NW Natural presentation
Transcript of NW Natural presentation
NW NATURAL
CYBERSECURITY
2016.JUNE.16
ADOPTED CYBER SECURITY FRAMEWORKSCYBER SECURITY TESTING
SCADA TRANSPORT SECURITY
QUESTIONSCONCLUSIONAID AGREEMENTS
ADOPTED CYBERSECURITY FRAMEWORKS
THE FOLLOWING FRAMEWORKS PROVIDE COMPLIMENTARY
GUIDANCE:
National Institute of Standards and
Technology (NIST)
DoE Cybersecurity Capability Maturity
Model (C2M2) - Oil and Natural Gas Subsector
TSA Pipeline Security
Guidelines
NISTADOPTED CYBER SECURITY FRAMEWORKS
• “The Framework focuses on using business drivers to guide cybersecurity activities and considering cybersecurity risks as part of the organization’s risk management processes.”
Cybersecurity Framework
Topics• Identify• Protect
• Detect• Respond
• Recover
NISTADOPTED CYBER SECURITY FRAMEWORKS
• Provides guidance on how to adapt the Security and Privacy Controls for Federal Information Systems and Organizations for industrial control systems.
• Very detailed guidance. Designed to apply to any ICS, including SCADA systems.
Guide to ICS Security Topics• Access Control• Awareness and Training• Audit and
Accountability• Security Assessment
and Authorization• Con�guration
Management• Contingency Planning• Identi�cation and
Authentication• Incident Response• Maintenance• Media Protection
• Physical and Environmental Protection
• Planning• Personnel Security• Risk Assessment• System and Services
Acquisition• System and
Communications Protection
• System and Information Integrity
• Program Management
C2M2ADOPTED CYBER SECURITY FRAMEWORKS
• “The ONG-C2M2 provides a mechanism that helps organizations evaluate, prioritize, and improve cybersecurity capabilities. The model is a common set of industry-vetted cybersecurity practices, … arranged according to maturity level.”
Cybersecurity Capability Maturity Model
Topics• Risk Management• Asset, Change, and
Con�guration Management
• Identity and Access Management
• Threat and Vulnerability Management
• Situational Awareness• Information Sharing
and Communications• Event and Incident
Response, Continuity of Operations
• Supply Chain and External Dependencies Management
• Workforce Management• Cybersecurity Program
Management
TSAADOPTED CYBER SECURITY FRAMEWORKS
Topics
• General Cyber Security Measures
• Information Security Coordination and Responsibilities
• System Lifecycle• System Restoration &
Recovery• Intrusion Detection &
Response
Facility Security MeasuresCyber Asset Security Measures
• Training• Access Control and
Functional Segregation
• Access Control• Vulnerability
Assessment
• TSA’s Pipeline Security Program is designed to enhance the security preparedness of the nation’s hazardous liquid and natural gas pipeline systems.
Pipeline Security Guidelines
CYBERSECURITY TESTING
• NW Natural had an independent security assessment performed on all SCADA systems. This informed how we designed the SCADA environment that we’re currently implementing.
• During our upgrades to the Newport LNG facility, we had one of our key equipment vendors review our planned implementation.
CYBER SECURITY TESTING
For cyber security incidents we have developed a plan, and we conduct cyber security incident response exercises. Planned topics include:• Customer Data Breach• SCADA• Web server IncidentThese exercises allow us to assess our people, processes, and technologies to identify ways to improve.
CYBER SECURITY TESTING
SCADA TRANSPORT SECURITY
• Firewalls isolate SCADA systems from enterprise systems.
• Virtual private networks securely connect SCADA networks at di�erent locations.
• We require employees to logon to “jump boxes” when connecting into SCADA systems.
• One of our key projects this year is to enhance these measures.
SCADA TRANSPORT SECURITY
SCADA TRANSPORT SECURITY
SCADANETWORK
SCADASYSTEM
BUSINESSNETWORK
EMPLOYEE
JUMP BOX
SCADASITE B
SCADASITE A
SCADA TRANSPORT SECURITY
CONTROLSYSTEM A FIREWALL A
VPN A
CONTROLSYSTEM BFIREWALL B
VPN BCELLULAR
COMMUNICATION
MICROWAVE
FIBER/COPPER
AID AGREEMENTS
We are considering mutual aid agreements. For the time being, we are contracting with a commercial incident response provider who provide:• Available experts that respond
to incidents on a regular basis.• Quick response times -
contractually in hours, but in practice probably minutes.
AID AGREEMENTS
Access Management• We require equivalent
con�dentiality and background checks from our provider.
• The provider’s response would only be initiated by NW Natural.
• Provider cannot reach into our SCADA environment.
AID AGREEMENTS
CONCLUSIONNW Natural is:• Following strong cyber security
frameworks.• Conducting cyber security testing.• Securing our SCADA transport
network.• Planning for cyber security
augmentation.
QUESTIONS