nw natural presentation
TRANSCRIPT
NW NATURAL
CYBERSECURITY
2016.JUNE.16
ADOPTED CYBER SECURITY FRAMEWORKSCYBER SECURITY TESTING
SCADA TRANSPORT SECURITY
QUESTIONSCONCLUSIONAID AGREEMENTS
ADOPTED CYBERSECURITY FRAMEWORKS
THE FOLLOWING FRAMEWORKS PROVIDE COMPLIMENTARY
GUIDANCE:
National Institute of Standards and
Technology (NIST)
DoE Cybersecurity Capability Maturity
Model (C2M2) - Oil and Natural Gas Subsector
TSA Pipeline Security
Guidelines
NISTADOPTED CYBER SECURITY FRAMEWORKS
• “The Framework focuses on using business drivers to guide cybersecurity activities and considering cybersecurity risks as part of the organization’s risk management processes.”
Cybersecurity Framework
Topics• Identify• Protect
• Detect• Respond
• Recover
NISTADOPTED CYBER SECURITY FRAMEWORKS
• Provides guidance on how to adapt the Security and Privacy Controls for Federal Information Systems and Organizations for industrial control systems.
• Very detailed guidance. Designed to apply to any ICS, including SCADA systems.
Guide to ICS Security Topics• Access Control• Awareness and Training• Audit and
Accountability• Security Assessment
and Authorization• Con�guration
Management• Contingency Planning• Identi�cation and
Authentication• Incident Response• Maintenance• Media Protection
• Physical and Environmental Protection
• Planning• Personnel Security• Risk Assessment• System and Services
Acquisition• System and
Communications Protection
• System and Information Integrity
• Program Management
C2M2ADOPTED CYBER SECURITY FRAMEWORKS
• “The ONG-C2M2 provides a mechanism that helps organizations evaluate, prioritize, and improve cybersecurity capabilities. The model is a common set of industry-vetted cybersecurity practices, … arranged according to maturity level.”
Cybersecurity Capability Maturity Model
Topics• Risk Management• Asset, Change, and
Con�guration Management
• Identity and Access Management
• Threat and Vulnerability Management
• Situational Awareness• Information Sharing
and Communications• Event and Incident
Response, Continuity of Operations
• Supply Chain and External Dependencies Management
• Workforce Management• Cybersecurity Program
Management
TSAADOPTED CYBER SECURITY FRAMEWORKS
Topics
• General Cyber Security Measures
• Information Security Coordination and Responsibilities
• System Lifecycle• System Restoration &
Recovery• Intrusion Detection &
Response
Facility Security MeasuresCyber Asset Security Measures
• Training• Access Control and
Functional Segregation
• Access Control• Vulnerability
Assessment
• TSA’s Pipeline Security Program is designed to enhance the security preparedness of the nation’s hazardous liquid and natural gas pipeline systems.
Pipeline Security Guidelines
CYBERSECURITY TESTING
• NW Natural had an independent security assessment performed on all SCADA systems. This informed how we designed the SCADA environment that we’re currently implementing.
• During our upgrades to the Newport LNG facility, we had one of our key equipment vendors review our planned implementation.
CYBER SECURITY TESTING
For cyber security incidents we have developed a plan, and we conduct cyber security incident response exercises. Planned topics include:• Customer Data Breach• SCADA• Web server IncidentThese exercises allow us to assess our people, processes, and technologies to identify ways to improve.
CYBER SECURITY TESTING
SCADA TRANSPORT SECURITY
• Firewalls isolate SCADA systems from enterprise systems.
• Virtual private networks securely connect SCADA networks at di�erent locations.
• We require employees to logon to “jump boxes” when connecting into SCADA systems.
• One of our key projects this year is to enhance these measures.
SCADA TRANSPORT SECURITY
SCADA TRANSPORT SECURITY
SCADANETWORK
SCADASYSTEM
BUSINESSNETWORK
EMPLOYEE
JUMP BOX
SCADASITE B
SCADASITE A
SCADA TRANSPORT SECURITY
CONTROLSYSTEM A FIREWALL A
VPN A
CONTROLSYSTEM BFIREWALL B
VPN BCELLULAR
COMMUNICATION
MICROWAVE
FIBER/COPPER
AID AGREEMENTS
We are considering mutual aid agreements. For the time being, we are contracting with a commercial incident response provider who provide:• Available experts that respond
to incidents on a regular basis.• Quick response times -
contractually in hours, but in practice probably minutes.
AID AGREEMENTS
Access Management• We require equivalent
con�dentiality and background checks from our provider.
• The provider’s response would only be initiated by NW Natural.
• Provider cannot reach into our SCADA environment.
AID AGREEMENTS
CONCLUSIONNW Natural is:• Following strong cyber security
frameworks.• Conducting cyber security testing.• Securing our SCADA transport
network.• Planning for cyber security
augmentation.
QUESTIONS