Mike Spear, Ops Leader Greg Maciel, Cyber Director INDUSTRIAL CYBER SECURITY PROGRAMS

Similar documents
Safdar Akhtar, Cyber Director Sema Tutucu, Ops Leader 27 September CYBER SECURITY PROGRAM: Policies to Controls

K12 Cybersecurity Roadmap

IC32E - Pre-Instructional Survey

ABB Ability Cyber Security Services Protection against cyber threats takes ability

Cyber security - why and how

Protecting productivity with Industrial Security Services

BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE

Top 10 ICS Cybersecurity Problems Observed in Critical Infrastructure

ACM Retreat - Today s Topics:

Security Aspects Control Rationale Best Practices Self-Assessment (Click all that applicable) 1. Security Policy and Security Management

2017 Annual Meeting of Members and Board of Directors Meeting

Designing and Building a Cybersecurity Program

Chapter 18 SaskPower Managing the Risk of Cyber Incidents 1.0 MAIN POINTS

EMERGING THREATS & STRATEGIES FOR DEFENSE. Paul Fletcher Cyber Security

Mark Littlejohn June 23, 2016 DON T GO IT ALONE. Achieving Cyber Security using Managed Services

SFC strengthens internet trading regulatory controls

Future Challenges and Changes in Industrial Cybersecurity. Sid Snitkin VP Cybersecurity Services ARC Advisory Group

ANATOMY OF AN ATTACK!

ДОБРО ПОЖАЛОВАТЬ SIEMENS AG ENERGY MANAGEMENT

Take Risks in Life, Not with Your Security

Cisco Secure Ops Solution

AT&T Endpoint Security

Technology Risk Management in Banking Industry. Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited

NEN The Education Network

Cyber Security for Process Control Systems ABB's view

NW NATURAL CYBER SECURITY 2016.JUNE.16

Service Provider View of Cyber Security. July 2017

Cyber Hygiene: A Baseline Set of Practices

Securing Industrial Control Systems

CYBERSECURITY MATURITY ASSESSMENT

Why you should adopt the NIST Cybersecurity Framework

Cybersecurity: Considerations for Internal Audit. Gina Gondron Senior Manager Frazier & Deeter Geek Week August 10, 2016

Cybersecurity Risk Mitigation: Protect Your Member Data. Introduction

Education Network Security

THE TRIPWIRE NERC SOLUTION SUITE

Industrial Security Co-Sourcing: Shifting from CapEx to OpEx Presented by Vinicius Strey Manufacturing in America 03/22-23/2017

The SANS Institute Top 20 Critical Security Controls. Compliance Guide

Defense-in-Depth Against Malicious Software. Speaker name Title Group Microsoft Corporation

A Measurement Companion to the CIS Critical Security Controls (Version 6) October

NERC CIP VERSION 6 BACKGROUND COMPLIANCE HIGHLIGHTS

Presenter Jakob Drescher. Industry. Measures used to protect assets against computer threats. Covers both intentional and unintentional attacks.

Ransomware A case study of the impact, recovery and remediation events

Information Security Controls Policy

CCISO Blueprint v1. EC-Council

BERGRIVIER MUNICIPALITY

Enterprise Cybersecurity Best Practices Part Number MAN Revision 006

Cybersecurity Overview

Assessing Your Incident Response Capabilities Do You Have What it Takes?

How do you track devices that have been approved for use? Are you automatically alerted if an unapproved device connects to the network?

Cybersecurity Training

Compliance Audit Readiness. Bob Kral Tenable Network Security

Sneak Peak at CIS Critical Security Controls V 7 Release Date: March Presented by Kelli Tarala Principal Consultant Enclave Security

CyberSecurity: Top 20 Controls

Cyber Protections: First Step, Risk Assessment

ISE North America Leadership Summit and Awards

May 14, :30PM to 2:30PM CST. In Plain English: Cybersecurity and IT Exam Expectations

Department of Management Services REQUEST FOR INFORMATION

Digital Wind Cyber Security from GE Renewable Energy

Industrial Defender ASM. for Automation Systems Management

Cybersecurity for Health Care Providers

Cyber security tips and self-assessment for business

Cybersecurity Auditing in an Unsecure World

Online Services Security v2.1

Internet of Things. The Digital Oilfield: Security in SCADA and Process Control. Mahyar Khosravi

Cybersecurity. Overview. Define Cyber Security Importance of Cyber Security 2017 Cyber Trends Top 10 Cyber Security Controls

Evaluating and Improving Cybersecurity Capabilities of the Electricity Critical Infrastructure

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Malware Outbreak

TOP 10 IT SECURITY ACTIONS TO PROTECT INTERNET-CONNECTED NETWORKS AND INFORMATION

CS 356 Operating System Security. Fall 2013

Defense in Depth Security in the Enterprise

ATS 2017 June 8. Do you need security incidents to come to a good design of your industrial automation network?

2018 WTA Spring Meeting Are You Ready for a Breach? Troy Hawes, Senior Manager

Crises Control Cloud Security Principles. Transputec provides ICT Services and Solutions to leading organisations around the globe.

AUTHORITY FOR ELECTRICITY REGULATION

Centralized Control System Architecture

Meeting PCI DSS 3.2 Compliance with RiskSense Solutions

Functional. Safety and. Cyber Security. Pete Brown Safety & Security Officer PI-UK

Cyber Criminal Methods & Prevention Techniques. By

Cyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK.

SPECIALIST CYBER SECURITY SERVICES & CYBER VULNERABILITY HEALTH CHECK FOR SMALLER COMPANIES

TRAINING DAYS 2017 Using the ISA/IEC Standards to Secure Your Control Systems (IC32) Milan, July 3th 4th

TRAINING WEEK COURSE OUTLINE May RADISSON HOTEL TRINIDAD Port of Spain, Trinidad, W.I.

ICS Security Monitoring

Continuous protection to reduce risk and maintain production availability

How to Conduct a Business Impact Analysis and Risk Assessment

CYBERSECURITY FOR STARTUPS AND SMALL BUSINESSES OVERVIEW OF CYBERSECURITY FRAMEWORKS

Canada Life Cyber Security Statement 2018

EC-Council Certified Network Defender (CND) Duration: 5 Days Method: Instructor-Led

Consolidation Committee Final Report

The GenCyber Program. By Chris Ralph

Kent Landfield, Director Standards and Technology Policy

ARC VIEW. Critical Industries Need Continuous ICS Security Monitoring. Keywords. Summary. By Sid Snitkin

Cyber Security For Utilities Risks, Trends & Standards. IEEE Toronto March 22, Doug Westlund Senior VP, AESI Inc.

Industrial Cyber Security. ICS SHIELD Top-down security for multi-vendor OT assets

Addressing Cyber Threats in Power Generation and Distribution

DEVELOP YOUR TAILORED CYBERSECURITY ROADMAP

Carbon Black PCI Compliance Mapping Checklist

Industrial Security - Protecting productivity. Industrial Security in Pharmaanlagen

An Operational Cyber Security Perspective on Emerging Challenges. Michael Misumi CIO Johns Hopkins University Applied Physics Lab (JHU/APL)

The Common Controls Framework BY ADOBE

Transcription:

Mike Spear, Ops Leader Greg Maciel, Cyber Director INDUSTRIAL CYBER SECURITY PROGRAMS

Can You Answer These Questions? 1 What s my company s exposure to the latest industrial cyber threat? Are my plants compliant with our corporate cyber security directive? >50% of Board of Directors are not satisfied with Leaderships Cyber Issue Management Are there non-sanctioned devices, like USBs, that have been added to plant process control networks? What happens if I have a malware outbreak in my control network? Production impact? Operations staff SOP?

WannaCry so many ways to deal with cyber 2

No Silver Bullet 3 Process - Management System - Through policies and procedures Patch Management Secure Remote Access Anti-virus Backup and Restore Change Management Perimeter Security - Periodic Audits People Weakest link - Training and Awareness - Professional Skills & Qualification - Motivation Technology - Installed and maintained If any part fails you are at risk

Agenda 4 Risk Tolerance Baseline Assessment Mitigate and Measure Risk Incident Response Secure Supply Chain

Define Risk Tolerance 5 Work with leadership Define Acceptable Risk Categorize How Risk Will affect the Business Use this to determine define what needs protection and to what level Industry needs a quick way to reassess risk landscape.

IEC 62443 security levels

C2M2 Maturity Indicator Levels

Security Profile Diagram 13 14 15 16 SL4 9 10 11 12 SL3 5 6 7 8 SL2 1 2 3 4 SL1 MIL0 MIL1 MIL2 MIL3 A protection level (e.g PL 11) fully defines: Security capabilities of all security controls (Security Requirements) Operational capabilities within the organization (Maturity Requirements) What determines our target level? Security Level (SL) is determined by the category attacker relevant for the plant Maturity Indicator Level (MIL) follows the Security Level

Maturity level 1 Maturity Level 2 Maturity Level 3 Maturity Level 4 Levels of Security Security level 4 Typical critical infrastructure: Oil & gas, power, water Security level 3 Security level 2 Security level 1 Where are we today? Non-critical infrastructure Critical infrastructure Typical non-critical infrastructure: Plastics, steel, resins, food, paper, beverages In our security assessments most companies score between SL 1 and SL 2 and ML 1 and ML 2 Classifications of criticality can differ by country!

Baseline Assessment 10 Just like Evel Knievel needs to know how many cars before he jumps ICS needs to know current configuration and security features in order to manage risk

Baseline Assessment 11 Planning Phase - Assessment Team - Assessment Scope & Goals - List of Attack Vectors - Assessment Plan Data Collection Phase - Vulnerability Scan - Configuration Data - Document Collection - Interview Key Personnel Analysis Phase - Evaluation of Vulnerabilities, Patches, Malwares - Attack Surface Analysis - Password Auditing - Log Management Auditing - Network Access Auditing - Evaluation of Network Architecture - Evaluation of Authorized Software and Network Traffic - Configuration Reviews - Policy & Procedure Reviews - Risk Profiling - Risk Mitigation Outcome Execution Gap, Design Gap, Technology Gap Reporting Phase - Detailed Report - Executive Summary Report - Audit Report against ISA 99 - Presentation / Workshop

Manage Risk Take care of High Risk First Recommended Solution Phase 1 High Multi-layered Secure Defense-in-Depth Network Design 12 Implement Mitigation Plan Extend Enterprise Risk Management Policies Institute a plan to regularly measure and Report Risk High High High High Medium Medium Medium Secure Next-Gen Firewall with IPS / Industrial Firewalls Centralized Antivirus & Patch Management System Security Hardening Application White Listing Solution Phase 2 Backup & Restore Centralized Network Monitoring Solution USB Protection Solution Understand Trends Medium Cybersecurity Risk Manager Phase 3 Understand threats Low Low Low Security Information and Event Management (SIEM) Solution Secure Remote Access, Monitoring & Alerting Policies & Procedures Development

Where Do you Want to be?

Incident Response 14 Organize and Formalize plan to Address Incident Response Planning Training Conduct Regular Tests of Cross Functional Teams Find Gaps and Make Improvements Incident Response Repeat Lessons Learned Exercises

Secure Supply Chain 15 Determine which security requirements to convey to suppliers and service providers. Consider tying requirements back to known industry standards for greater cost efficiencies. Lastly, consider holding workshops for your suppliers to clarify requirements, minimizing costs and non-value added activities.

There is no Silver Bullet 16

17

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback