Cybersecurity and the AWIA · CSET (DHS) • Pros • Consistent, repeatable, easy to use •...
Transcript of Cybersecurity and the AWIA · CSET (DHS) • Pros • Consistent, repeatable, easy to use •...
![Page 1: Cybersecurity and the AWIA · CSET (DHS) • Pros • Consistent, repeatable, easy to use • Tailorable (Basic / Advanced) • Maps to applicable standards for further info • Good](https://reader035.fdocuments.us/reader035/viewer/2022071002/5fbf28add60c5c6e00199eb5/html5/thumbnails/1.jpg)
Cybersecurity and the AWIA
![Page 2: Cybersecurity and the AWIA · CSET (DHS) • Pros • Consistent, repeatable, easy to use • Tailorable (Basic / Advanced) • Maps to applicable standards for further info • Good](https://reader035.fdocuments.us/reader035/viewer/2022071002/5fbf28add60c5c6e00199eb5/html5/thumbnails/2.jpg)
Agenda• General Thoughts• Assessment Principles• Tools• Final Thought
![Page 3: Cybersecurity and the AWIA · CSET (DHS) • Pros • Consistent, repeatable, easy to use • Tailorable (Basic / Advanced) • Maps to applicable standards for further info • Good](https://reader035.fdocuments.us/reader035/viewer/2022071002/5fbf28add60c5c6e00199eb5/html5/thumbnails/3.jpg)
I’m glad water isn’t a target!
Energy Defense
Finance Healthcare
![Page 4: Cybersecurity and the AWIA · CSET (DHS) • Pros • Consistent, repeatable, easy to use • Tailorable (Basic / Advanced) • Maps to applicable standards for further info • Good](https://reader035.fdocuments.us/reader035/viewer/2022071002/5fbf28add60c5c6e00199eb5/html5/thumbnails/4.jpg)
We’re not connected to the Internet…
![Page 5: Cybersecurity and the AWIA · CSET (DHS) • Pros • Consistent, repeatable, easy to use • Tailorable (Basic / Advanced) • Maps to applicable standards for further info • Good](https://reader035.fdocuments.us/reader035/viewer/2022071002/5fbf28add60c5c6e00199eb5/html5/thumbnails/5.jpg)
Cybersecurity is not just an IT issue
![Page 6: Cybersecurity and the AWIA · CSET (DHS) • Pros • Consistent, repeatable, easy to use • Tailorable (Basic / Advanced) • Maps to applicable standards for further info • Good](https://reader035.fdocuments.us/reader035/viewer/2022071002/5fbf28add60c5c6e00199eb5/html5/thumbnails/6.jpg)
IT
SecurityOperations
![Page 7: Cybersecurity and the AWIA · CSET (DHS) • Pros • Consistent, repeatable, easy to use • Tailorable (Basic / Advanced) • Maps to applicable standards for further info • Good](https://reader035.fdocuments.us/reader035/viewer/2022071002/5fbf28add60c5c6e00199eb5/html5/thumbnails/7.jpg)
Assessment Principles• Create an Assessment Team
• Operations• Information Technology• Plant Management• Senior / Executive Management
• Determine the Scope• Standards• Due Diligence
![Page 8: Cybersecurity and the AWIA · CSET (DHS) • Pros • Consistent, repeatable, easy to use • Tailorable (Basic / Advanced) • Maps to applicable standards for further info • Good](https://reader035.fdocuments.us/reader035/viewer/2022071002/5fbf28add60c5c6e00199eb5/html5/thumbnails/8.jpg)
Tools• VSAT 2.0 (EPA)• Cybersecurity Guidance and Tool (AWWA)• Cybersecurity Evaluation Tool (DHS)
![Page 9: Cybersecurity and the AWIA · CSET (DHS) • Pros • Consistent, repeatable, easy to use • Tailorable (Basic / Advanced) • Maps to applicable standards for further info • Good](https://reader035.fdocuments.us/reader035/viewer/2022071002/5fbf28add60c5c6e00199eb5/html5/thumbnails/9.jpg)
Answering the Questions• Question & Answer• Is there a documented process?• Is process known / trained?• Is process followed?• Where is the evidence?
![Page 10: Cybersecurity and the AWIA · CSET (DHS) • Pros • Consistent, repeatable, easy to use • Tailorable (Basic / Advanced) • Maps to applicable standards for further info • Good](https://reader035.fdocuments.us/reader035/viewer/2022071002/5fbf28add60c5c6e00199eb5/html5/thumbnails/10.jpg)
VSAT 2.0 (EPA)• “A tool for assessing risk and resilience and drinking water
and wastewater systems”• Utility Overview
![Page 11: Cybersecurity and the AWIA · CSET (DHS) • Pros • Consistent, repeatable, easy to use • Tailorable (Basic / Advanced) • Maps to applicable standards for further info • Good](https://reader035.fdocuments.us/reader035/viewer/2022071002/5fbf28add60c5c6e00199eb5/html5/thumbnails/11.jpg)
VSAT 2.0 (EPA)• Utility Resilience Index
• 12 Scoping Questions
![Page 12: Cybersecurity and the AWIA · CSET (DHS) • Pros • Consistent, repeatable, easy to use • Tailorable (Basic / Advanced) • Maps to applicable standards for further info • Good](https://reader035.fdocuments.us/reader035/viewer/2022071002/5fbf28add60c5c6e00199eb5/html5/thumbnails/12.jpg)
VSAT 2.0 (EPA)• Qualitative Risk Assessment
![Page 13: Cybersecurity and the AWIA · CSET (DHS) • Pros • Consistent, repeatable, easy to use • Tailorable (Basic / Advanced) • Maps to applicable standards for further info • Good](https://reader035.fdocuments.us/reader035/viewer/2022071002/5fbf28add60c5c6e00199eb5/html5/thumbnails/13.jpg)
VSAT 2.0 (EPA)• Quantitative Risk Assessment
![Page 14: Cybersecurity and the AWIA · CSET (DHS) • Pros • Consistent, repeatable, easy to use • Tailorable (Basic / Advanced) • Maps to applicable standards for further info • Good](https://reader035.fdocuments.us/reader035/viewer/2022071002/5fbf28add60c5c6e00199eb5/html5/thumbnails/14.jpg)
VSAT 2.0 (EPA)• Countermeasure Analysis
![Page 15: Cybersecurity and the AWIA · CSET (DHS) • Pros • Consistent, repeatable, easy to use • Tailorable (Basic / Advanced) • Maps to applicable standards for further info • Good](https://reader035.fdocuments.us/reader035/viewer/2022071002/5fbf28add60c5c6e00199eb5/html5/thumbnails/15.jpg)
VSAT 2.0 (EPA)• Pros
• Full AWIA assessment in single interface• Cons
• Requires significant industry / functional knowledge• Personnel dependent – must be highly trained• Frustrating to use / very involved
![Page 16: Cybersecurity and the AWIA · CSET (DHS) • Pros • Consistent, repeatable, easy to use • Tailorable (Basic / Advanced) • Maps to applicable standards for further info • Good](https://reader035.fdocuments.us/reader035/viewer/2022071002/5fbf28add60c5c6e00199eb5/html5/thumbnails/16.jpg)
Cybersecurity Guidance / Tool (AWWA)• “Voluntary sector specific approach for implementing
applicable cybersecurity controls and recommendations”• Scoping – 22 Questions
![Page 17: Cybersecurity and the AWIA · CSET (DHS) • Pros • Consistent, repeatable, easy to use • Tailorable (Basic / Advanced) • Maps to applicable standards for further info • Good](https://reader035.fdocuments.us/reader035/viewer/2022071002/5fbf28add60c5c6e00199eb5/html5/thumbnails/17.jpg)
Cybersecurity Guidance / Tool (AWWA)• Controls Output
• “Suggested Controls” – must input YOUR status
![Page 18: Cybersecurity and the AWIA · CSET (DHS) • Pros • Consistent, repeatable, easy to use • Tailorable (Basic / Advanced) • Maps to applicable standards for further info • Good](https://reader035.fdocuments.us/reader035/viewer/2022071002/5fbf28add60c5c6e00199eb5/html5/thumbnails/18.jpg)
Cybersecurity Guidance / Tool (AWWA)• Control Status Summary
![Page 19: Cybersecurity and the AWIA · CSET (DHS) • Pros • Consistent, repeatable, easy to use • Tailorable (Basic / Advanced) • Maps to applicable standards for further info • Good](https://reader035.fdocuments.us/reader035/viewer/2022071002/5fbf28add60c5c6e00199eb5/html5/thumbnails/19.jpg)
Cybersecurity Guidance / Tool (AWWA)• Improvement Projects
![Page 20: Cybersecurity and the AWIA · CSET (DHS) • Pros • Consistent, repeatable, easy to use • Tailorable (Basic / Advanced) • Maps to applicable standards for further info • Good](https://reader035.fdocuments.us/reader035/viewer/2022071002/5fbf28add60c5c6e00199eb5/html5/thumbnails/20.jpg)
Cybersecurity Guidance / Tool (AWWA)• Pros
• Sector specific with good documentation• Easy to use / intuitive• Maps to applicable standards for further info• Walks through entire process (scoping – declaration template)
• Cons• Must be integrated with other functional categories to meet full
AWIA requirements
![Page 21: Cybersecurity and the AWIA · CSET (DHS) • Pros • Consistent, repeatable, easy to use • Tailorable (Basic / Advanced) • Maps to applicable standards for further info • Good](https://reader035.fdocuments.us/reader035/viewer/2022071002/5fbf28add60c5c6e00199eb5/html5/thumbnails/21.jpg)
CSET (DHS)• “A desktop software tool that guides users through a step-
by step process to assess control system and IT network security practices against recognized industry standards”
![Page 22: Cybersecurity and the AWIA · CSET (DHS) • Pros • Consistent, repeatable, easy to use • Tailorable (Basic / Advanced) • Maps to applicable standards for further info • Good](https://reader035.fdocuments.us/reader035/viewer/2022071002/5fbf28add60c5c6e00199eb5/html5/thumbnails/22.jpg)
CSET (DHS)• Preparation
• Standard demographic info
![Page 23: Cybersecurity and the AWIA · CSET (DHS) • Pros • Consistent, repeatable, easy to use • Tailorable (Basic / Advanced) • Maps to applicable standards for further info • Good](https://reader035.fdocuments.us/reader035/viewer/2022071002/5fbf28add60c5c6e00199eb5/html5/thumbnails/23.jpg)
CSET (DHS)• Assessment
![Page 24: Cybersecurity and the AWIA · CSET (DHS) • Pros • Consistent, repeatable, easy to use • Tailorable (Basic / Advanced) • Maps to applicable standards for further info • Good](https://reader035.fdocuments.us/reader035/viewer/2022071002/5fbf28add60c5c6e00199eb5/html5/thumbnails/24.jpg)
CSET (DHS)• Results
![Page 25: Cybersecurity and the AWIA · CSET (DHS) • Pros • Consistent, repeatable, easy to use • Tailorable (Basic / Advanced) • Maps to applicable standards for further info • Good](https://reader035.fdocuments.us/reader035/viewer/2022071002/5fbf28add60c5c6e00199eb5/html5/thumbnails/25.jpg)
CSET (DHS)• Pros
• Consistent, repeatable, easy to use• Tailorable (Basic / Advanced) • Maps to applicable standards for further info• Good dashboard and reporting tools
• Cons• Not tailored to water industry• Requires cyber / IT expertise• Must be integrated with other functional categories to meet full
AWIA requirements
![Page 26: Cybersecurity and the AWIA · CSET (DHS) • Pros • Consistent, repeatable, easy to use • Tailorable (Basic / Advanced) • Maps to applicable standards for further info • Good](https://reader035.fdocuments.us/reader035/viewer/2022071002/5fbf28add60c5c6e00199eb5/html5/thumbnails/26.jpg)
Final Thought