NW NATURAL CYBER SECURITY 2016.JUNE.16

Transcription

1 NW NATURAL CYBER SECURITY 2016.JUNE.16

2 ADOPTED CYBER SECURITY FRAMEWORKS CYBER SECURITY TESTING SCADA TRANSPORT SECURITY AID AGREEMENTS CONCLUSION QUESTIONS

3 ADOPTED CYBER SECURITY FRAMEWORKS

4 THE FOLLOWING FRAMEWORKS PROVIDE COMPLIMENTARY GUIDANCE: National Institute of Standards and Technology (NIST) DoE Cybersecurity Capability Maturity Model (C2M2) - Oil and Natural Gas Subsector TSA Pipeline Security Guidelines

5 ADOPTED NIST CYBER SECURITY FRAMEWORKS Cybersecurity Framework The Framework focuses on using business drivers to guide cybersecurity activities and considering cybersecurity risks as part of the organization s risk management processes. Topics Identify Protect Detect Respond Recover

6 ADOPTED NIST CYBER SECURITY FRAMEWORKS Guide to ICS Security Provides guidance on how to adapt the Security and Privacy Controls for Federal Information Systems and Organizations for industrial control systems. Very detailed guidance. Designed to apply to any ICS, including SCADA systems. Topics Access Control Awareness and Training Audit and Accountability Security Assessment and Authorization Configuration Management Contingency Planning Identification and Authentication Incident Response Maintenance Media Protection Physical and Environmental Protection Planning Personnel Security Risk Assessment System and Services Acquisition System and Communications Protection System and Information Integrity Program Management

7 ADOPTED C2M2 CYBER SECURITY FRAMEWORKS Cybersecurity Capability Maturity Model The ONG-C2M2 provides a mechanism that helps organizations evaluate, prioritize, and improve cybersecurity capabilities. The model is a common set of industry-vetted cybersecurity practices, arranged according to maturity level. Topics Risk Management Asset, Change, and Configuration Management Identity and Access Management Threat and Vulnerability Management Situational Awareness Information Sharing and Communications Event and Incident Response, Continuity of Operations Supply Chain and External Dependencies Management Workforce Management Cybersecurity Program Management

8 ADOPTED TSA CYBER SECURITY FRAMEWORKS Pipeline Security Guidelines TSA s Pipeline Security Program is designed to enhance the security preparedness of the nation s hazardous liquid and natural gas pipeline systems. Topics Facility Security Measures Cyber Asset Security Measures General Cyber Security Measures Information Security Coordination and Responsibilities System Lifecycle System Restoration & Recovery Intrusion Detection & Response Training Access Control and Functional Segregation Access Control Vulnerability Assessment

9 CYBER SECURITY TESTING

10 NW Natural had an independent security assessment performed on all SCADA systems. This informed how we designed the SCADA environment that we re currently implementing. During our upgrades to the Newport LNG facility, we had one of our key equipment vendors review our planned implementation. CYBER SECURITY TESTING

11 For cyber security incidents we have developed a plan, and we conduct cyber security incident response exercises. Planned topics include: Customer Data Breach SCADA Web server Incident These exercises allow us to assess our people, processes, and technologies to identify ways to improve. CYBER SECURITY TESTING

12 SCADA TRANSPORT SECURITY

13 Firewalls isolate SCADA systems from enterprise systems. Virtual private networks securely connect SCADA networks at different locations. We require employees to logon to jump boxes when connecting into SCADA systems. One of our key projects this year is to enhance these measures. SCADA TRANSPORT SECURITY

14 BUSINESS NETWORK SCADA NETWORK SCADA SYSTEM EMPLOYEE JUMP BOX SCADA TRANSPORT SECURITY

15 SCADA SITE A SCADA SITE B MICROWAVE CONTROL SYSTEM A FIREWALL A FIBER/COPPER FIREWALL B CONTROL SYSTEM B VPN A CELLULAR COMMUNICATION VPN B SCADA TRANSPORT SECURITY

16 AID AGREEMENTS

17 We are considering mutual aid agreements. For the time being, we are contracting with a commercial incident response provider who provide: Available experts that respond to incidents on a regular basis. Quick response times - contractually in hours, but in practice probably minutes. AID AGREEMENTS

18 Access Management We require equivalent confidentiality and background checks from our provider. The provider s response would only be initiated by NW Natural. Provider cannot reach into our SCADA environment. AID AGREEMENTS

19 CONCLUSION NW Natural is: Following strong cyber security frameworks. Conducting cyber security testing. Securing our SCADA transport network. Planning for cyber security augmentation.

20 QUESTIONS