Transcription
4/27/2020AWIA CYBERSECURITYEMERGENCY RESPONSE PLAN1Agenda Cyber Resilience Risk and Resilience Assessment Recap The Cyber ERP Process Stumbling Blocks Final Thoughts21
4/27/2020Cyber Resilience3What is Cyber ResilienceResilience nounre·sil·ience \ ri-ˈzil-yən(t)s \Definition of resilience1: the capability of a strained body to recoverits size and shape after deformation causedespecially by compressive stress2: an ability to recover from or adjust easilyto misfortune or change42
4/27/2020The Cyber ThreatTerroristEmployeeCriminalNatural DisasterNation‐StateEquipment5Resilience Mindset Accept that an event WILL happen “The Success Equation” Event Reaction Outcome63
4/27/2020RRA Recap7Assessment Principles Create an Assessment Team OperationsInformation TechnologyPlant ManagementSenior / Executive Management Determine the Scope Operational / IT Environment? Standards Due Diligence84
4/27/2020Tools VSAT 2.0 (EPA) Cybersecurity Guidance and Tool (AWWA) Cybersecurity Evaluation Tool (DHS)9Cybersecurity Guidance / Tool (AWWA) “Voluntary sector specific approach for implementingapplicable cybersecurity controls and recommendations” Scoping – 22 Questions105
4/27/2020Answering the Questions Question & Answer Is there a documented process? Is process known / trained? Is process followed? Where is the evidence?11Cybersecurity Guidance / Tool (AWWA) Controls Output “Suggested Controls” – must input YOUR status126
4/27/2020Cybersecurity Guidance / Tool (AWWA) Control Status Summary13The Cyber ERP147
4/27/2020Three Outcomes from RRARisk ReductionControlsRisk‐basedImmediateActionsIT DisasterRecovery Plan15Risk Reduction Controls Improvement Projects168
4/27/2020Immediate Action Cyber Incident Response Plan Roles / ResponsibilitiesIdentified RisksReporting TimelinesPhased Response (next slide)Contact Lists (Internal / External)Checklists17Cyber Incident Response PhasesAfter action review forprocedural / policyimprovements.Post‐incident repair. Notifyaffected parties.Regulatory reporting.Determine the priority,scope, and root cause ofthe incident.Employee training, policy,tools, procedures,governance, etc.Discovery of the event withtools or notification.Includes declaration andinitial classification.Identify and isolate affectedsystem. Notify affectedparties and mitigate effects.Communicate!189
4/27/2020IT Disaster Recovery Plan Essential Elements Roles & Responsibilities Inventory Hardware / Software / SystemPasswords Backups Communications Plan Critical Suppliers / Service Providers Equipment & Software Consultants & Vendors19Stumbling Blocks2010
4/27/2020This can’t happen to us I’m glad waterisn’t a target!FinanceHealthcareEnergyDefense21We’re okay We’re not connected to the Internet 2211
4/27/2020IT & Operations will never work together23Final Thoughts2412
4/27/2020Final Thoughts25Final isingRiskManagementAccountabilityResilience is ALWAYS a Leadership Issue!2613
4/27/2020Final Final Thought27Doug ShortResiliency and Cybersecurity ChairTexas Section 2814
4/27/2020 9 Immediate Action Cyber Incident Response Plan Roles / Responsibilities Identified Risks Reporting Timelines Phased Response (next slide) Contact Lists (Internal / External) Checklists Cyber Incident Response Phases Employee training, policy, tools, procedures, governance, etc.
