TACOMA PUBLIC UTILITIES CYBERSECURITY PROGRAM NIAC WORKSHOP JUNE 2017
AGENDA TPU Cybersecurity Program Overview Document Management & Program Governance Compliance Driven Best Practices Protect, Detect, and Recover The Future Challenges Information Sharing June 23, 2017 2
TPU CYBER SECURITY ORGANIZATION TPU Cyber Stewards Committee 3
MATURITY MODEL* Current State Dedicating resources within UTS to Cybersecurity Program started, but governance driven primarily from regulatory obligations Event detection and response exists largely for CIP Ad-hoc interaction with change, problem, & incident management Cyber Security Maturity Level 2 Electric & Utility Benchmark 3.8 TPU Maturity Target - 4 Future State Leverage NIST Framework for High, Medium, and Low Cybersecurity Activities Monitoring & reporting on key security metrics to all levels of management UTS Cybersecurity organization well established Able to rapidly tailor security controls as required * Source: Gartner, Inc. ITScore 4
GOAL A TPU-wide approach to policy management A common document taxonomy, standard templates and naming conventions A central location to store policy and related documents A work flow driven process to propagate documents for review, approval, and disposition June 23, 2017 5
TAXONOMY Policy (management statements) Standards (specific mandatory controls) Plans & Guidelines (recommendations / best practices) Procedures (step by step instructions) City & TPU Executive Management Management Execution
COMPLIANCE DRIVEN BEST PRACTICES: PROTECT Protect Reducing our Risk of Exposure System hardening Removing unnecessary applications Anti-malware/Patching Standardization of equipment, architecture, and configurations Access Control Multi-factor Authentication Role Based Access Physical Security Role Based Access Monitoring Recording 7
COMPLIANCE DRIVEN BEST PRACTICES : DETECT Detect Network Intrusion Detection System (IDS) Full Packet Capture on our boundary Security Information and Event Monitoring (SIEM) Logging and Analysis Log Correlation 84% of organizations that had a security breach had evidence of that breach in their log files -- 2013 Data Breach Investigations Report 8
COMPLIANCE DRIVEN BEST PRACTICES : RECOVER Recover Backups Distributed Backup solution Off-site Storage Cloud Ready Disaster Recovery Multi-site Model Incident Response Plans Annual Testing 9
WHAT DOES THE FUTURE LOOK LIKE Leverage Efforts and Capabilities Resulting from Compliance Policy, Standards and Guidelines Expand Scope and Assess using an Industry Framework Develop, Implement, and Measure a Training and Awareness Program Hire, Train, and Retain our Technical Workforce 10
CHALLENGES Organizational Change Management Major Technology Transformation Programs taking off before Cybersecurity is Formally Integrated in Project Delivery Tools, Processes, and Procedures must be Automated City IT & TPU Maturity, Synchronization of Efforts, Communication Formalizing Risk Acceptance to Information Management We are not alone June 23, 2017 11
INFORMATION SHARING Local Partners: Snohomish PUD Seattle City Light Chelan County PUD Washington State Fusion Center Washington Air and Army National Guard Washington State Agencies and Office of Cybersecurity University of Washington (Seattle and Tacoma) National Partners: Large Public Power Counsel Cyber Security Task Force (LPPC CSTF) FBI Cyber Taskforce Industrial Control System Cyber Emergency Response Team (ICS- CERT) Washington State Air National Guard 262 nd Network Warfare Squadrons Electric Subsector Information Sharing and Analysis Center (ES- ISAC) Multi State Information Sharing and Analysis Center (MS-ISAC) And Many More June 23, 2017 12
QUESTIONS 13