Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cybersecurity Special Public Meeting/Commission Workshop for Natural Gas Utilities September 27, 2018.

Published byWilla Harmon Modified over 6 years ago

Similar presentations

Presentation on theme: "Cybersecurity Special Public Meeting/Commission Workshop for Natural Gas Utilities September 27, 2018."— Presentation transcript:

1 Cybersecurity Special Public Meeting/Commission Workshop for Natural Gas Utilities September 27, 2018

2 Planning - Governance CIO / CSO Board of Directors
Enterprise Security Committee Director of Infrastructure and Security Guest Speakers Regular Reporting Conferences Sr. Security Manager An overview of your utility’s cybersecurity personnel, detailing individuals that have specifically assigned cybersecurity responsibility, and other personnel that may assist in cybersecurity as only a percentage of their overall duties. Security Workgroups

3 Planning - Governance Enterprise Security Committee
Members Dir. of Transmission Ops Dir. of IT and Security Dir. of Generation & Production Mgr. of Reliability Compliance Dir. of Corporate Communications Dir. of Electrical Engineering Sr. Legal Counsel Dir. Human Resources Dir. Environmental Affairs Dir. of Planning & Asset Management Dir of Natural Gas Enterprise Security Committee Work Groups An overview of your utility’s cybersecurity personnel, detailing individuals that have specifically assigned cybersecurity responsibility, and other personnel that may assist in cybersecurity as only a percentage of their overall duties.

4 Planning- Security Staff
Sr. Security Manager Physical Security Engineer Business Continuity / Emergency Management Security Architect Security Engineer Security Engineer - SCADA Security Engineer - Compliance Security Team Lead Access Administration Security Analyst An overview of your utility’s cybersecurity personnel, detailing individuals that have specifically assigned cybersecurity responsibility, and other personnel that may assist in cybersecurity as only a percentage of their overall duties.

5 Planning – Policy Introduction and Scope 400 Configuration Management Policy Introduction 400 Policy Objective Scope 400 Policy Statements Exceptions to the Cyber Security Policy 400.1 Change Management Security Risk Management 400.2 Patch Management 500 System Acquisition, Development & Maintenance Policy Security Awareness 500 Policy Objective Incident Response Management 500 Policy Statements Information Management 500.1 System Assessments 100 - Physical Security Policy 500.2 System Acquisition 100 - Policy Objective 500.3 System Development 500.4 System Maintenance 100 - Policy Statements 600 - System and Information Protection Policy 100.1 Physical Security 600 - Policy Objective 200 - Exception Request Policy 600 - Policy Statements 200 - Policy Objective 600.1 Anti-Virus software 200 - Policy Statements 600.2 Network Protection 600.3 Encryption 200.1 Exception Request Policy 600.4 File Integrity Monitoring (FIM) 300 - Access Control Policy 600.5 Authorized and Unauthorized Devices 300 - Policy Objective 600.6 Secure Configurations for Avista Systems 300 - Policy Statements 600.7 Wireless Device Control 600.8 Secure Communications 300.1 Access Control 600.9 Audit Logs 300.2 Separation of Duties Audit Log Storage 300.3 Account Management Time Synchronization 300.4 Password Management Logon Banner Media Protection 300.5 Account Time-outs An overview of your utility’s cybersecurity policy, strategy, or governing document, including how it incorporates both cyber and physical security components. An explanation of how your utility’s cybersecurity policy is audited.

6 Standards - Cyber Security Framework
Describe how your utility prioritizes the implementation of new cybersecurity systems, components and functions. An overview of your utility’s cybersecurity framework.

7 Standards – Effectiveness
An overview of your utility’s process to determine the effectiveness of the current cybersecurity policy and plan, including the frequency of the evaluation. An overview of what needs to happen for improvement actions to take place with regard to your utility’s cybersecurity policy and plan, including any hindrances and what can be done to overcome them). An explanation about the frequency in which your utility’s cybersecurity plan is updated. An explanation about the frequency in which your utility’s cybersecurity plan is tested.

8 Reporting Cybersecurity reporting
An overview of how and when your utility reports cyberattacks, and the threshold for reporting cyberattacks.

9 Partnerships An overview of your utility’s cybersecurity partnerships (i.e. Emergency management/law enforcement, Department of Homeland Security, fellow utilities, Fusion centers, etc.). An explanation of how and when your utility interacts with the National Cyber Security Division of the U.S. Department of Homeland Security.

10 Procurement Vendor and device selection Background checks Employees
Vendors An overview of your utility’s cybersecurity criteria used for vendor and device selection, and the guidance you follow to ensure that your procurement language is both specific and comprehensive enough to result in acquiring secure components and systems. An overview describing personnel surety/background checks performed on those with access to key cyber components, including vendors and other third parties that have access to key cyber systems screened. An overview of your utility’s cybersecurity personnel, detailing individuals that have specifically assigned cybersecurity responsibility, and other personnel that may assist in cybersecurity as only a percentage of their overall duties.

11 Risk Management Risk prioritization Vulnerability assessments Internal
External Risk impacts An overview of how your utility prioritizes risks, including the criteria used to prioritize risks, and how often the priority list is updated. An overview explaining who your utility is using to perform vulnerability assessments (i.e. internal personnel or external personnel, such as a third party). An overview of your utility’s process for looking at consequences of cyber incidents that informs your risk management process.

12 Response & Recovery: Response and recovery plans Responsibility
Exercises Sharing & mutual defense Communication plan to address customer perceptions An overview of your utility’s cybersecurity response and recovery coordination plan, including but not limited to, who in your utility oversees response and recovery, any participation in sharing analysis, and mitigation measures with other companies as part of a mutual network of defense, and communication plan to address customer perceptions and expectations when their service has been impacted by a cyberattack event. 

13 Questions?

Download ppt "Cybersecurity Special Public Meeting/Commission Workshop for Natural Gas Utilities September 27, 2018."

Similar presentations

Dr Lami Kaya LamiKaya@gmail.com ISO 27001 Information Security Management System (ISMS) Certification Overview Dr Lami Kaya LamiKaya@gmail.com.

Dr Lami Kaya ISO Information Security Management System (ISMS) Certification Overview Dr Lami Kaya
Ensure the Disaster Housing Strategy is institutionalized throughout the jurisdiction Identify a process to update and maintain the Disaster Housing Strategy.

Ensure the Disaster Housing Strategy is institutionalized throughout the jurisdiction Identify a process to update and maintain the Disaster Housing Strategy.
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
Security Controls – What Works

Security Controls – What Works
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.

Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.

Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.
ISO 17799: Standard for Security Ellie Myler & George Broadbent, The Information Management Journal, Nov/Dec ‘06 Presented by Bhavana Reshaboina.

ISO 17799: Standard for Security Ellie Myler & George Broadbent, The Information Management Journal, Nov/Dec ‘06 Presented by Bhavana Reshaboina.
NIST framework vs TENACE Protect Function (Sestriere, 21-23 Gennaio 2015)

NIST framework vs TENACE Protect Function (Sestriere, Gennaio 2015)
Information Security Governance in Higher Education Policy2004 The EDUCAUSE Policy Conference Gordon Wishon EDUCAUSE/Internet 2 Security Task Force This.

Information Security Governance in Higher Education Policy2004 The EDUCAUSE Policy Conference Gordon Wishon EDUCAUSE/Internet 2 Security Task Force This.
Network security policy: best practices

Network security policy: best practices
Developing a Security Policy Chapter 2. Learning Objectives Understand why a security policy is an important part of a firewall implementation Determine.

Developing a Security Policy Chapter 2. Learning Objectives Understand why a security policy is an important part of a firewall implementation Determine.
Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec

Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec
INFORMATION SECURITY GOVERNANCE (ISG) Relates to the security of information systems Is an element of corporate governance.

INFORMATION SECURITY GOVERNANCE (ISG) Relates to the security of information systems Is an element of corporate governance.
K E M A, I N C. NERC Cyber Security Standards and August 14 th Blackout Implications OSI PI User Group April 20, 2004 Joe Weiss

K E M A, I N C. NERC Cyber Security Standards and August 14 th Blackout Implications OSI PI User Group April 20, 2004 Joe Weiss
Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.

Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.
SMS Operation.  Internal safety (SMS) audits are used to ensure that the structure of an SMS is sound.  It is also a formal process to ensure continuous.

SMS Operation.  Internal safety (SMS) audits are used to ensure that the structure of an SMS is sound.  It is also a formal process to ensure continuous.
Chapter Three IT Risks and Controls.

Chapter Three IT Risks and Controls.
Thomas Levy. Agenda 1.Aims: Reducing Cyber Risk 2.Information Risk Management 3.Secure Configuration 4.Network Security 5.Managing User Access 6.Education.

Thomas Levy. Agenda 1.Aims: Reducing Cyber Risk 2.Information Risk Management 3.Secure Configuration 4.Network Security 5.Managing User Access 6.Education.
Roles and Responsibilities

Roles and Responsibilities
Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.

Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.

Similar presentations

Ads by Google