2013 Summer School - Session Abstracts and Presenter Bios

2013 summer school header
Opening Reception: June 16
Preliminary Agenda (PDF)  |  Promotional Flyer (PDF)

register now button Registration Deadline: June 3
Q Center Lodging Deadline: May 24, 2013*
*Requests submitted after May 24 will be filled on a space-available basis.
Day Pass Requests accepted thru event.

Session Abstracts | Bios | Prelim Agenda (PDF)

Session Abstracts | Bios

Monday, June 17

8:45 AM — Power System Fundamentals
Tom Overbye, University of Illinois at Urbana-Champaign
Anurag Srivastava, Washington State University
This session deals with a basic understanding of power system components and operation in normal and abnormal conditions. Power system components including generating machines, transmission lines, transformers and loads will be discussed. Structure of North American electric power grid and basic performance metrics will be covered given varying and diverse load requirements. Timeline for various dynamic events in power system will be discussed with needed analytical techniques. Basic principles of operational requirement and need to sense, communicate, compute and control in secure manner will be covered. Power system operation in abnormal conditions will be introduced and existing defense mechanism to meet the performance requirements will be discussed. At the conclusion of this talk, students should be able to understand individual power system components and how these components interact in normal and abnormal operation to meet the performance requirements. 
10:45 AM — Cybersecurity for Power Systems
Carl Gunter, University of Illinois at Urbana-Champaign
Carl Hauser, Washington State University
Power system operations are increasingly reliant on digital computation and communication for efficiency, safety and reliability as well as for maintaining market and billing systems. Like other modern digital systems, communications and computation supporting the power grid are subjected to attempts by unauthorized parties to discover critical information and disrupt operations. Unlike many IT systems, operation of the power grid requires real-time monitoring and control which provides additional opportunities for attackers and additional constraints on the defenders of the systems. In this session, we begin looking at the cybersecurity issues associated with the power grid by examining potential attackers and their motives along with the structural characteristics of power grid IT systems that can lead to cyber risks. We then turn to protective measures and technologies that can help mitigate those risks both in legacy systems and in newly deployed systems. We conclude with a discussion of the regulatory environment for cybersecurity in power systems.
1:45 PM — Panel: Cybersecurity in Other Critical Infrastructures
Moderator: Al Valdes, University of Illinois
Doug Maughan, U.S. Department of Homeland Security; Kevin Staggs, Honeywell; Penny Wolter, Chevron
Many critical infrastructures use industrial control systems that have similarities to those used in power grid systems. For example, SCADA and Distributed Control Systems are used in the oil and gas (O&G) sector. Leading vendors supply systems to multiple sectors with similar system architectures. In some cases, similar protocols are also used across sectors. Other critical sectors, such as telecommunication and finance, use different systems to address different needs. Systems in different sectors vary in terms of timing requirements, safety criticality, and connections to third party systems, among other factors. This panel explores commonalities and differences in cybersecurity as it applies to systems in various critical infrastructure sectors. 
3:00 PM — Smart Grid Vulnerabilities: A Look at Unique Security Challenges in Substation and Distribution Automation
Brian Smith, EnerNex
In the electric utility industry, Supervisory Control and Data Acquisition Systems (SCADA), Distributed Control Systems (DCS), and Substation and Distribution Automation Systems are often lumped into the broad category of Industrial Control Systems (ICS). While all of these systems have common elements, they also have unique histories and requirements, and lumping them under a broad label of ICS is sometimes not practical when discussing cyber security aspects. This session will discuss one of these categories, Substation and Distribution Automation Systems, which have been employed in the electric power industry for many years. As the original physical, electro-mechanical, and solid state components of these systems have headed way to microprocessor and PC based versions, they have come under scrutiny due to their increased attack surface and potential vulnerabilities. It will focus on the aspects of these systems which make them unique and challenging to apply traditional IT security methodology and solutions and how compliance to industry regulations does not necessarily equate to a secure system.
4:00 PM — Assessment of Embedded Devices
Jason Larsen, Idaho National Laboratory
Most of us trade out smart phones, tablets, and other embedded technology without a second thought today – sometimes even when a device still functions as originally intended. We hold our utilities, on the other hand, to a very different set of expectations with regulatory oversight, rate cases, and asset costs calculated over decades of useful life expectancy. This stretching of the technology lifecycle (along with other industry factors) often results in interesting and unique embedded devices deployed in ways the designers could have never anticipated, and that look nothing like today’s embedded consumer technology – a strange and fascinating world where the modern security researcher might be completely lost as to how to even begin. In a two-part session, this presentation will look at how the utility industry winds up with old technology, where it can be found, and what can be done with it from both the utility and hacker perspectives, then dive into the basic architectures of common industrial control hardware and some tricks and techniques used to tease out vulnerabilities during assessments.
5:15 PM — Education and Outreach
Jana Sebestik, University of Illinois at Urbana-Champaign
The success of the modernization of the U.S. electric grid depends on research, engineering, and policy, but also, on the education and acceptance of electricity consumers. TCIPG educators and researchers have developed hands-on activities, interactive online activities, and curriculum materials, appropriate for elementary school grades and higher. The curriculum aims to provide information about the importance and workings of current and future electricity generation and delivery systems and to engage students who may pursue careers in related industries. Participants who attend this hands-on workshop will leave with curriculum materials and resources for use at school and community events. Concepts and issues related to energy resources and their use are critical to the world population. The future of the planet depends on our responses to these issues. Educational and outreach endeavors present opportunities for all members of our community to learn more and engage in meaningful problem solving.  We want to help you motivate your community to support responsible energy use and to encourage young people to consider careers related to science or engineering.

Tuesday, June 18

8:30 AM — Keynote Presentation
Samara N. Moore, Director for Cybersecurity Critical Infrastructure Protection, White House National Security Staff
See bio.
10:15 AM — Power Grid Communication Protocols and Cybersecurity
Frances Cleveland, Xanthus Consulting International
Utilities use many different communication protocols and information models. Many of the protocols are termed “legacy” protocols but are still deployed extensively. At the same time, a number of newer communication protocols are being developed, using more modern technologies. Many of the newer protocols rely on information models that structure the data messages being exchanged in order to provide interoperability. All of these communication protocols have their own strengths and weaknesses. For instance, some of the older protocols are very efficient but are not very flexible or easy to manage. More modern protocols provide flexibility but then are forced to include complex tools to manage that very flexibility in order to tailor the communications for a specific function. In addition, these protocols all are adding cybersecurity – a worthy goal – but each is adding it differently, leading to increased complexity in end-to-end cybersecurity implementations. We will discuss some of these communication protocols and information models issues: Modbus, DNP3, IEC 61850, CIM, SEP2, OpenADR, and ANSI C12.
1:00 PM — Update from DHS
Doug Maughan, U.S. Department of Homeland Security
Session abstract coming soon.
2:00 PM — Power System Visualization and Analysis
Kate Davis, PowerWorld
In the highly-interconnected cyber-physical environment comprising the power grid, it is important to understand the functions and interactions of the tools used to “see” what is going on in the system and to guess what will happen next. A resilient, secure cyber infrastructure is essential for enabling correct operations and is often overlooked.  Important functions include power flow, sensitivity analysis, contingency analysis, and state estimation. This session will explore what these functions are, why they are needed, and how they work in the context of grid operations and situational awareness. Visualization provides a means for mapping analysis to easily interpretable visual indicators, thereby helping to achieve situational awareness. This session reviews current analysis and visualization techniques and explores where trends may be heading as we move forward. The goals are (1) for students to become familiar with the processes used to interpret data to understand the conditions of the system, and (2) for students to recognize the significant role that cyber systems play and the need to create security-oriented solutions for power systems from the ground up.
3:30 PM — Deep Dive: Time Synchronization in Wide Area Grid Measurement Systems
Jeff Dagle, Pacific Northwest National Laboratory
Anna Scaglione, UC Davis
The electric grid increasingly relies on wide area measurement systems based on a large number of devices such as Phasor Measurement Units (PMUs) or devices with built in PMU capability. PMUs provide high rate (30 Hz or higher) measurements, which can support state estimation and other grid analytics at far finer time scales than is possible with legacy SCADA/EMS. This functionality in turn relies on a fine-resolution synchronized time source, often provided by clocks synchronized by signals from global positioning system (GPS) satellites. In this session, we will explore some of the issues and challenges of wide area measurement systems, with particular focus on challenges of time synchronization. We will describe the potential impacts of mis-synchronization, and present mitigating approaches to address these, such as the IEEE 1588 clock synchronization protocol as well as other methods.

Wednesday, June 19

8:30 AM — Security-aware Modeling and Simulation of Grid Systems
David Nicol, University of Illinois at Urbana-Champaign
Cyber-security is now an inseparable component of power-grid analysis, and the implementation of security measures may have impact on the performance and behavior of a grid system.  Historically analysis of grid systems have used system models and simulation of electrical flows, and studied the reaction of those models to contingencies that are injected into the experiment; such experiments typically ignore the contribution of network insecurity and cyber-security measures on system behavior, and also ignore a cyber-attack (and the effects it may cause) as a contingency to consider. This session examines this emerging coupling of security and cyber-attacks on modeling and simulation of grid systems.
10:30 AM — Secure Network Architecture for Power Grid Control Systems
Andrew Wright, N-Dimension Solutions
Industrial control systems are widely used throughout most utilities to monitor and control many kinds of equipment and processes. Examples of industrial control systems used by utilities include Supervisory Control And Data Acquisition (SCADA) systems, Distribution Automation (DA) systems, Advanced Metering Infrastructure (AMI), and various kinds of Process Control Systems (PCS) used in generation plants. Nearly all of these systems utilize modern computing hardware, operating systems, and IP-based networking for "head end" systems at control centers. In some cases the "head end" may virtualized, deployed in a cloud, or provided as a managed service over the Internet. Communications to field components increasingly utilizes IP-based networking, although significant deployment of legacy communications methods remains.

Despite many commonalities with modern IP-based enterprise networks, the performance and security requirements for industrial control systems networks differ from those of enterprise networks. This session focuses on architectural guidelines for deploying secure IP-based control systems, including DA, AMI, PCS, and SCADA systems, as well as related systems that require connectivity to the control systems, such as outage management and billing. This session will review basic networking concepts and security issues, outline security threats specific to control systems, and discuss specific network architectures that provide appropriate performance and security for control systems. Anonymized examples of several actual cyber security deployments will be reviewed.

1:30 PM — Deep Dive: AMI — including privacy, demand response, security
Art Anderson, Pacific Gas & Electric Company
Robin Berthier, University of Illinois at Urbana-Champaign
Kristin Munsch, Illinois Citizens Utility Board
Advanced metering infrastructures (AMI) are a key component of the smart grid that enable meters and utilities to exchange information such as hourly or sub-hourly meter reads, price update, and outage awareness. In addition AMI solutions can provide functionality like Home Area Networking for communication and demand response programs, as well as a potential network to support power management solutions. In this session, we will explore three in-depth aspects of an AMI. First, Art Anderson from Pacific Gas and Electric will present his experience going through the AMI selection process in 2008 and lessons learned after rolling out close to 5 million electric meters. Second, Robin Berthier from the University of Illinois at Urbana-Champaign will introduce Amilyzer, a monitoring solution for AMI that implements a failure-driven security policy for AMI developed by NESCOR in collaboration with EPRI. Third, Kristin Munsch from the Illinois Citizens Utility Board will provide insights about technology acceptance and the role of AMI from a consumer point of view.
4:00 PM — Deep Dive: Protection Systems and Cybersecurity
Dennis Gammel, Schweitzer Engineering Laboratories
William Niemira, University of Illinois at Urbana-Champaign
The Federal Energy Regulatory Commission’s (FERC) top initiative is for the modernization of the country’s electric grid through digital technologies for more efficient and lower cost generation and distribution of energy. A result of this modernization is that the electric grid’s protection and control system needs to incorporate cyber defense mechanisms to assure the protection of the nation’s critical infrastructure. These security measures must prevent attack without diminishing the ability of the protection system to respond to abnormal electrical conditions.

Typical information technology (IT) practices are not ideal for control and securing of electric utility networks that include protective equipment. These control system networks require real-time operations of intelligent electronic devices (IEDs) in the network with low latency and deterministic communications. These networks are more static in nature and require a different level of human interaction and control than typical corporate networks. Many of the operations and applications can have their communications and networks segregated from other applications and often do for the sake of security in the cyber sense as well as protection sense. However, in the interest of efficiency and lower cost, equipment will be dual-purposed, bridging these communication networks at times. Engineering must not only take into consideration the cyber-security aspects of these types of networks but also the redundancy, fail-over, and control of the devices in these applications.

There are many different applications in utility control system networks with a variety of types of communications for best practice in protection and control of electricity transmission and distribution. This session will provide an overview on a set of example applications along with their needs in communications and correlate that to a suitable and appropriate set of cyber defense mechanisms. The controls system will then be generalized as a whole and the cyber-security of the system will be defined with taking into the account the layers that were discussed for the individual applications. Most of the differences that exist between the typical IT approach for controlling, monitoring, and securing of corporate networks and that which is needed for protecting the nation’s electrical grid will be evident after this session.

Thursday, June 20

8:30 AM — Building Energy Management Systems and Cybersecurity
Himanshu Khurana, Honeywell
Demand Management is increasingly becoming a key component of grid operations. Examples range from utility driven operations dealing with peak load management to end-use customer participation in demand response markets. In this session we first explore various building energy management systems. This includes components of energy consumption and opportunities to realize energy efficiency in homes, buildings and microgrid systems. We then look at cybersecurity principles and constructs that are relevant to these Building Energy Management Systems and explore how they come together in representative demand management operations. 
10:30 AM — Following the Energy Sector’s Roadmap
Carol Hawk, U.S. Department of Energy
Securing energy delivery systems against the risk and impact of disruption due to cyber attack is a shared responsibility of both the public and private sectors. Guided by the industry vision outlined in the Roadmap to Achieve Energy Delivery Systems Cybersecurity (2011), the U.S. Department of Energy (DOE) Cybersecurity for Energy Delivery Systems (CEDS) program is working hand-in-hand with energy sector stakeholders—utilities, vendors, national laboratories, academia, and government—to develop solutions that address the “right problems” at the intersection of power systems engineering and the computer science of cybersecurity. The CEDS R&D portfolio includes long-term, mid-term, and short-term research, enabling a continuous transition of innovative technologies from the national laboratories and academia into capabilities that the energy sector can put into practice. With funding support from DOE CEDS, the Trustworthy Cyber Infrastructure for the Power Grid (TCIPG) partnership combines its expertise in power systems engineering and cybersecurity to develop capabilities that focus on long-term solutions. This session will provide an overview of the CEDS program and showcase how solutions in the CEDS R&D portfolio fit into strategies outlined in the industry-driven Roadmap.
1:00 PM — Renewables and Resiliency in Microgrids
Mariesa Crow, Missouri University of Science & Technology
One of the main envisioned features of the future power grid system includes automatic controls for electric power at the customer side, a power distribution infrastructure that encourages renewable energy development, local energy storage, and customer loads that are capable of responding to changes in the grid.  It is expected that these features will be implemented through the use of digital signal communication including pricing information, high-speed electronic control of power, direct control of energy flows in distribution systems and at customer sites, and the utilization of optimal strategies for the operation (charge and discharge) of storage devices (potentially including plug-in electric vehicles).  The future “smart” grid offers many benefits to utilities and consumers — mostly seen in improvements in energy efficiency on the electricity grid. Realizing this envisioned smart power system requires a holistic understanding of the impact that a high penetration of renewable resources, energy storage, and distributed control has on system operation.  
3:00 PM — Military Microgrids and SPIDERS Implementation
Melanie Johnson, ERDC-CERL
Expanding policy goals encourage the DoD and Army to pursue innovative energy technology to meet mission requirements while improving overall efficiency and energy security. With renewable energy targets well above 30% of installation demand, grid integration and stability become serious concerns. Microgrids provide capabilities that help DoD facilities accomplish efficient operation of diesel generators and integration of renewable energy resources. We will examine the retrofits that make microgrid islanding possible through existing distribution infrastructure and the challenges associated with utilizing infrastructure that never envisioned islanding. We will also cover the multi-layered control system schemes that make both fast control and resource optimization possible. Finally, we will review the three SPIDERS microgrids as case studies in microgrid implementation at DoD installations. 
3:00 PM — Approaches and Challenges in Vehicle-to-Grid Systems
Klara Nahrstedt, University of Illinois at Urbana-Champaign
Electric Vehicles (EVs) are anticipated to become widely spread in the future distribution networks. This large number of EVs will not only help to elevate our demand on oil and gas consumption, but also boost the distributed electricity storage. The reason for EVs’ energy-demand savings and energy provisioning is that EVs are able to work in a stand-alone mode as well as in grid-connected mode. In this talk we will discuss the current approaches and challenges of EVs when they operate in grid-connected mode, and their corresponding communication infrastructures that support this EV mode, called the Vehicle-to-Grid Systems (V2G). We will discuss currently proposed V2G system architectures; the ancillary services such as peak shaving, renewable energy integration, frequency regulation; communication protocols over power-line networks, cellular networks and other wireless networks, and charging control algorithms such as distributed control algorithms using congestion or pricing signals. We will conclude the talk with open problems and challenges that V2G systems face including bandwidth, reliability, security and mobility. 
4:00 PM — Lightning Talks
Moderator: Gabriel Weaver, University of Illinois at Urbana-Champaign
Select Summer School Participants
5-minute pitches from select summer school participants about bold, new ideas for research initiatives, products, or outreach efforts. For more information about this session and format, see our Call for Proposals (Due May 15).

Friday, June 21

8:30 AM — Advanced Techniques for Security Assessment
Edmond Rogers, University of Illinois at Urbana-Champaign
Ryan Speers, River Loop Security
Tim Yardley, University of Illinois at Urbana-Champaign
Security assessment techniques go far beyond penetration testing of the TCP/IP network, targeted phishing attacks via email, and host compromises. This talk will cover a sampling of advanced techniques against the more "unique" systems that are seen in the power grid. We will provide an introduction to IEEE 802.15.4/ZigBee security architectures and present the latest updates to KillerBee, a framework for exploring and exploiting 802.15.4-based networks. Secondly, we will provide an overview of how to look at embedded devices from a penetration testing approach – taking a look at a circuit board and pointing out the security-sensitive components and potential access vectors. Finally, we will discuss vulnerability discovery (via fuzzing) and the process of exploit creation specifically for embedded systems.
10:00 AM — Security Testing Framework for Utilities
Justin Searle, UtiliSec
For years we’ve had penetration test distributions like BackTrack and SamuraiWTF to help us perform penetration testing in most IT environments; however, these distributions have been generic in nature to enable their use in a wide variety of different environments.  One environment where these distributions have failed to meet the needs of their users is on SCADA and Smart Grid systems.  Building on experience running SamuraiWTF over the last four years, UtiliSec, a leading provider of security consulting services in the energy sector, has created an open source linux distribution specifically for Electric Utility security teams. SamuraiSTFU takes the best in breed security tools for traditional network and web penetration testing, adds specialized tools for embedded and RF testing, and mixes in a healthy dose of energy sector context, documentation, and sample files.  It also includes emulators for SCADA, Smart Meters, and other types of energy sector systems to provide a full test lab.  SamuraiSTFU.org is of interest to security engineers who work for an electric utility, or to those interested in gaining sufficient experience to start doing security work in these environments.
11:00 AM — Closing Remarks
William H. Sanders, University of Illinois at Urbana-Champaign
Session abstract coming soon.

Optional Hands-On SCADA Security Assessment Training Lab

1:00 PM to 7:00 PM — Tuesday OR Thursday (instead of afternoon main sessions)
Noon to 7PM — Friday
Jeremy Jones, University of Illinois at Urbana-Champaign
Edmond Rogers, University of Illinois at Urbana-Champaign
Gabriel Weaver, University of Illinois at Urbana-Champaign
Tim Yardley, University of Illinois at Urbana-Champaign
TCIPG researchers will bring their lab to the school, providing extended training sessions on security assessment. Training will be delivered using a platform designed to provide controlled exposure to real SCADA protocols and systems that are currently the subject of research in our lab. Instructors will provide demonstrations and training about assessment tools that are currently being used or are under development in the TCIPG program. The training concludes with a hands-on exercise that allows participants to apply what they have learned in a closed environment. A limited number of seats are available for labs and will be assigned on a first-registered, first-served basis.

NOTE: Lab participants should be prepared to bring a laptop that can connect to an Ethernet network. We also highly recommend that you have installed and tested a remote desktop client on your laptop. Below are RDC suggestions based on OS: 

Ameren Smart Grid Training Platform (Mobile Unit)

Refer to agenda for viewing opportunities available during breaks throughout the week.
Donald Borries, Ameren Illinois
Manoj Bundhoo, D.J. Fluck, and Vincent Marec, G&W Electric Company
The Smart Grid Training Platform is a mobile unit that offers hands-on practical training on equipment and technologies that are being deployed and energized on the utility grid. The platform provides valuable educational development within Ameren Illinois by helping their employees develop the necessary skillsets to properly operate and maintain the latest smart grid technologies in a real-world environment. For more information about the Ameren Smart Grid Training Platform, download this PDF brochure.

Session Abstracts | Bios | Prelim Agenda (PDF)

Presenter Bios | Session Abstracts

photo-andersonArt Anderson, Pacific Gas & Electric

Art Anderson manages the Emerging Technology Lab, at Pacific Gas and Electric. His team reviews technology solutions that drive energy efficiency as part of the evolving SmartGrid. Art’s group is part of the Chief Technology Office in IT, and his team also evaluates upgrades that may impact the utility’s systems. Art has over 25 years of work experience in the information technology field. He has worked in software development, testing, and deployment in several different industries. Art has been involved in the PG&E SmartMeter program from its inception, throughout its design, testing and deployment. Art holds a bachelor’s degree from the University of California at Berkeley.

photo-berthierRobin Berthier, University of Illinois at Urbana-Champaign

Robin Berthier is a Research Scientist in the Information Trust Institute (ITI) at the University of Illinois at Urbana-Champaign. He is working on system and network monitoring solutions for advanced metering infrastructures. His projects include the design and development of a specification-based intrusion detection sensor. Such technology enables the integration of formal verification of monitoring operations based on security policies, and ensures that both known and unknown malicious activity will be detected. Issues such as real-time alerting and large-scale situational awareness are being studied under the requirements of a detailed threat model, and under the constraints of practical field deployment and cost efficiency.

photo-blankDonald R. Borries, Ameren Illinois

Donald R. Borries is the Supervising Engineer in the Technology Applications Center for Ameren Illinois located adjacent to the University of Illinois in Champaign, IL. His responsibilities at this location include the testing and evaluation of new Smart Grid devices and equipment ranging from cyber-security to 69kV electrical apparatus. During his career with Ameren, he has worked extensively in power generation, relaying protection and substation maintenance. He received his BS degree in Electrical Engineering from the University of Illinois and has served continuously with the U.S. Coast Guard active and reserve for the past 34 years as an Electronics Engineering Chief Warrant Officer 4.

photo-clevelandFrances Cleveland, Xanthus Consulting International

Frances Cleveland is President of Xanthus Consulting International, and has consulted on Smart Grid information and control system projects in the electric power industry for over 36 years. Her expertise has focused primarily on Smart Grid information interoperability standards, cyber security issues, and integration of systems, including Distributed Energy Resources (DER), plug-in electric vehicles (PEV), Advanced Metering Infrastructures (AMI), Distribution Automation (DA), substation automation, SCADA systems, and energy market operations. She is currently consulting to NIST as a Technical Champion for the Smart Grid Interoperability Panel (SGIP), reviewing the cyber security of all standards in the NIST Catalog of Standards, and addressing DER Use Cases and standards in the SGIP DRGS DEWG. She is also developing the cyber security requirements for DER as part of EPRI’s National Electric Sector Cybersecurity Organization Research (NESCOR) project. She is currently leading a California Energy Commission effort to update California’s DER interconnection requirements to include advanced DER functions. In the International Electrotechnical Commission (IEC), she is convenor of IEC TC57 WG15 for IEC 62351 cybersecurity standards for power system operations and is the editor for IEC TC57 WG17 for IEC 61850-7-420 information standards for DER, EV, and DA. In IEC TC8 WG6, she is providing DER Use Cases. In the IEEE, she is past chair of the IEEE Power and Energy Society’s (PES) Power System Communications Committee (PSCC) and Security Subcommittee. Ms. Cleveland has a B.A. in Electrical Engineering and Applied Physics, Harvard University, a M.S. in Electrical Engineering and Computer Science, University of California at Berkeley, and a MBA from San Jose State University.

photo-dagleJeff Dagle, Pacific Northwest National Laboratory

Jeff Dagle has worked at the Pacific Northwest National Laboratory, operated by Battelle for the U.S. Department of Energy (DOE), since 1989 and currently manages several projects in the areas of transmission reliability and security, including the North American SynchroPhasor Initiative (NASPI) and cyber security reviews for the DOE Smart Grid Investment Grants and Smart Grid Demonstration Projects associated with the American Recovery and Reinvestment Act of 2009. He is a Senior Member of the Institute of Electrical and Electronics Engineers (IEEE), a member of the International Society of Automation (ISA) and National Society of Professional Engineers (NSPE), and is a licensed Professional Engineer in the State of Washington. He received the 2001 Tri-City Engineer of the Year award by the Washington Society of Professional Engineers, led the data requests and management task for the U.S.-Canada Power System Outage Task Force investigation of the August 14, 2003 blackout, supported the DOE Infrastructure Security and Energy Restoration Division with on-site assessments in New Orleans following Hurricane Katrina in fall 2005, and is the recipient of two patents, a Federal Laboratory Consortium (FLC) Award in 2007, and an R&D 100 Award in 2008 for the Grid Friendly™ Appliance Controller technology. Mr. Dagle was a member of a National Infrastructure Advisory Council (NIAC) study group formed in 2010 to establish critical infrastructure resilience goals. He received B.S. and M.S. degrees in Electrical Engineering from Washington State University in 1989 and 1994, respectively.

photo-davisKatherine Rogers Davis, PowerWorld

Katherine Rogers Davis is a Software Engineer and Senior Consultant at PowerWorld Corporation as well as an Adjunct Assistant Professor in ECE at the University of Illinois at Urbana-Champaign. Kate received the B.S. degree in electrical engineering from the University of Texas at Austin in 2007 and the M.S. and Ph.D degrees in electrical engineering from the University of Illinois at Urbana-Champaign in 2009 and 2011, respectively. Her interests include data-enhanced power system modeling and analysis and making algorithms more robust with respect to bad data. She has worked closely with other TCIPG researchers at the University of Illinois on topics such as protecting the power grid from malicious data injection. Kate is a member of IEEE PES, IEEE COMSOC, ASEE, HKN, and Tau Beta Pi.

photo-gammelDennis Gammel, Schweitzer Engineering Laboratories

Dennis Gammel is a graduate of the University of Idaho with a B.S. in Applied Mathematics and has been actively working in the computing and communications industries since 1996. His career experience includes network security, network architecture, database application development, ASIC simulation, and design software, as well as RTOS application development. Dennis is presently the R&D Director over Communication Systems at Schweitzer Engineering Laboratories, Inc. (SEL), responsible for the quality, development, and marketing of the SEL Communication Systems product lines. He has been with SEL since March 2005 and has 15 years of secure software engineering experience. Dennis is also an External Advisory Board (EAB) member of the Trustworthy Cyber Infrastructure for the Power Grid (TCIPG) Center.

photo-gunterCarl Gunter, University of Illinois at Urbana-Champaign

Carl A. Gunter is a Professor in the Computer Science Department of the University of Illinois and director of the Illinois Security Lab, the Center for Health Information Privacy and Security, and the HHS Strategic Healthcare IT Advanced Research Projects on Security (SHARPS). He has made research contributions in the semantics of programming languages, formal analysis of networks and security, and privacy technologies. He is the author of more than 100 scientific research publications and has written a standard textbook on semantics of programming languages, published by MIT Press. He is a founder of Probaris Technologies, a company that provides identity management technologies, and has served as a consultant to research labs and companies. His recent work concerns security and privacy issues for the power grid and healthcare information technology.

photo-hauserCarl Hauser, Washington State University

Carl Hauser is an Associate Professor in the School of Electrical and Computer Engineering at Washington State University. He works on projects related to secure and timely wide-area data dissemination for the power grid in the context of the GridStat project at Washington State University. He is currently developing techniques for flexible embedding of cryptographic authentication protocols in the power communication infrastructure to accommodate evolution of cryptographic technology over the long life typical of devices used in the power grid. He is also working on achieving end-to-end, real-time performance in wide-area control networks, addressing both operating system and network scheduling issues.

photo-blankCarol Hawk, U.S. Department of Energy, Office of Electricity Delivery and Energy Reliability

Carol Hawk is the Manager of the Cybersecurity for Energy Delivery Systems (CEDS) Program for the office of Electricity Delivery and Energy Reliability in the Department of Energy (DOE). Her current duties include coordinating the CEDS program, which includes an industry-directed program, a research-directed program, the National SCADA test-bed program, and an academic-directed program that includes the Trustworthy Cyber Infrastructure for the Power Grid center. Collectively, these programs will lead to resilience of the nation’s energy delivery cyber infrastructure, enabling critical operations to continue even in the presence of cyber attacks. Dr. Hawk conducted her Ph.D. research in high-energy physics at Rutgers University as a member of the Collider Detector at Fermi National Accelerator Laboratory Collaboration. In addition, she brings a variety of work experiences to DOE, including work on telecommunications (at Bell Communications Research, now known as Telcordia) as well as fuel cell electrochemistry (at United Technologies Research Center and later at the University of Connecticut). Prior to joining the DOE, Dr. Hawk performed operations research with the Center for Naval Analyses.

photo-blankDiane Hooie, U.S. Department of Energy

Diane Hooie is a Senior Advisor with the Energy Delivery Technologies Division of the Project Management Center at the Department of Energy’s National Energy Technology Laboratory. She has over 35 years of experience converting new ideas and innovative technologies from the concept stage through production and to profitable, marketable products. Her current responsibilities include implementing the Cyber Security for Energy Delivery Systems Program for the office of Electricity Delivery and Energy Reliability as well as developing technical collaborations with nontraditional DOE customers, such as the Department of Homeland Security and the Department of Defense, and developing international programs, including ones in Russia, Kazakhstan, Egypt, and Japan, in clean energy technology areas including clean coal, electricity, turbines, fuel cells, hybrids, and fuels. She received her B.S. in Ceramic Engineering from Ohio State University, an M.S. in Management from Rensselaer Polytechnic Institute, and a Ph.D. in Engineering from California Coast University. During her career, Dr. Hooie has received many awards and honors and done over 100 publications and presentations (including two books and one encyclopedia article) pertaining to fuel cells, fuels, and turbines. In 1998, she was selected “Woman of the Year” and given the highest honor, “Person of Distinction,” for the Federal Government.

photo-johnsonMelanie Johnson, ERDC-CERL

Melanie D. Johnson is an Electrical Engineer in the Energy Branch of the U.S. Army Engineer Research and Development Center’s Construction Engineering Research Laboratory (ERDC-CERL). Melanie joined the Energy Branch at ERDC-CERL in 2008 and focuses on projects that bring alternative, renewable, and emerging energy resources to military applications. The National Society of Professional Engineers (NSPE) recognized Melanie as a New Face in Engineering in 2010. Melanie graduated from the University of Illinois Urbana-Champaign with an MS in Electrical Engineering and from the University of Texas at Austin with a BSEE, both specializing in power and energy systems. Melanie’s current research focuses on applying distributed generation technologies to Army and military needs. This work includes incorporating diverse distributed generation portfolios into microgrids, developing business cases for advanced microgrid control in energy markets, and applying information security practices to power distribution systems. Her current duties include technical management of the Phase 2 SPIDERS microgrid at Fort Carson, CO.

photo-jonesJeremy Jones, University of Illinois at Urbana-Champaign

Jeremy Jones is in charge of operations for the TCIPG research lab and oversees day-to-day operations and administrative needs for the lab. In addition, he develops and maintains testbed software and frameworks and other lab resources. Jones is also interested in distributed computing, operations automation, and self-service and auto-scaling of lab resources. Prior to joining TCIPG, Jones led development and operations for large-scale Web search startups and data center operations in private industry.

photo-khuranaHimanshu Khurana

Himanshu Khurana is the Senior Manager for the Integrated Security Technologies at Honeywell Automation and Control Systems. The Integrated Security Technologies section focuses on research, development and technology transition in cybersecurity, computer vision, and physical security. He is currently on the Board of Directors for the Cyber Security Research Alliance (CSRA), an industry consortium focusing on game changing cybersecurity research. Dr. Khurana has published over 50 articles and co-developed several software tools covering a range of topics in distributed system security and critical infrastructure systems. He has been involved with several global electric grid initiatives including the North American Synchrophasor Initiative, NIST Cyber Security Working Group, DNP3 Technical Committee, OpenADR, SEP, European Commission expert working group on Smart Grid cybersecurity, the NIST CPS initiative and in developing relevant standards. Before joining Honeywell, Dr. Khurana was Principal Research Scientist at the Information Trust Institute, University of Illinois, Urbana-Champaign and served as the Co-Principal Investigator and Principal Scientist for the Trustworthy Cyber Infrastructure for Power (TCIPG) center. He obtained his M.S. and Ph.D. from the University of Maryland, College Park.

photo-larsenJason Larsen, Idaho National Laboratory

Jason Larsen is a sought after speaker in the cyber of critical infrastructure. He has spent most of the last ten years at the Idaho National Labs with a few side trips, including writing an IPS, a couple of years on the Win7 penetration testing team, and some radiation modeling. Jason specializes in the deeply technical aspects of cyber security and has been accused of trying to rewrite every known utility from scratch.

photo-blankDoug Maughan, U.S. Department of Homeland Security, Science and Technology Directorate

Doug Maughan is the Cyber Security Division Director in the Homeland Security Advanced Research Projects Agency (HSARPA) within the Science and Technology (S&T) Directorate of the Department of Homeland Security (DHS). Dr. Maughan has been at DHS since October 2003 and directs and manages the Cyber Security Research and Development activities and staff at DHS S&T. His research interests and related programs are in the areas of networking and information assurance. Prior to his appointment at DHS, he was a Program Manager at the Defense Advanced Research Projects Agency (DARPA) in Arlington, Virginia. Prior to his appointment at DARPA, he worked for the National Security Agency (NSA) as a senior computer scientist and led several research teams performing network security research. Dr. Maughan received bachelor’s degrees in Computer Science and Applied Statistics from Utah State University, a master’s degree in Computer Science from Johns Hopkins University, and a Ph.D. in Computer Science from the University of Maryland, Baltimore County (UMBC).

photo-blankSamara N. Moore, Director for Cybersecurity Critical Infrastructure Protection, White House National Security Staff

As part of the White House National Security Staff, Samara Moore is the Director for Cybersecurity Critical Infrastructure Protection coordinating across the federal government and partnering with the private sector on efforts to strengthen cybersecurity for all critical infrastructure sectors. Prior to joining the National Security Staff, Mrs. Moore worked as the Senior Information Technology (IT) and Cybersecurity Advisor at the Department of Energy (DOE), focused on cybersecurity for the Energy Sector and managing public-private partnerships. She also played a key role in IT and cybersecurity governance for the DOE. While at DOE, Mrs. Moore led the development of the Electricity Sector Cybersecurity Capability Maturity Model which is being used both domestically and internationally. Prior to joining the DOE, Mrs. Moore worked as the Director of the Office of Management and Data Systems for the Occupational Safety and Health Administration, and for Deloitte Enterprise Risk Services. Mrs. Moore has worked as a consultant, systems engineer, and IT manager, and has performed security assessments, managed security operations and security planning for government agencies as well as private industry. Mrs. Moore received a bachelor’s degree from Virginia Tech in Accounting and Information Systems and a master’s degree from the George Washington University in Engineering Management Systems Engineering, where she is currently an adjunct professor.

photo-blankKristin Munsch, Illinois Citizens Utility Board

Kristin Munsch is the Director of Policy and Senior Attorney with the Illinois Citizens Utility Board, a nonprofit consumer advocacy group that has represented utility ratepayers in proceedings before the Illinois Commerce Commission since 1983. CUB focuses on consumer protection and utility rates, and operates an active portfolio of projects to assist consumers in energy conservation. As CUB’s attorney, she has appeared before the Illinois Commerce Commission (ICC) regarding utility rate issues, energy efficiency planning and regulation, electricity supply procurement and deregulated competition in electricity supply. She participates in statewide policy initiatives regarding technological and design improvements to the Illinois electric grid and consumer protection provisions specific to retail utility services, including the Illinois Statewide Smart Grid Collaborative and the Commonwealth Edison Advanced Metering Infrastructure pilot. Ms. Munsch is currently on the Illinois Smart Grid Advisory Council and the Board of Directors for the Energy Foundry, an investment group focused on developing new smart grid technologies and products funded through the Energy Infrastructure Modernization Act. Prior to CUB, she was an Assistant Attorney General for the State of Illinois in the Public Utilities Bureau. Ms. Munsch is a graduate of Northwestern University and the Chicago-Kent College of Law.

photo-nahrstedtKlara Nahrstedt, University of Illinois at Urbana-Champaign

Klara Nahrstedt is a full Professor in the Department of Computer Science at the University of Illinois at Urbana-Champaign. Her research interests are directed toward trustworthy multimedia distributed systems and networking, quality of service (QoS) and resource management in Internet and mobile systems, real-time security in wireless networks for trustworthy power grids, and 3D tele-immersive systems. She is the recipient of the Early NSF Career Award, the Junior Xerox Award, the IEEE Communication Society Leonard Abraham Award for Research Achievements, the 2008 University Scholar Award, the 2009 Humboldt Research Award, and the 2012 IEEE Computer Society Technical Achievement Award. She was the editor-in-chief of the ACM/Springer Multimedia Systems journal; associate editor of the ACM Transactions on Multimedia Computing, Communications and Applications; associate editor of the IEEE Transactions on Multimedia; associate editor of the IEEE Transactions on Information Forensics & Security; general co-chair of ACM Multimedia 2006; general chair of ACM NOSSDAV 2007; general chair of IEEE PerCom 2009; and Ralph and Catherine Fisher Professor at Illinois. She was elected to serve as the chair of the ACM SIG on Multimedia. Nahrstedt received her Diploma in mathematics - numerical analysis from Humboldt University, Berlin, Germany, in 1985. She was a research scientist in the Institute for Informatik in Berlin, Germany, until 1989. In 1995, she received her Ph.D. from the Department of Computer and Information Science at the University of Pennsylvania. She is a member of the ACM and an IEEE Fellow.

photo-nicolDavid M. Nicol, University of Illinois at Urbana-Champaign

David M. Nicol David M. Nicol is the Franklin W. Woeltge Professor of Electrical and Computer Engineering at the University of Illinois at Urbana-Champaign, and Director of the Information Trust Institute. Previously he held faculty positions at the College of William and Mary and at Dartmouth College. His research interests include high-performance computing, simulation modeling and analysis, and security. He was elected Fellow of the IEEE and Fellow of the ACM for his contributions in those areas. He is co-author of the widely used textbook Discrete-Event Systems Simulation and was the inaugural awardee of the ACM Special Interest Group on Simulation’s Distinguished Contributions Award, for his contributions in research, teaching, and service in the field of simulation.

photo-niemiraWilliam Niemira, University of Illinois at Urbana-Champaign

BWilliam Niemira is a student researcher for TCIPG at the University of Illinois at Urbana-Champaign. Will received his B.S. degree in general engineering from the University of Illinois in 2011 and will be receiving his M.S. degree in electrical engineering in 2013. He has had several internships in the electric power industry. His research area is the enhancement of bad data detection for state estimators, particularly the detection of maliciously injected and interacting bad data.

photo-overbyeThomas J. Overbye, University of Illinois at Urbana-Champaign

Thomas J. Overbye is the Fox Family Professor of Electrical and Computer Engineering at the University of Illinois at Urbana-Champaign where he has taught since 1991. He received his B.S., M.S., and Ph.D. degrees in Electrical Engineering from the University of Wisconsin-Madison. His current research interests include electric power system analysis, visualization, dynamics, cyber security and power system geomagnetic disturbance modeling. Dr. Overbye is also the original developer of PowerWorld Simulator, an innovative computer program for power system analysis, education and visualization, a co-founder of PowerWorld Corporation, and is an author of the Power System Analysis and Design book. He was the recipient of the IEEE PES Walter Fee Outstanding Young Engineer Award in 1993, the IEEE PES Outstanding Power Engineering Educator Award in 2011, participated in the August 14, 2003 DOE/NERC Blackout investigation, and is a member of the US National Academy of Engineering.

photo-rogersEdmond Rogers, University of Illinois at Urbana-Champaign

Edmond Rogers (CISSP) is a Smart Grid Cyber Security Engineer for the Information Trust Institute at the University of Illinois. Before joining ITI, Rogers was actively involved as an industry participant in many research activities in ITI’s TCIPG Center, including work on NetAPT (the Network Access Policy Tool) and LZFuzz (Proprietary Protocol Fuzzing). Prior to joining ITI, Rogers was a security analyst for Ameren Services, a Fortune 500 investor-owned utility, where his responsibilities included cyber security and compliance aspects of Ameren’s SCADA network. Before joining Ameren, he was a security manager and network architect for Boston Financial Data Systems (BFDS), and a transfer agent for 43% of all mutual funds. He began his career by founding Bluegrass.Net, one of the first Internet service providers in Kentucky. Rogers leverages his wealth of experience to assist ITI researchers in creating laboratory conditions that closely reflect real-world configurations.

photo-sandersWilliam H. Sanders, University of Illinois at Urbana-Champaign

William H. Sanders is a Donald Biggar Willett Professor of Engineering and the Director of the Coordinated Science Laboratory at the University of Illinois. He is a professor in the Department of Electrical and Computer Engineering and an affiliate professor in the Department of Computer Science. He is a Fellow of the IEEE and the ACM, a past Chair of the IEEE Technical Committee on Fault-Tolerant Computing, and past Vice-Chair of the IFIP Working Group 10.4 on Dependable Computing. Sanders’s research interests include secure & dependable computing and security & dependability metrics and evaluation, with a focus on critical infrastructures. He has published more than 200 technical papers in those areas. He was the founding director of the Information Trust Institute at Illinois. He is currently the Director and PI of the DOE/DHS Trustworthy Cyber Infrastructure for the Power Grid (TCIPG) Center, which is at the forefront of national efforts to make the U.S. power grid smart and resilient. He is also a member of the NIST Smart Grid Advisory Committee, which advises the NIST Director on the direction of NIST’s Smart Grid-related programs and activities.

photo-scaglioneAnna Scaglione, University of California, Davis

Anna Scaglione (M.Sc. 1995, Ph.D. 1999) is currently a Professor of Electrical and Computer Engineering at the University of California, Davis. She joined UC Davis in 2008 after leaving Cornell University, Ithaca, NY, where she started as an Assistant Professor in 2001 and became an Associate Professor in 2006; prior to joining Cornell, she was an Assistant Professor at the University of New Mexico for the 2000–2001 year. She has been a Fellow of the IEEE since 2011, and was recognized by both the Signal Processing and Communications societies. She is Editor in Chief of the IEEE Signal Processing Letters and Guest Editor of the IEEE Journal on Selected Areas special series on Smart Grid communications. She served in the past as Associate Editor for the IEEE Transactions on Wireless Communications from 2002 to 2005, of the IEEE Transactions on Signal Processing, for which she was an Area Editor 2010–2011, from 2008 to 2011. She has been on the Signal Processing for Communication Committee from 2004 to 2009, and has been on the steering committee for the SmartGridComm conference since 2010 and has been the technical chair for the conference in 2012. She also was general chair of the SPAWC 2005 workshop. Dr. Scaglione is the first author of the paper that received the 2000 IEEE Signal Processing Transactions Best Paper Award; she has also received the NSF Career Award (in 2002) and is co-recipient of the Ellersick Best Paper Award (MILCOM 2005). Her expertise is in the broad area of signal processing for communication systems and networks. Her current research focuses on signal processing algorithms for networks and for sensors systems, with specific focus on the smart grid, demand side management, and reliable energy delivery.

photo-blankJustin Searle, UtiliSec

Justin Searle is a Managing Partner of UtiliSec, specializing in Smart Grid security architecture design and penetration testing. Justin led the Smart Grid Security Architecture group in the creation of NIST Interagency Report 7628 and played key roles in the Advanced Security Acceleration Project for the Smart Grid (ASAP-SG).  He currently leads the testing group at the National Electric Sector Cybersecurity Organization Resources (NESCOR). Justin has taught courses in hacking techniques, forensics, networking, and intrusion detection for multiple universities, corporations, and security conferences.  Mr. Searle is currently a certified instructor for the SANS Institute. In addition to electric power industry conferences, Justin frequently presents at top international security conferences such as Black Hat, DEFCON, OWASP, Nullcon, and AusCERT. Justin co-leads prominent open source projects including the Samurai Web Testing Framework, Middler, Yokoso!, and Laudanum. Justin has an MBA in International Technology and is a CISSP and SANS GIAC certified Incident Handler (GCIH), Intrusion Analyst (GCIA), and Web Application Penetration Tester (GWAPT).

photo-sebestikJana Sebestik, University of Illinois at Urbana-Champaign

Jana Sebestik is the Assistant Director for STEM Curriculum Design in the Office for Mathematics, Science and Technology Education (MSTE) in the College of Education at the University of Illinois at Urbana-Champaign. She coordinates TCIPG education efforts to develop a variety of educational opportunities designed to engage learners of all ages. She is the author of the 4-H SET curriculum “The Power of the Wind.” She taught in the Urbana School District for 34 years before coming to MSTE.

photo-smithBrian Smith, EnerNex

Brian Smith serves as a Utility Communication Systems Engineer on the Smart Grid Engineering team at EnerNex. He has over 20 years of experience in the electric utility field and his areas of expertise include substation automation, utility communications, SCADA/EMS systems, and teleprotection applications. In addition, he has experience with a range of communications and protocol technologies. Prior to joining EnerNex, Brian was employed by the Tennessee Valley Authority (TVA) where he worked in the Telecommunication Projects group within the utility’s transmission organization. His work involved planning and engineering responsibilities for telecommunications, SCADA/EMS, teleprotection, and substation automation systems supporting the real time operation of TVA’s transmission and generation resources. While at TVA, Brian was one of the chief architects for TVA’s PowerWAN which is a wide-area IP-communications network supporting real time power system operations, as well as serving as technical lead responsible for telecommunications, teleprotection, and SCADA/telecontrol applications for TVA’s Bradley 500kV substation project which is one of the first multi-relay vendor projects to implement the full suite of IEC 61850.

photo-speersRyan Speers, River Loop Security

Ryan Speers is a security researcher with a focus on low-level radio-frequency protocols and embedded systems. Ryan also has extensive experience with offensive and defensive techniques on networks and software. He maintains the KillerBee and Api-Do projects for exploring and exploiting IEEE 802.15.4 and ZigBee, and wrote the Scapy dissection for IEEE 802.15.4. Additionally, he continues to design the custom Api-Mote hardware to provide companies using ZigBee/802.15.4 with purpose-designed hardware to self-assess their wireless security posture. He has experience in penetration-testing commercial companies infrastructure and hardware devices, including for a major US electric utility. Ryan is a graduate of Dartmouth College with an honors thesis in Computer Science, and works with the excellent team at River Loop Security, LLC to solve their customers’ toughest security problems.

photo-srivastavaAnurag Srivastava, Washington State University

Anurag Srivastava received his Ph.D. degree in Electrical Engineering from the Department of Electrical and Computer Engineering, Illinois Institute of Technology, Chicago, Illinois,  in 2005 and Master of Technology and Bachelor of Technology degrees from India. He is working as an Assistant Professor at Washington State University since August 2010. In the past, he worked as an Assistant Research Professor at Mississippi State University during 2005-2010. Before that, he worked as a Research Assistant and Teaching Assistant at Illinois Institute of Technology, Chicago, Illinois, and as a Senior Research Associate at Electrical Engineering Department at the Indian Institute of Technology, Kanpur, India as well as a Research Fellow at Asian Institute of Technology, Bangkok, Thailand. His research interests include smart grid operation/control and smart grid modeling/real time simulation. Dr. Srivastava is a senior member of IEEE and member of IEEE Power and Energy Society (PES), Sigma Xi and Eta Kappa Nu. He is past-chair of IEEE PES career promotion subcommittee, vice-chair of IEEE PES student activities and active member of several other PES technical committees. He is the recipient of numerous awards including IEEE best paper award and author of more than hundred technical publications including a book.

photo-staggsKevin Staggs, Honeywell

Kevin Staggs is a 36 year employee of Honeywell. He has 26 years of experience in the engineering of control systems as either a hardware, software or systems engineer. In 2010 Kevin joined the Advanced Technology Labs of Honeywell as a Cyber Security Research Engineer. In his previous assignment with Honeywell Process Solutions, he was a member of the Global Architecture Team and one of his responsibilities was the security architecture of all of Honeywell Process Solutions products. He was also responsible for defining the security processes and architectural methodology so that all HPS products are designed for security. Kevin has been involved in system security since Honeywell first introduced open system platform based products. He was the lead system engineer and architect for Honeywell’s HP-UX based UxS product which was introduced in the early 1990s. He defined the original high security, least privilege model which was deployed as part of Honeywell’s TPS system in 1996. In addition to his day job, Kevin is also co-chair of ISA SP99 Working Group 4 which is defining technical security requirements of Industrial and Automation Control Systems and he is the Technical Chairman of the ISA Security Compliance Institute.

photo-valdesAlfonso Valdes, University of Illinois at Urbana-Champaign

Alfonso Valdes is the Managing Director of Smart Grid Technologies at the University of Illinois. In that capacity, he is responsible for a portfolio of diverse research activities, including the Trustworthy Cyber Infrastructure for the Power Grid Center (TCIPG) and the Illinois Center for a Smarter Electric Grid (ICSEG). Valdes was formerly a Senior Computer Scientist in the Computer Sciences Laboratory at SRI International, where he led several projects in information security for clients such as the Defense Advanced Research Projects Agency (DARPA) and the Advanced Research and Development Activity (ARDA), the Department of Homeland Security, and the Department of Energy. His recent research has focused on critical infrastructure systems in the oil & gas and electric sectors. On a recently completed project sponsored by the Department of Energy, he led development of innovative machine-learning and anomaly-based techniques for monitoring process control systems, and oversaw the integration of multiple detection technologies into a correlation framework tailored to such systems. Valdes participated in cyber-security research roadmap efforts for both DHS and DOE. In the DHS Roadmap, he was responsible for coordinating deliberations of leading academic and industry researchers on a number of topics critical to the advancement of cyber-security, and authorship of the corresponding roadmap chapters. He is co-inventor on two patents in cyber-security.

photo-weaverGabriel Weaver, University of Illinois at Urbana-Champaign

Gabe Weaver is a postdoctoral researcher in the Information Trust Institute at the University of Illinois at Urbana-Champaign. He recently defended his doctoral thesis at Dartmouth College. For his thesis, he created eXtended Unix tools (XUTools) to process a broader class of languages in which security-policies are expressed in the language-theoretic sense. XUTools allows practitioners to extract (xugrep), count (xuwc), and compare (xudiff) files in terms of high-level language structures found in modern markup, programming, and configuration languages. XUTools is already in demand by a variety of practitioners, and articles on my research have been featured in various news outlets such as ComputerWorld, CIO Magazine, Communications of the ACM, and Slashdot.

photo-blankPenny Wolter, Chevron

Penny Wolter is the Process Control Network (PCN) Security Program Manager for Chevron Corporation located within the Information Technology Company’s Information Risk Strategy and Management Division. Penny is responsible for developing and sustaining a risk and mitigations program for the process automation infrastructure including the provision of a risk-assessed, fit-for-purpose standards component, an education, awareness and training component, and a clear engagement model with the enterprise. Penny is a member of the Linking the Oil and Gas Industry to Improve Cybersecurity (LOGIIC) Consortium, and is currently based in Houston, Texas.

photo-wrightAndrew Wright, N-Dimension Solutions

Andrew Wright has 20 years of experience in industrial research and development, holds a Ph.D. in Computer Science from Rice University, and has published numerous technical papers and patents. He guides N-Dimension’s technical strategy for cyber security products and solutions for the smart grid, and has been actively involved in numerous customer engagements and cyber security deployments. He collaborates with various industry working groups, including NIST, SGIP, NESCOR, and TCIPG.

photo-yardleyTim Yardley, University of Illinois at Urbana-Champaign

Tim Yardley is the Assistant Director for Testbed Services in the Information Trust Institute at the University of Illinois at Urbana-Champaign. He is working to define the vision and direction for testbed initiatives in ITI and to engage in research to address ITI's mission. His work is based on trustworthiness and resiliency in critical infrastructure, with a particular focus on cyber-security. He works on analysis and development of techniques for securing components, systems, and networks. His work covers a variety of areas, including control systems, telecommunications systems, critical incident response, and simulations of real-world systems. Other areas of interest include health technology, mobile system security, financial systems, and dynamically tailored environments. Beyond research, Yardley is involved in security assessments, external relations, national working groups, technology development and transfer, and entrepreneurial activities.