tawwa erp cyber doug...4/27/2020 3 the cyber threat terrorist criminal nation‐state employee...
TRANSCRIPT
4/27/2020
1
AWIA CYBERSECURITYEMERGENCY RESPONSE PLAN
Agenda• Cyber Resilience
• Risk and Resilience Assessment Recap
• The Cyber ERP Process
• Stumbling Blocks
• Final Thoughts
1
2
4/27/2020
2
Cyber Resilience
What is Cyber ResilienceResilience nounre· sil· ience | \ ri-ˈzil-yən(t)s \Definition of resilience1: the capability of a strained body to recover its size and shape after deformation caused especially by compressive stress2: an ability to recover from or adjust easily to misfortune or change
3
4
4/27/2020
3
The Cyber Threat
Terrorist Criminal Nation‐State
EquipmentEmployee Natural Disaster
Resilience Mindset• Accept that an event WILL happen
• “The Success Equation”• Event + Reaction = Outcome
5
6
4/27/2020
4
RRA Recap
Assessment Principles• Create an Assessment Team
• Operations• Information Technology• Plant Management• Senior / Executive Management
• Determine the Scope • Operational / IT Environment?
• Standards
• Due Diligence
7
8
4/27/2020
5
Tools• VSAT 2.0 (EPA)
• Cybersecurity Guidance and Tool (AWWA)
• Cybersecurity Evaluation Tool (DHS)
Cybersecurity Guidance / Tool (AWWA)• “Voluntary sector specific approach for implementing
applicable cybersecurity controls and recommendations”• Scoping – 22 Questions
9
10
4/27/2020
6
Answering the Questions• Question & Answer
• Is there a documented process?
• Is process known / trained?
• Is process followed?
• Where is the evidence?
Cybersecurity Guidance / Tool (AWWA)• Controls Output
• “Suggested Controls” – must input YOUR status
11
12
4/27/2020
7
Cybersecurity Guidance / Tool (AWWA)• Control Status Summary
The Cyber ERP
13
14
4/27/2020
8
Risk Reduction Controls
IT Disaster Recovery Plan
Risk‐based Immediate Actions
Three Outcomes from RRA
Risk Reduction Controls• Improvement Projects
15
16
4/27/2020
9
Immediate Action• Cyber Incident Response Plan
• Roles / Responsibilities• Identified Risks• Reporting Timelines• Phased Response (next slide)• Contact Lists (Internal / External)• Checklists
Cyber Incident Response PhasesEmployee training, policy,
tools, procedures, governance, etc.
Determine the priority, scope, and root cause of
the incident.
Discovery of the event with tools or notification.
Includes declaration and initial classification.
Identify and isolate affected system. Notify affected
parties and mitigate effects. Communicate!
Post‐incident repair. Notify affected parties.
Regulatory reporting.
After action review for procedural / policy improvements.
17
18
4/27/2020
10
IT Disaster Recovery Plan• Essential Elements
• Roles & Responsibilities• Inventory
• Hardware / Software / System Passwords
• Backups• Communications Plan• Critical Suppliers / Service Providers
• Equipment & Software• Consultants & Vendors
Stumbling Blocks
19
20
4/27/2020
11
I’m glad water isn’t a target!
Energy Defense
Finance Healthcare
This can’t happen to us…
We’re okay… We’re not connected to the Internet…
21
22
4/27/2020
12
IT & Operations will never work together
Final Thoughts
23
24
4/27/2020
13
Final Thoughts
Final Thoughts
Risk Management
Training &
Exercising
Reporting
Accountability
Procure ment
Teamwork
Resilience is ALWAYS a Leadership Issue!
25
26
4/27/2020
14
Final Final Thought
Doug ShortResiliency and Cybersecurity ChairTexas Section [email protected]@defensorsolutions.com
27
28