cybersecurity and infrastructure security agency ...€¦ · physical, supply chain, and...
TRANSCRIPT
![Page 1: Cybersecurity and Infrastructure Security Agency ...€¦ · physical, supply chain, and cybersecurity issues that may arise from the spread of Novel Coronavirus, or COVID-19. •](https://reader036.vdocuments.site/reader036/viewer/2022070111/604cee38ae485a7e051f88e3/html5/thumbnails/1.jpg)
Change Presenter’s NameAnd Date in Slide Master
Cybersecurity Services for the Water Sector
Ron Ford, CISM, MSIARegional Cyber Security Advisor, New EnglandCybersecurity Advisor ProgramCybersecurity and Infrastructure Security Agency
![Page 2: Cybersecurity and Infrastructure Security Agency ...€¦ · physical, supply chain, and cybersecurity issues that may arise from the spread of Novel Coronavirus, or COVID-19. •](https://reader036.vdocuments.site/reader036/viewer/2022070111/604cee38ae485a7e051f88e3/html5/thumbnails/2.jpg)
2
![Page 3: Cybersecurity and Infrastructure Security Agency ...€¦ · physical, supply chain, and cybersecurity issues that may arise from the spread of Novel Coronavirus, or COVID-19. •](https://reader036.vdocuments.site/reader036/viewer/2022070111/604cee38ae485a7e051f88e3/html5/thumbnails/3.jpg)
3
Focused on Critical InfrastructureCritical infrastructure
refers to the assets, systems, and networks, whether cyber or physical, so vital to the Nation that their incapacitation ordestruction would havea debilitating effect onnational security, theeconomy, public health or safety, and our way of life.
![Page 4: Cybersecurity and Infrastructure Security Agency ...€¦ · physical, supply chain, and cybersecurity issues that may arise from the spread of Novel Coronavirus, or COVID-19. •](https://reader036.vdocuments.site/reader036/viewer/2022070111/604cee38ae485a7e051f88e3/html5/thumbnails/4.jpg)
4
CISA mission: Lead the Nation’s efforts to understand and manage risk to our critical infrastructure.
In support of that mission: Cybersecurity Advisors (CSAs):
• Assess: Evaluate critical infrastructure cyber risk.
• Promote: Encourage best practices and risk mitigation strategies.
• Build: Initiate, develop capacity, and support cyber communities-of-interest and working groups.
• Educate: Inform and raise awareness.
• Listen: Collect stakeholder requirements.
• Coordinate: Bring together incident support and lessons learned.
Cybersecurity Advisor Program
![Page 5: Cybersecurity and Infrastructure Security Agency ...€¦ · physical, supply chain, and cybersecurity issues that may arise from the spread of Novel Coronavirus, or COVID-19. •](https://reader036.vdocuments.site/reader036/viewer/2022070111/604cee38ae485a7e051f88e3/html5/thumbnails/5.jpg)
CISA Insights – 18 MAR 2020 – COVID-19
• Risk Management for Novel Coronavirus (COVID-19)
• This product is for executives to help them think through physical, supply chain, and cybersecurity issues that may arise from the spread of Novel Coronavirus, or COVID-19.
• What’s in this guide:• Actions for Infrastructure Protection • Actions for your Supply Chain • Cybersecurity for Organizations • Cybersecurity Actions for your Workforce and Consumers
• To stay current with CISA’s efforts regarding the COVID-19, visit: cisa.gov/coronavirus.
![Page 6: Cybersecurity and Infrastructure Security Agency ...€¦ · physical, supply chain, and cybersecurity issues that may arise from the spread of Novel Coronavirus, or COVID-19. •](https://reader036.vdocuments.site/reader036/viewer/2022070111/604cee38ae485a7e051f88e3/html5/thumbnails/6.jpg)
CISA Insights – 18 MAR 2020 – COVID-19
• CISA’s view on essential workers
• Telework Guidance
• COVID-19 Cyber Alert
• Visit the CDC website, or contact CDC for COVID-19-related issues or to share critical and timely information by sending an email to [email protected] and [email protected] or by calling 1-800-232-4636
![Page 7: Cybersecurity and Infrastructure Security Agency ...€¦ · physical, supply chain, and cybersecurity issues that may arise from the spread of Novel Coronavirus, or COVID-19. •](https://reader036.vdocuments.site/reader036/viewer/2022070111/604cee38ae485a7e051f88e3/html5/thumbnails/7.jpg)
7
• Consider your health.
• How do you become healthy?
• Can you buy good health?
• Can you “manufacture” good health?
• You can’t buy it in a product.
• Good health and resilience are both emergent properties.
• They develop – or emerge – from what we do.
Resilience Emerges From What You Do
![Page 8: Cybersecurity and Infrastructure Security Agency ...€¦ · physical, supply chain, and cybersecurity issues that may arise from the spread of Novel Coronavirus, or COVID-19. •](https://reader036.vdocuments.site/reader036/viewer/2022070111/604cee38ae485a7e051f88e3/html5/thumbnails/8.jpg)
8
• Periodic assessments are essential for resilience, helping you:
• Measure your cybersecurity efforts
• Manage improvements over time
Criticality of Periodic Assessments
![Page 9: Cybersecurity and Infrastructure Security Agency ...€¦ · physical, supply chain, and cybersecurity issues that may arise from the spread of Novel Coronavirus, or COVID-19. •](https://reader036.vdocuments.site/reader036/viewer/2022070111/604cee38ae485a7e051f88e3/html5/thumbnails/9.jpg)
9
Working toward Cyber Resilience
Follow a framework or general approach to cyber resilience. One successful approach includes:
IdentifyServices
Create Asset Inventory
Protect & SustainAssets
Manage Disruptions
Exerciseand Improve
Identify and prioritize services
Identify assets and align assets to services and inventory assets
Establish risk management, resilience requirements, control objectives, and controls
Establish continuity requirements for assets and develop service continuity plans
Define objectives for cyber exercises, perform exercises, and evaluate results
Process Management and Improvement
![Page 10: Cybersecurity and Infrastructure Security Agency ...€¦ · physical, supply chain, and cybersecurity issues that may arise from the spread of Novel Coronavirus, or COVID-19. •](https://reader036.vdocuments.site/reader036/viewer/2022070111/604cee38ae485a7e051f88e3/html5/thumbnails/10.jpg)
10
Sampling of Cybersecurity Offerings
Preparedness Assistance:
•Cybersecurity Advisors• Advisory Services• Assessments•Working group collaboration•Best Practices • Incident assistance coordination
•Protective Security Advisors • Assessments• Incident liaisons between government and private sector•Support for National Special Security Events
![Page 11: Cybersecurity and Infrastructure Security Agency ...€¦ · physical, supply chain, and cybersecurity issues that may arise from the spread of Novel Coronavirus, or COVID-19. •](https://reader036.vdocuments.site/reader036/viewer/2022070111/604cee38ae485a7e051f88e3/html5/thumbnails/11.jpg)
11
• Cyber Resilience Review (Strategic)
• External Dependencies Management (Strategic)
• Cyber Infrastructure Survey (Strategic)
• Cybersecurity Evaluations Tool (Strategic/Technical)
• Phishing Campaign Assessment (EVERYONE)
• Vulnerability Scanning / Hygiene (Technical)
• Validated Architecture Design Review (Technical)
• Risk and Vulnerability Assessment (Technical)
Range of Cybersecurity Assessments (Voluntary & No-Cost to You)
TECHNICAL(Network-Administrator Level)
STRATEGIC(C-Suite Level)
Tech
nica
lS
trat
egic
![Page 12: Cybersecurity and Infrastructure Security Agency ...€¦ · physical, supply chain, and cybersecurity issues that may arise from the spread of Novel Coronavirus, or COVID-19. •](https://reader036.vdocuments.site/reader036/viewer/2022070111/604cee38ae485a7e051f88e3/html5/thumbnails/12.jpg)
12
BEST PRACTICES
Leadership Must OWN the Issue
Good Cyber Hygiene - Protect Crown Jewels - Blocking & Tackling
Risk Management – What Can I Accept?• Balance Security,
Mission and Privacy
Be Prepared – Assess & EXERCISE
Defend & Continue to Operate
Leverage Relationships
MAKE YOUR OWN LUCK!
![Page 13: Cybersecurity and Infrastructure Security Agency ...€¦ · physical, supply chain, and cybersecurity issues that may arise from the spread of Novel Coronavirus, or COVID-19. •](https://reader036.vdocuments.site/reader036/viewer/2022070111/604cee38ae485a7e051f88e3/html5/thumbnails/13.jpg)
13
Contacts and Questions?
Ron FordRegional Cybersecurity Advisor
(CT, ME, MA, NH, RI, VT)[email protected]
For inquiries or further information, contact [email protected]
MS-ISAChttps://www.cisecurity.org/ms-isac/
24/7 Line: [email protected]
https://www.cisecurity.org/isac/report-an-incident/