NW NATURAL CYBER SECURITY 2016.JUNE.16

Similar documents
Cybersecurity Overview

PIPELINE SECURITY An Overview of TSA Programs

The Common Controls Framework BY ADOBE

Altius IT Policy Collection Compliance and Standards Matrix

Altius IT Policy Collection Compliance and Standards Matrix

HIPAA Security and Privacy Policies & Procedures

IT SECURITY RISK ANALYSIS FOR MEANINGFUL USE STAGE I

Evaluating and Improving Cybersecurity Capabilities of the Electricity Critical Infrastructure

Information Security Policy

The NIST Cybersecurity Framework

Cybersecurity for Health Care Providers

Criminal Justice Information Security (CJIS) Guide for ShareBase in the Hyland Cloud

The NIS Directive and Cybersecurity in

Security Metrics. February 25, Annabelle Lee Senior Technical Executive

University of Pittsburgh Security Assessment Questionnaire (v1.7)

Smart Grid Standards and Certification

Cybersecurity Auditing in an Unsecure World

NORTH AMERICAN SECURITIES ADMINISTRATORS ASSOCIATION Cybersecurity Checklist for Investment Advisers

TABLE OF CONTENTS. Section Description Page

Business Continuity Planning

Continuous protection to reduce risk and maintain production availability

NIST Special Publication

QuickBooks Online Security White Paper July 2017

Language for Control Systems

DFARS Compliance. SLAIT Consulting SECURITY SERVICES. Mike D Arezzo Director of Security Services. SLAITCONSULTING.com

EXHIBIT A. - HIPAA Security Assessment Template -

TARGET2-SECURITIES INFORMATION SECURITY REQUIREMENTS

Why you should adopt the NIST Cybersecurity Framework

"Charting the Course... Certified Information Systems Auditor (CISA) Course Summary

Securing Industrial Control Systems

NOSAC. Phase I and Phase II FINAL REPORT

Energy Assurance State Examples and Regional Markets Jeffrey R. Pillon, Director of Energy Assurance National Association of State Energy Officials

Heavy Vehicle Cyber Security Bulletin

National Level Exercise 2018 After-Action Findings

Bonnie A. Goins Adjunct Industry Professor Illinois Institute of Technology

Checklist for Applying ISO 27000, PCI DSS v2 & NIST to Address HIPAA & HITECH Mandates. Ali Pabrai, MSEE, CISSP (ISSAP, ISSMP)

existing customer base (commercial and guidance and directives and all Federal regulations as federal)

SECURITY & PRIVACY DOCUMENTATION

Cyber Security Requirements for Supply Chain. June 17, 2015

Mike Spear, Ops Leader Greg Maciel, Cyber Director INDUSTRIAL CYBER SECURITY PROGRAMS

Cyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK.

HIPAA Security. 3 Security Standards: Physical Safeguards. Security Topics

Certified Information Systems Auditor (CISA)

ORA HIPAA Security. All Affiliate Research Policy Subject: HIPAA Security File Under: For Researchers

Cyber Security & Homeland Security:

Managing SCADA Security. NISTIR 7628 and the NIST/SGIP CSWG. Xanthus. May 25, Frances Cleveland

BUSINESS CONTINUITY MANAGEMENT PROGRAM OVERVIEW

Chapter 1. Chapter 2. Chapter 3

Critical Infrastructure Protection for the Energy Industries. Building Identity Into the Network

The Road Ahead for Healthcare Sector: What to Expect in Cybersecurity Session CS6, February 19, 2017 Donna F. Dodson, Chief Cybersecurity Advisor,

Checklist: Credit Union Information Security and Privacy Policies

Cyber Risk in the Marine Transportation System

IC32E - Pre-Instructional Survey

ISA99 - Industrial Automation and Controls Systems Security

New York Department of Financial Services Cybersecurity Regulation Compliance and Certification Deadlines

ISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002

MINIMUM SECURITY CONTROLS SUMMARY

Sage Data Security Services Directory

FRAMEWORK MAPPING HITRUST CSF V9 TO ISO 27001/27002:2013. Visit us online at Flank.org to learn more.

Altius IT Policy Collection

FDIC InTREx What Documentation Are You Expected to Have?

Cybersecurity: Considerations for Internal Audit. Gina Gondron Senior Manager Frazier & Deeter Geek Week August 10, 2016

Top 10 ICS Cybersecurity Problems Observed in Critical Infrastructure

The Key Principles of Cyber Security for Connected and Automated Vehicles. Government

Version 1/2018. GDPR Processor Security Controls

Framework for Improving Critical Infrastructure Cybersecurity

AUTHORITY FOR ELECTRICITY REGULATION

Framework for Improving Critical Infrastructure Cybersecurity

RBI GUIDELINES ON CYBER SECURITY AND RAKSHA APPROACH

National Policy and Guiding Principles

COMPASS FOR THE COMPLIANCE WORLD. Asia Pacific ICS Security Summit 3 December 2013

Welcome to the CyberSecure My Business Webinar Series We will begin promptly at 2pm EDT All speakers will be muted until that time

CYBER SECURITY FOR WATER AND WASTEWATER UTILITIES PRESENTED BY: DAVID A. CHANDA, PE

Post-Secondary Institution Data-Security Overview and Requirements

10/12/2017 WHAT IS NIST SP & WHY SHOULD I CARE ABOUT IT? OVERVIEW SO, WHAT IS NIST?

Internet of Things Toolkit for Small and Medium Businesses

Designing and Building a Cybersecurity Program

Information Technology Security Plan Policies, Controls, and Procedures Identify Governance ID.GV

Port Facility Cyber Security

General Data Protection Regulation

FEMA Update. Tim Greten Technological Hazards Division Deputy Director. NREP April 2017

BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE

MODERN MALWARE, MODERN DEFENSES AND PROTECTION

Enhancing the Cybersecurity of Federal Information and Assets through CSIP

An Introduction to the ISO Security Standards

EMERGENCY SUPPORT FUNCTION (ESF) 13 PUBLIC SAFETY AND SECURITY

2018 WTA Spring Meeting Are You Ready for a Breach? Troy Hawes, Senior Manager

Ensuring System Protection throughout the Operational Lifecycle

Building Secure Systems

Maritime Bulk Liquids Transfer Cybersecurity Framework Profile

DEFENSE LOGISTICS AGENCY

CYBERSECURITY MATURITY ASSESSMENT

Implementing Executive Order and Presidential Policy Directive 21

Pipeline Security Guidelines. April Transportation Security Administration

Assessing Your Incident Response Capabilities Do You Have What it Takes?

Using Metrics to Gain Management Support for Cyber Security Initiatives

American Association of Port Authorities Port Security Seminar & Expo Cyber Security Preparedness and Resiliency in the Marine Environment

New Guidance on Privacy Controls for the Federal Government

Cyber Hygiene: A Baseline Set of Practices

HIPAA Federal Security Rule H I P A A

Transcription:

NW NATURAL CYBER SECURITY 2016.JUNE.16

ADOPTED CYBER SECURITY FRAMEWORKS CYBER SECURITY TESTING SCADA TRANSPORT SECURITY AID AGREEMENTS CONCLUSION QUESTIONS

ADOPTED CYBER SECURITY FRAMEWORKS

THE FOLLOWING FRAMEWORKS PROVIDE COMPLIMENTARY GUIDANCE: National Institute of Standards and Technology (NIST) DoE Cybersecurity Capability Maturity Model (C2M2) - Oil and Natural Gas Subsector TSA Pipeline Security Guidelines

ADOPTED NIST CYBER SECURITY FRAMEWORKS Cybersecurity Framework The Framework focuses on using business drivers to guide cybersecurity activities and considering cybersecurity risks as part of the organization s risk management processes. Topics Identify Protect Detect Respond Recover

ADOPTED NIST CYBER SECURITY FRAMEWORKS Guide to ICS Security Provides guidance on how to adapt the Security and Privacy Controls for Federal Information Systems and Organizations for industrial control systems. Very detailed guidance. Designed to apply to any ICS, including SCADA systems. Topics Access Control Awareness and Training Audit and Accountability Security Assessment and Authorization Configuration Management Contingency Planning Identification and Authentication Incident Response Maintenance Media Protection Physical and Environmental Protection Planning Personnel Security Risk Assessment System and Services Acquisition System and Communications Protection System and Information Integrity Program Management

ADOPTED C2M2 CYBER SECURITY FRAMEWORKS Cybersecurity Capability Maturity Model The ONG-C2M2 provides a mechanism that helps organizations evaluate, prioritize, and improve cybersecurity capabilities. The model is a common set of industry-vetted cybersecurity practices, arranged according to maturity level. Topics Risk Management Asset, Change, and Configuration Management Identity and Access Management Threat and Vulnerability Management Situational Awareness Information Sharing and Communications Event and Incident Response, Continuity of Operations Supply Chain and External Dependencies Management Workforce Management Cybersecurity Program Management

ADOPTED TSA CYBER SECURITY FRAMEWORKS Pipeline Security Guidelines TSA s Pipeline Security Program is designed to enhance the security preparedness of the nation s hazardous liquid and natural gas pipeline systems. Topics Facility Security Measures Cyber Asset Security Measures General Cyber Security Measures Information Security Coordination and Responsibilities System Lifecycle System Restoration & Recovery Intrusion Detection & Response Training Access Control and Functional Segregation Access Control Vulnerability Assessment

CYBER SECURITY TESTING

NW Natural had an independent security assessment performed on all SCADA systems. This informed how we designed the SCADA environment that we re currently implementing. During our upgrades to the Newport LNG facility, we had one of our key equipment vendors review our planned implementation. CYBER SECURITY TESTING

For cyber security incidents we have developed a plan, and we conduct cyber security incident response exercises. Planned topics include: Customer Data Breach SCADA Web server Incident These exercises allow us to assess our people, processes, and technologies to identify ways to improve. CYBER SECURITY TESTING

SCADA TRANSPORT SECURITY

Firewalls isolate SCADA systems from enterprise systems. Virtual private networks securely connect SCADA networks at different locations. We require employees to logon to jump boxes when connecting into SCADA systems. One of our key projects this year is to enhance these measures. SCADA TRANSPORT SECURITY

BUSINESS NETWORK SCADA NETWORK SCADA SYSTEM EMPLOYEE JUMP BOX SCADA TRANSPORT SECURITY

SCADA SITE A SCADA SITE B MICROWAVE CONTROL SYSTEM A FIREWALL A FIBER/COPPER FIREWALL B CONTROL SYSTEM B VPN A CELLULAR COMMUNICATION VPN B SCADA TRANSPORT SECURITY

AID AGREEMENTS

We are considering mutual aid agreements. For the time being, we are contracting with a commercial incident response provider who provide: Available experts that respond to incidents on a regular basis. Quick response times - contractually in hours, but in practice probably minutes. AID AGREEMENTS

Access Management We require equivalent confidentiality and background checks from our provider. The provider s response would only be initiated by NW Natural. Provider cannot reach into our SCADA environment. AID AGREEMENTS

CONCLUSION NW Natural is: Following strong cyber security frameworks. Conducting cyber security testing. Securing our SCADA transport network. Planning for cyber security augmentation.

QUESTIONS

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback