Copyright © 2014 American Water Works Association Water Sector Approach to Process Control System Security.

Slides:



Advertisements
Similar presentations
Providing protection from potential security threats that exist for any internet-connected computer is termed e- security. It is important to be able to.
Advertisements

Protection of Information Assets I. Joko Dewanto 1.
Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.
© 2005, QEI Inc. all characteristics subject to change. For clarity purposes, some displays may be simulated. Any trademarks mentioned remain the exclusive.
National Protection and Programs Directorate Department of Homeland Security The Office of Infrastructure Protection Cybersecurity Brief [Date of presentation]
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
Lecture 1: Overview modified from slides of Lawrie Brown.
7.1 Copyright © 2011 Pearson Education, Inc. 7 Chapter Securing Information Systems.
Security strategy. What is security strategy? How an organisation plans to protect and respond to security attacks on their information technology assets.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Trusted Internet Connections. Background Pervasive and sustained cyber attacks against the United States continue to pose a potentially devastating impact.
Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.
Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.
(Geneva, Switzerland, September 2014)
Computer Security: Principles and Practice
Stephen S. Yau CSE , Fall Security Strategies.
Complying With The Federal Information Security Act (FISMA)
The Difficult Road To Cybersecurity Steve Katz, CISSP Security Risk Solutions Steve Katz, CISSP Security.
Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.
Resiliency Rules: 7 Steps for Critical Infrastructure Protection.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
Overview of NIPP 2013: Partnering for Critical Infrastructure Security and Resilience October 2013 DRAFT.
Security Baseline. Definition A preliminary assessment of a newly implemented system Serves as a starting point to measure changes in configurations and.
BUSINESS B1 Information Security.
Prepared by: Dinesh Bajracharya Nepal Security and Control.
1.Too many users 2.Technical factors 3.Organizational factors 4.Environmental factors 5.Poor management decisions Which of the following is not a source.
C8- Securing Information Systems
Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.
Management Information Systems Chapter Eight Securing Information Systems Md. Golam Kibria Lecturer, Southeast University.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Basic Security Networking for Home and Small Businesses – Chapter 8.
Chapter 1 Overview The NIST Computer Security Handbook defines the term Computer Security as:
Project co-funded by the European Commission within the 7th Framework Program (Grant Agreement No ) Business Convergence WS#2 Smart Grid Technologies.
Lecture slides prepared for “Computer Security: Principles and Practice”, 3/e, by William Stallings and Lawrie Brown, Chapter 1 “Overview”. © 2016 Pearson.
Cyber Insecurity Under Attack Cyber Security Past, present and future Patricia Titus Chief Information Security Officer Unisys Corporation.
Topic 5: Basic Security.
Last Minute Security Compliance - Tips for Those Just Starting 10 th National HIPAA Summit April 7, 2005 Chris Apgar, CISSP – President Apgar &
Weaving Security Blankets Make your own bespoke defensive toolkit Presentation by Max Cizauskas For BSides Toronto 2015.
1 1 Cybersecurity : Optimal Approach for PSAPs FCC Task Force on Optimal PSAP Architecture Working Group 1 Final Report December 10 th, 2015.
Module 12: Responding to Security Incidents. Overview Introduction to Auditing and Incident Response Designing an Audit Policy Designing an Incident Response.
Chapter 7 1Artificial Intelligent. OBJECTIVES Explain why information systems need special protection from destruction, error, and abuse Assess the business.
Introduction to ITIL and ITIS. CONFIDENTIAL Agenda ITIL Introduction  What is ITIL?  ITIL History  ITIL Phases  ITIL Certification Introduction to.
IS3220 Information Technology Infrastructure Security
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
Information Systems Design and Development Security Risks Computing Science.
Information Security tools for records managers Frank Rankin.
Information Security Office: Function, Alignment in the Organization, Goals, and Objectives Presentation to Sacramento PMO March 2011 Kevin Dickey.
PCs ENVIRONMENT and PERIPHERALS Lecture 10. Computer Threats: - Computer threats: - It means anything that has the potential to cause serious harm to.
Program Overview and 2015 Outlook Finance & Administration Committee Meeting February 10, 2015 Sheri Le, Manager of Cybersecurity RTD.
Lecturer: Eng. Mohamed Adam Isak PH.D Researcher in CS M.Sc. and B.Sc. of Information Technology Engineering, Lecturer in University of Somalia and Mogadishu.
March 23, 2015 Missouri Public Service Commission | Jefferson City, MO.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 17 – IT Security.
Cyber Security Phillip Davies Head of Content, Cyber and Investigations.
Securing Information Systems
Information Systems Security
Instructor Materials Chapter 7 Network Security
Cybersecurity Policies & Procedures ICA
Cybersecurity EXERCISE (CE) ATD Scenario intro
Securing Information Systems
IS4680 Security Auditing for Compliance
Security as Risk Management
Cybersecurity ATD technical
Networking for Home and Small Businesses – Chapter 8
Crime committed using a computer and the internet to steal a person’s identity or illegal imports or malicious programs cybercrime is nothing but where.
Networking for Home and Small Businesses – Chapter 8
Networking for Home and Small Businesses – Chapter 8
CMGT/431 INFORMATION SYSTEMS SECURITY The Latest Version // uopcourse.com
CMGT 431 CMGT431 cmgt 431 cmgt431 Entire Course // uopstudy.com
Presentation transcript:

Copyright © 2014 American Water Works Association Water Sector Approach to Process Control System Security

Risk & Resilience ⇔ All-Hazards Approach

Context for Cybersecurity Implement Intrusion Detection System (IDS) Source: Idaho National Labs

How to think about Cybersecurity? How would our operations change if you lost SCADA? How sure are you that your SCADA system is secure? When was the last time you performed a cyber security vulnerability assessment? What would be the impact to your organizations if you are aware of vulnerabilities and did nothing?

Key Features of Cyber Security 1. Integrate protective concepts into organizational culture, leadership and daily operations 2. Identify and support protective program priorities, resources and utility-specific measures 3. Employ protocols for detection of contamination 4. Assess risks and review vulnerability assessments (VAs) 5. Establish facility and information access control 6. Incorporate resiliency concepts into physical infrastructure 7. Prepare, test, and update emergency response and business continuity plans 8. Develop partnerships with first responders, managers of critical interdependent infrastructure, other utilities and response organizations 9. Develop and implement internal and external communication strategies 10. Monitor incidents and threat-level information

Types of Attacks - Denial of Service: Flooding a resource (a network or Web server) with thousands of false requests so as to crash or make the resource unavailable to its intended users - Spyware: Monitors user activity - Trojan Horse: Malicious file or program that disguises itself as a legitimate file or program - Virus: Attaches to existing programs, then replicates and spreads from one computer to another - Worm: Malicious file that replicates itself and spreads to other computers - Sniffer: Monitors information traveling over a network - Key Loggers: Records and transmits keystrokes and transmits to the originator - Phishing: Fake websites or messages that look genuine and ask users for confidential personal data

Water Sector Approach Process Control System Security Guidance for the Water Sector (WITAF #503) Develop water sector guidance that provides a consistent and repeatable recommended course of action to reduce vulnerabilities in process control systems. Target audience for this resource are water utility general managers, chief information officers and utility directors with oversight and responsibility for process control systems. Aligns with sector and national priorities, fulfills need for sector-specific guidance as specified in EO Released February 2014, 6

Utility Driven Organized based on HOW the utility uses or operates their process control system It does NOT evaluate current security profile Generates prioritized list of controls that empowers utility to consider appropriate actions to reduce potential vulnerabilities 7

8 Use-Case Tool 82 Cybersecurity Controls Use Cases describe PCS and cyber exposure Tool determines which controls apply to selected Use Cases and at which priority (1 – 4) Priority 1 – do immediately; Priority 4 – important, but not urgent Tool does not assess current situation

One Step at a Time AWWA Guidance & Use-Case Tool Aligns w/NIST Cyber Framework Cyber Security Evaluation Tool (CSET®) Assessment of policy & procedures relative to NIST & NIST Design Architectural Review (DAR) Evaluates network access/egress, design, configuration, applications and rules. Network Architecture Verification and Validation (NAVV) Baseline network architecture, communication protocols, discover rogue connections, & identify configuration errors. Supported by ICS-CERT

14 Summary Guidance and Use Case Tool can be Select Use Cases based on utility PCS architecture Tool produces list of recommended cybersecurity controls arranged by priority (1 – 4) Utility should review current state and develop plan to implement recommendations not currently addressed

Summary …. American Water Works Association has issued "Process Control System Security Guidance for the Water Sector" and a supporting "Use-Case Tool." This guidance identifies prioritized actions to reduce cybersecurity risk at a water or wastewater facility. The cybersecurity actions are aligned with the Cybersecurity Framework. This tool is serving as implementation guidance for the Cybersecurity Framework in the Water and Wastewater Systems sector. - USEPA, May 2014

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.