14 , 2021 Join by phone1-408-792-6300 Call-in toll number (US/Canada)

Participants will be muted upon entry to eliminate background noise. Please send questions through the Chat feature.

Can't join the meeting? IMPORTANT NOTICE: Please note that this WebEx service allows audio and other information sent during the session to be recorded, which may be discoverable in a legal matter. By joining this session, you automatically consent to such recordings. If you do not consent to being recorded, discuss your concerns with the host or do not join the session.

Useful Links

Topic

Purpose

RegisteredEntityForum REF Steering Committee

If you have a question you would like to submit anonymously, you may do so by contacting one of the Registered Entity Forum Steering Committee members. eLearning Modules, COVID-19, Hurricane and Cold Weather Preparedness, Supply Chain Resources. Past and present newsletters.

CI P

O &P

Resource Library Newsroom Events Calendar

Register for SERC’s upcoming outreach events

Acronym List

Industry Acronym Reference Index

HOME

Questions for SERC

Link to Form Link to Form

• Q&A Process • Entity Assistance

WebEx Logon Useful Links Questions for SERC Speaker Bios

Email

Topic

• General inquiries / Q&A • Seminar & Webinar Topic Suggestions • Media inquiries

Support@serc1.org

• SERC Membership • SERC Committees • SERC Compliance & Committee Portal/Committee related issues • Registration and Certification Issues • Compliance monitoring methods: o Self-Certification o Self-Report submittals o Compliance data submittals • Enforcement and Mitigation o Mitigation Plan submittals • SERC Compliance & Committee Portal-Compliance related issues

SERCComply@serc1.org

• Reliability Assessment data reporting • Reliability Assessment forms • Annual Voting Rights • Reliability Data Reporting Portal

RAStaff@serc1.org

• Industry Subject Matter Expert (ISME) Program • Submitting an ISME application

ISME@serc1.org

• Event Reporting

Reporting Line Sit@list-serc1.org

• Situational Awareness • Events Analysis

SAEA@serc1.org

HOME

BIOGRAPHIES

Bill Peterson Bill Peterson is the Manager Outreach and Training with SERC Reliability Corporation. Bill has contributed over 20 years to the computer security profession with 15 years dedicated to securing the bulk power system. He started working with CIP security in 2007 and has helped numerous organization strengthen their security posture over the years. Previously, Mr. Peterson was the Program Manager, Cyber Security in the Technical Resources department and a Senior CIP Engineer in the Compliance group. Prior to joining SERC, he worked in security roles for Duke Energy and the New York Power Authority. Mr. Peterson has a Master’s in Business Administration with a concentration on Information Technology Management from the State University of New York at Utica/Rome. Mr. Peterson has a Bachelor’s of Science degree with a dual major in Computer Engineering and Electrical Engineering Technology from the State University of New York at Utica/Rome. Bill holds a certification in Certified Information Security Manager (CISM), a Certified Information Systems Security Professional (CISSP), and a Leadership Certificate from Cornell University

Greogory Klein Greg Klein has served as the Supervisory Special Agent for the FBI's Counterintelligence and Counterproliferation Squad in North Carolina for the past seven years. Prior to this role, SSA Klein led the FBI's Insider Threat Investigations Unit at FBI Headquarters in Washington, DC for four years, including serving as the FBI Director for the initiation and first year of the National Insider Threat Task Force, which created a National Insider Threat Policy. While at FBIHQ, SSA Klein also served as the unit chief for the Economic Espionage Unit and Global Espionage Unit in the Counterespionage Section of the FBI's Counterintelligence Division. SSA Klein began his career in the FBI's Denver Field Office and also served in the Washington Field Office working counterintelligence matters prior to his FBIHQ assignments. SSA Klein received his B.A. in Biochemistry from the University of Tennessee at Knoxville, and currently lives in South Park.

HOME

BIOGRAPHIES

Samantha Lee-Conroy Samantha Lee is Physical Security Analyst for the Electricity Information Sharing and Analysis Center (EISAC). She provides in depth quality analysis and risk management expertise, as well as directly engages and collaborates with the Electricity Industry Asset Owners and Operators across North America. She is recognized as a specialist in resilience, risk management and analysis, with a focus on critical infrastructure, security and continuity with 10 years of policy, planning, and program management experience. Her prior experience includes working as a senior consultant for the Architect of the Capitol (AOC), Office of Security Programs, where she was the project lead for the development of an Agency wide Continuity of Operations Plan (COOP) in support of the Legislative and Judicial Branches of Government. She also led a Business Process Analysis across the AOC to further identify, verify and validate mission critical support functions to further assist in the risk analysis of critical infrastructure and operational planning across the Capitol Hill Complex in support of the AOC resilience mission. Prior to consulting, Samantha was a contractor supporting DHS Science & Technology, Office of National Laboratories and was the Operations Program Manager and responsible for the oversight of the facility operations and maintenance of a $28.86M program across two National DHS Labs; a Transportation Security/Explosives Lab and a Radiological, Nuclear Testing and Evaluations Lab. Samantha earned a Bachelor’s Degree from Gallaudet University majoring in Interpreting and Deaf Studies. She is also certified as an Insider Threat Program Manager (ITPM) from Carnegie Mellon University, as well as certified in Safety, Health and Environmental Management Systems (SHEMS) Internal Auditor. Jack Paul Jack Paul is a Graduate of the University of Tennessee. Over 20 years law enforcement experience with local, state, and federal departments. Retired federal commission in 2020. 15 years physical security experience in the utility industry. 8 years industry and federal physical security and regulatory compliance experience. Currently serve as TVA Subject Matter Expert in all matters pertaining to physcial security compliance. Founding Chair of the SERC CIPC PSS. Member of NATF, E-ISAC, SERC CIPC, ASIS USC, certified CPP and PSP.

HOME

BIOGRAPHIES

Bheshaj Krishnappa

Bheshaj Krishnappa has more than 22 years of international experience in leading several small to large scale IT and security engagements for various energy, software and services, manufacturing, aerospace, and mortgage and finance companies to transform and enhance resilience in delivering their mission. After joining ReliabilityFirst in 2012, he has held positions with increasing responsibility in the Critical Infrastructure Protection compliance monitoring and Risk Analysis and Mitigation departments. In his current role as a Program Manager, Mr. Krishnappa is responsible for all aspects of cyber and operational resilience activities in the RF Region. He is actively driving projects that support risk management decisions, supply chain risks, and insider threats to enhance security and resilience of the bulk power system. He regularly interacts with and educates the stakeholders focusing on the risks and ways to improve the grid resilience and security across the ERO. Mr. Krishnappa has an undergraduate degree in Electrical Engineering with an MBA (Renewable Energy). He currently holds CISSP, CISM and Carnegie Mellon University’s Executive CISO certifications.

Margaret Fenner Margaret serves Duke Energy as the Director of Threat Intelligence & Investigations in the Enterprise Protective Services Organization. She leads the Threat Management Program (insider threat), Threat Intelligence Program and Corporate Security and Digital Forensics investigations. Margaret joined Duke Energy in 2001 and managed several IT teams in the Information Technology Organization. In 2011, Margaret joined the Enterprise Protective Services team providing business continuity and emergency management support to critical business functions including the Crisis Management and Incident Support Teams for the Enterprise. Margaret earned her Bachelor of Arts in Business Management and Masters in Business Administration from Xavier University in Cincinnati, Ohio.

HOME

BIOGRAPHIES

Mike Hagee Michael Hagee is Princip al Reliability and Security Advisor at SERC Reliability Corporation, a nonprofit corporation responsible for promoting and improving the reliability, adequacy, and critical infrastructure protection of the bulk power system in all or portions of 16 southeastern and central states. Mr. Hagee currently supports efforts in the Outreach and Training Department primarily focusing on Entity Assistance. Mr. Hagee previously provided staff support for the SERC Critical Infrastructure Protection Committee (CIPC) as well as a Senior CIP Compliance Auditor, and as such, served as an Audit Team Lead and team member during spot checks and audits of compliance with NERC Reliability Standards in the SERC Region. Prior to joining the SERC Reliability Corporation, Mr. Hagee was employed with Duke Energy Corporation in Charlotte, NC for 32 years, where he worked in various positions in the Nuclear and Corporate Security Departments managing their physical security programs, such as contract guard service, closed circuit television, access control systems, and investigations. Before retiring in 2011, Mr. Hagee was the Critical Infrastructure Asset Protection Manager for Duke Energy responsible for managing their regulated physical security programs, such as NERC CIP, FERC Dam Security, Maritime Security, and Chemical Security. Mr. Hagee has a Master of Arts in Business and Security Organizational Management from Webster University and a BS in Business Administration from Appalachian State University. Mr. Hagee is a Certified Protection Professional (CPP) and holds an Insider Threat Program Management Certificate with Carnegie Mellon’s Security Engineering Institute (SEI).

HOME

Thank You

ADDITIONAL INFORMATION Questions concerning registration and meeting content - Lynn Black

Follow for updates

Page 1 Page 2 Page 3 Page 4 Page 5 Page 6 Page 7 Page 8 Page 9 Page 10

www.serc1.org

Made with FlippingBook - Online magazine maker