NW Natural presentation

NW NATURAL

CYBERSECURITY

2016.JUNE.16

ADOPTED CYBER SECURITY FRAMEWORKSCYBER SECURITY TESTING

SCADA TRANSPORT SECURITY

QUESTIONSCONCLUSIONAID AGREEMENTS

ADOPTED CYBERSECURITY FRAMEWORKS

THE FOLLOWING FRAMEWORKS PROVIDE COMPLIMENTARY

GUIDANCE:

National Institute of Standards and

Technology (NIST)

DoE Cybersecurity Capability Maturity

Model (C2M2) - Oil and Natural Gas Subsector

TSA Pipeline Security

Guidelines

NISTADOPTED CYBER SECURITY FRAMEWORKS

• “The Framework focuses on using business drivers to guide cybersecurity activities and considering cybersecurity risks as part of the organization’s risk management processes.”

Cybersecurity Framework

Topics• Identify• Protect

• Detect• Respond

• Recover

NISTADOPTED CYBER SECURITY FRAMEWORKS

• Provides guidance on how to adapt the Security and Privacy Controls for Federal Information Systems and Organizations for industrial control systems.

• Very detailed guidance. Designed to apply to any ICS, including SCADA systems.

Guide to ICS Security Topics• Access Control• Awareness and Training• Audit and

Accountability• Security Assessment

and Authorization• Con�guration

Management• Contingency Planning• Identi�cation and

Authentication• Incident Response• Maintenance• Media Protection

• Physical and Environmental Protection

• Planning• Personnel Security• Risk Assessment• System and Services

Acquisition• System and

Communications Protection

• System and Information Integrity

• Program Management

C2M2ADOPTED CYBER SECURITY FRAMEWORKS

• “The ONG-C2M2 provides a mechanism that helps organizations evaluate, prioritize, and improve cybersecurity capabilities. The model is a common set of industry-vetted cybersecurity practices, … arranged according to maturity level.”

Cybersecurity Capability Maturity Model

Topics• Risk Management• Asset, Change, and

Con�guration Management

• Identity and Access Management

• Threat and Vulnerability Management

• Situational Awareness• Information Sharing

and Communications• Event and Incident

Response, Continuity of Operations

• Supply Chain and External Dependencies Management

• Workforce Management• Cybersecurity Program

Management

TSAADOPTED CYBER SECURITY FRAMEWORKS

Topics

• General Cyber Security Measures

• Information Security Coordination and Responsibilities

• System Lifecycle• System Restoration &

Recovery• Intrusion Detection &

Response

Facility Security MeasuresCyber Asset Security Measures

• Training• Access Control and

Functional Segregation

• Access Control• Vulnerability

Assessment

• TSA’s Pipeline Security Program is designed to enhance the security preparedness of the nation’s hazardous liquid and natural gas pipeline systems.

Pipeline Security Guidelines

CYBERSECURITY TESTING

• NW Natural had an independent security assessment performed on all SCADA systems. This informed how we designed the SCADA environment that we’re currently implementing.

• During our upgrades to the Newport LNG facility, we had one of our key equipment vendors review our planned implementation.

CYBER SECURITY TESTING

For cyber security incidents we have developed a plan, and we conduct cyber security incident response exercises. Planned topics include:• Customer Data Breach• SCADA• Web server IncidentThese exercises allow us to assess our people, processes, and technologies to identify ways to improve.

CYBER SECURITY TESTING

SCADA TRANSPORT SECURITY

• Firewalls isolate SCADA systems from enterprise systems.

• Virtual private networks securely connect SCADA networks at di�erent locations.

• We require employees to logon to “jump boxes” when connecting into SCADA systems.

• One of our key projects this year is to enhance these measures.

SCADA TRANSPORT SECURITY

SCADA TRANSPORT SECURITY

SCADANETWORK

SCADASYSTEM

BUSINESSNETWORK

EMPLOYEE

JUMP BOX

SCADASITE B

SCADASITE A

SCADA TRANSPORT SECURITY

CONTROLSYSTEM A FIREWALL A

VPN A

CONTROLSYSTEM BFIREWALL B

VPN BCELLULAR

COMMUNICATION

MICROWAVE

FIBER/COPPER

AID AGREEMENTS

We are considering mutual aid agreements. For the time being, we are contracting with a commercial incident response provider who provide:• Available experts that respond

to incidents on a regular basis.• Quick response times -

contractually in hours, but in practice probably minutes.

AID AGREEMENTS

Access Management• We require equivalent

con�dentiality and background checks from our provider.

• The provider’s response would only be initiated by NW Natural.

• Provider cannot reach into our SCADA environment.

AID AGREEMENTS

CONCLUSIONNW Natural is:• Following strong cyber security

frameworks.• Conducting cyber security testing.• Securing our SCADA transport

network.• Planning for cyber security

augmentation.

QUESTIONS