Presentation is loading. Please wait.

Presentation is loading. Please wait.

Douglas DiJulio Director – Enterprise Operations Application Support Cyber Security.

Published byCorey Fitzgerald Modified over 7 years ago

Similar presentations

Presentation on theme: "Douglas DiJulio Director – Enterprise Operations Application Support Cyber Security."— Presentation transcript:

1 Douglas DiJulio Director – Enterprise Operations Application Support Cyber Security

2 Cascade Natural Gas MDU Resources – Parent Company  8,689 employees / Operating in 48 states  Regulated electric and natural gas utilities Cascade Natural Gas Corporation Great Plains Natural Gas Co Intermountain Gas Company Montana-Dakota Utilities Co  Natural gas pipelines and related services  Diesel refining  Construction materials and services

3 Electric and Natural Gas Utilities

4 Cyber Security 1. Perimeter Controls (card key access, fences and locks) 2. People, Policies, Procedures ( CyROC, User Education, Sensitive Data Policy) Cyber Access Control 3. Network Architecture (Firewalls, Routers, Switches, VPNs) 4. Strong Access Control (Active Directory, Domain Security, alerting) 5. Host Security (Operating Systems of Servers/Workstations) 6. Application Security (SCADA, CIS, Database, Web, and others) 7. Unique Security Requirements for what is being protected (PLCs, RTUs, Plant Equip) 7 6 5 4 3 2 1

5 Adopted Cyber Security Framework 20 Critical Security Controls (CSCs) Center for Internet Security  Lists 20 controls that organizations can use to improve their security posture and reduce the risk of cyber threats Prioritized, Specific and Actionable Critical Security Controls 1-5 have been known to stop 85-90% of attacks against organizations today

6 CIS Critical Security Controls 1.Inventory of Authorized and Unauthorized Devices 2.Inventory of Authorized and Unauthorized Software 3.Secure Configurations for Hardware and Software on Mobile Device Laptops, Workstations, and Servers 4.Continuous Vulnerability Assessment and Remediation 5.Controlled Use of Administrative Privileges 6.Maintenance, Monitoring, and Analysis of Audit Logs 7.Email and Web Browser Protections 8.Malware Defenses

7 CIS Critical Security Controls 9.Limitation and Control of Network Ports, Protocols, and Services 10.Data Recovery Capability 11.Secure Configurations for Network Devices such as Firewall Routers, and Switches 12.Boundary Defense 13.Data Protection 14.Controlled Access Based on the Need to Know 15.Wireless Access Control

8 CIS Critical Security Controls 16.Account Monitoring and Control 17.Security Skills Assessment and Appropriate Training to Fill Gaps 18.Application Software Security 19.Incident Response and Management 20.Penetration Tests and Red Team Exercises  Security Assessment  Network Traffic Analysis  External Penetration Test  Internal Penetration Test  Social Engineering

9 Corporate Policies CORP 211 - Cloud, Third Party, and Outsourcing Policy CORP 212 - Database Security Policy CORP 213 - Mobile Device Security and Acceptable Use Policy CORP 214 - Server Security Policy CORP 216 - Workstation Security Policy CORP 226 - Network Security Policy CORP 227 - Remote Access Policy CORP 228 - Wireless Security Policy

10 Corporate Policies CORP 236 - Business Applications Security Policy CORP 237 - Software Development Policy CORP 241 - Business Continuity and Disaster Recovery Policy CORP 242 - Certification and Accreditation Policy CORP 243 - Change Management Policy CORP 244 - Control Exception Policy CORP 247 - Software Update and License Policy CORP 248 - Training, Education, and Awareness Policy

11 Corporate Policies CORP 256 - Access Control and Authorization Policy CORP 257 - Account and Identity Management Policy CORP 258 - Anti-Malware Policy CORP 259 - Authentication Policy CORP 260 - Data Backup and Archiving Policy CORP 261 - Encryption Policy CORP 262 - Logging and Monitoring Policy CORP 263 - Removable Media Policy

12 Corporate Policies CORP 264 - System Decommissioning and Data Destruction Policy CORP 271 - Email Security and Acceptable Use Policy CORP 272 - Internet Security and Acceptable Use Policy CORP 281 - Penetration Testing Policy CORP 282 - Vulnerability Management Policy CORP 283 - Cyber Risk Management Policy

13 Cyber Security Posture Corporate Firewall Anti-Virus Protection (auto update daily) EMS & SCADA isolation Password protected corporate network and applications Password protected mobile devices Screensaver password locks Firewall log monitoring Email spam blocking - Postini Internet website blocker – Websense Online learn the law IT security training Leadership Conference IT lunch and learn Corporate based Security Team CyROC team Quarterly NESSUS Perimeter Scan DDOS with AT&T Domain admins - least privilege Cisco managed wireless standards

14 Cyber Security Posture LANDesk - vulnerability scans & patching GFI Languard - Server scans & patching Two-factor Authentication Required  System Admins  VPN Access Internal auditing involvement / Lead Homeland Security Portal Homeland Security Alerts Security subscription services

15 GAS SCADA The Gas SCADA Network  Separate private network, Isolated from all other corporate networks.  Security & High Availability Compliance  NIST Special Publication 800-82  Guide to Industrial Control Systems (ICS) - R2 (May 2015) Equipment and Service Providers  CenturyLink - Transport  Cisco Systems – Routers and Switches  Check Point Software Technologies Inc. – Firewalls

16 Enclave Cyber Security Assessment Contracted with “Enclave Security” to perform Cyber Security Assessments  2014  2015 (79% increase)  2016 - June 20 th  Interviews  Reviewing technical systems  Results of the scores are directly communicated to the Audit Committee during their Board of Directors meeting.

17 RSA Security Analytics Test Suspicious activity or files Non-standard network traffic Traffic to potentially suspicious destinations Active malware Shadow IT activity Commoditized crime ware Non-standard DNS traffic Clear-text credentials Known exploits Contracted with RSA Security Analytics to capture & analyze network traffic at the primary network ingress/egress point (2-week capture engagement)  Analyze data traffic traversing the entire network  Identify potential malicious or anomalous network behavior:

18 Technology Penetration Test Contracted with “OPTIV” to perform a Cyber Security Penetration Test - Jan thru March 2016 Identify security weaknesses  Attempt to gain access to the network  Identify security threats, vulnerabilities, mitigation strategies Test Series  Perimeter penetration testing  Internal penetration testing  Social Engineering

19 Perimeter Penetration Testing Conducted from the perspective of an attacker originating from the Internet  Assessors did not identify any vulnerabilities that lead to directly accessing sensitive data Issues were identified with lack of configuration standards Issues were identified indicating not all Web servers were configured using best practices Issues found in this assessment require minimal level of effort to remediate

20 Internal Penetration Test Conducted to find vulnerabilities identified internal to the network  Multiple instances were found of end-of-life software that no longer receives vendor patches to address security flaws  Legacy protocols were found that can be exploited by an attacker to gain valid domain credentials and unauthorized access to the network  Password deficiencies, were found including, but not limited to, weak/default passwords and unprotected files shares

21 Social Engineering - Phishing Conducted to evaluate the security awareness and technical controls in place to detect or prevent a social engineering attack  Target Groups IT HR Accounting & Executives  1,100 emails were sent  115 users’ actions allowed the assessor inside the network  Help Desk was notified within 5 minutes of suspicious email being sent

22 Social Engineering – Media Drop Conducted to evaluate security awareness and technical controls in place  Weaponized USB devices when plugged in reported back to the assessor Two devices were plugged into computers on the corporate network; one device was taken off network and plugged in remotely Assessor was not able to compromise network with this assessment

23 Cyber Security – Mutual Aid Agreements Exists between our 4-brands American Gas Association (AGA) - Mutual Assistance Program Master Operations Assistance Agreement (MOAA) I.NW Companies – Regional II.AGA Expanded NW Region III.National Attention Annual Mock Drill IT Requests  Back Office Support, IT Infrastructure, Facilities, Wiring, Communications  Limited access capabilities depending on situation

24 Cyber Security NG – Gas Transmission Operators  No direct connection  Gas Quality and Volume information is exchanged between parties via secure FTP

25 Questions

Download ppt "Douglas DiJulio Director – Enterprise Operations Application Support Cyber Security."

Similar presentations

The Whole/Hole of Security Public (DoD) v. Corporate Carl Bourland US Army Judge Advocate Generals Corps.

The Whole/Hole of Security Public (DoD) v. Corporate Carl Bourland US Army Judge Advocate Generals Corps.
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
Separate Domains of IT Infrastructure

Separate Domains of IT Infrastructure
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Stephen S. Yau CSE 465-591, Fall 2006 1 Security Strategies.

Stephen S. Yau CSE , Fall Security Strategies.
Network security policy: best practices

Network security policy: best practices
Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec

Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec
NUAGA May 22, 2014.  IT Specialist, Utah Department of Technology Services (DTS)  Assigned to Department of Alcoholic Beverage Control  PCI Professional.

NUAGA May 22,  IT Specialist, Utah Department of Technology Services (DTS)  Assigned to Department of Alcoholic Beverage Control  PCI Professional.
Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.

Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.
Security Baseline. Definition A preliminary assessment of a newly implemented system Serves as a starting point to measure changes in configurations and.

Security Baseline. Definition A preliminary assessment of a newly implemented system Serves as a starting point to measure changes in configurations and.
Thomas Levy. Agenda 1.Aims: Reducing Cyber Risk 2.Information Risk Management 3.Secure Configuration 4.Network Security 5.Managing User Access 6.Education.

Thomas Levy. Agenda 1.Aims: Reducing Cyber Risk 2.Information Risk Management 3.Secure Configuration 4.Network Security 5.Managing User Access 6.Education.
Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.

Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.
 INADEQUATE SECURITY POLICIES ›Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA.

 INADEQUATE SECURITY POLICIES ›Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA.
Sample Security Model. Security Model Secure: Identity management & Authentication Filtering and Stateful Inspection Encryption and VPN’s Monitor: Intrusion.

Sample Security Model. Security Model Secure: Identity management & Authentication Filtering and Stateful Inspection Encryption and VPN’s Monitor: Intrusion.
K E M A, I N C. Ten Steps To Secure Control Systems APPA 2005 Conference Session: Securing SCADA Networks from Cyber Attacks Memphis, TN April 18, 2005.

K E M A, I N C. Ten Steps To Secure Control Systems APPA 2005 Conference Session: Securing SCADA Networks from Cyber Attacks Memphis, TN April 18, 2005.
Network and Perimeter Security Paula Kiernan Senior Consultant Ward Solutions.

Network and Perimeter Security Paula Kiernan Senior Consultant Ward Solutions.
Ali Pabrai, CISSP, CSCS ecfirst, chairman & ceo Preparing for a HIPAA Security Audit.

Ali Pabrai, CISSP, CSCS ecfirst, chairman & ceo Preparing for a HIPAA Security Audit.
Note1 (Admi1) Overview of administering security.

Note1 (Admi1) Overview of administering security.
1 1.02 Last Minute Security Compliance - Tips for Those Just Starting 10 th National HIPAA Summit April 7, 2005 Chris Apgar, CISSP – President Apgar &

Last Minute Security Compliance - Tips for Those Just Starting 10 th National HIPAA Summit April 7, 2005 Chris Apgar, CISSP – President Apgar &

Similar presentations

Ads by Google