DLA Energy Worldwide Energy Conference TSA Surface Cybersecurity Resources April 12, 2017 Office of Security Policy & Industry Engagement Surface Division
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
DLA Energy Worldwide Energy ConferenceTSA Surface Cybersecurity Resources
April 12, 2017
Office of Security Policy & Industry EngagementSurface Division
22
TSAastheCo-SectorSpecificAgency
• TSAistheTransportationSystemsSectorCO-SSAwithDOTandUnitedStatesCoastGuard.
• Missiono ContinuouslyimprovetheriskpostureofTransportationSystems
servingtheNation.• Goals
o Preventanddeteractsofterrorismusing,oragainst,thetransportationsystem.
o Enhancetheall-hazardpreparednessandresilienceoftheglobaltransportationsystemtosafeguardU.S.nationalinterests.
o Improvetheeffectiveuseofresourcesfortransportationsecurity.o Improvesectorsituationalawareness,understanding,and
collaboration.
33
ThreePillarsofCriticalInfrastructureCybersecurityatTSA
• OfficeofInformationTechnologyo FacilitatingtheImplementationofNational
Policy.
• OfficeofSecurityPolicyandIndustryEngagemento Managingrisksthroughindustryengagement.
• OfficeofIntelligenceandAnalysiso Identifyandcommunicatingcyberthreats.
44
CyberCriticalInfrastructureProtection
• Mandateso ExecutiveOrder13636:ImprovingCriticalInfrastructureCyberSecurity.o PresidentialPolicyDirective-21:CriticalInfrastructureSecurityand
Resilience.o PresidentialPolicyDirective-41:UnitedStatesCyberIncident
Coordination.
• Missiono Facilitatethemeasuredimprovementofthenationaltransportation
sectorcybersecurityposture.
• Approacho Non-Operational.Education,Facilitation,andCommunication.
55
PutCybersecurityRiskManagementontheAgendaBeforeitBecomestheAgenda
• Itisnolongersufficienttothinkaboutcybersecurityasapurelytechnicalproblem.Justlikephysicalsecurity,thecurrentthreatenvironmentrequiresacomprehensiveapproachtocybersecurityriskmanagement.
• Asabusinessleaderandemployee,itisvitaltorealizetheimportanceofprotectingyourcompany’ssystemsfromcyberthreatsbecausethesecurityofanorganization’sassets,employees,passengers,cargoandcustomersdependsonit.
• Itiscriticalthatyouandyouremployeesareengagedinappropriatepracticestoavertpotentiallydamagingcyber-attacks.
• Incorporatecyberrisksintoyourorganization'sexistingriskmanagementandgovernanceprocesses.
66
SurfaceTransportationCybersecurityResourceToolkitforSmall&MidsizeBusiness(SMB)
• Thetoolkitisacollectionofdocumentsdesignedtoprovidecyberriskmanagementinformationtosurfacetransportationmanagersownersandoperatorswhohavefewerthan1,000employees.
• ItprovidesguidanceonhowtoincorporateCyberRiskintoyourorganization'sexistingriskmanagementandgovernanceprocesses.
77
SurfaceTransportationCybersecurityResourceToolkitforSmall&MidsizeBusiness(SMB)
UNCLASSIFIED//FOR OFFICIAL USE ONLY
88
NoCostResourcesforSurfaceTransportationSystemsSector(TSS)IndustryStakeholders
“No-CostCybersecurityResourcesforSurfaceTransportationSystems”handoutthatprovidesalistofcybersecurityprogramsanddocuments thatindustrycanusetoreducetheircybersecurityriskandincreasetheircyberresilience.Examplesinclude:
• TheCriticalInfrastructureCyberCommunityVoluntaryProgram(CᶟVP)thatsupports criticalinfrastructureownersandoperatorsinterestedinimprovingtheircyberriskmanagementprocessesandcyberresilience.
• CyberRiskManagementPrimerforCEOsthathighlightsthefivequestionsbusiness leadersshouldaskaboutcyberriskstoprotecttheirorganization’ssystemsfromcyberthreats.
• InformationabouttheCyberResilienceReview(CRR)&CyberSecurityEvaluationTool(CSET)DHScyberriskassessmentsprovidedasthefirststepforadoptionoftheCyberFrameworkandawayforanorganizationtoview/understandtheirapproachtomanagingtheircybersecurityrisk.
99
TransportationSystemsSectorCybersecurityFrameworkImplementationGuidance
TheTransportationSystemsSectorCybersecurityFrameworkImplementationGuidanceprovidesanapproachforTransportationSystemsSectorownersandoperatorstoapplytheprinciplesoftheNationalInstituteofStandardsandTechnologyCybersecurityFrameworktohelp reducecyberrisks. Specifically,organizationsmayusetheimplementationguidance to:
• Characterizetheircurrentcybersecurityposture.• Identifyopportunities forenhancingexistingcyber
riskmanagementprograms.• Findexistingtools, standards,andguides tosupport
Frameworkimplementation.• Communicatetheirriskmanagementissuesto
internalandexternalstakeholders.
Organizationsthatlackaformalcybersecurityriskmanagementprogramcouldusetheguidance toestablishrisk-basedcyberpriorities.
1010
SurfaceCybersecurity“Pocket”AwarenessGuide
• Theguideoutlinesthetypesofthreatsmostcommonlyfoundincyberspaceandexplainshowyoucanprotectyourcompany’sdata,computersystems,andyourpersonalinformation. ItalsoprovidesdetailedinformationonthesafeuseoftheInternet,socialnetworks,andmobiletechnology.
• Theguideisformattedin“pocketsize”withtheaimthatfrontlineemployeeswillkeeptheguidecloseathandwhiletheyareon-dutysothatitcanserveasaconvenientreferencesourceandsecurityawarenesstool.
1111
SurfaceCybersecurity“Pocket”AwarenessGuide
Over10,000surfacecybersecurityawarenesspocketawarenessguideshavebeendistributedtopipelineowner/operators.
1212
PipelineSecurityGuidelines
• ContainscybersecuritymeasuresTSAhasdevelopedwithindustry.Thecyberguidelinesofferbaselinemeasurestosupportadoptionofcybersecurityprotectionstandards.
• These2011Guidelinesarebeingrevisedandthecybersectionreceived300commentsfromindustryrepresentatives. TSAplanstoaddressallcommentsbytheendofFY17andtargetsafinalguidancetobecompletebytheendofMarch2018.
1313
TSSCWGTransportationSystemsSectorCyberWorkingGroup&
WeeklyNewsletter
• ImplementingNationalPolicies
• ModalOutreachAwarenessandCoordination
• InformationSharingBestPractices
• FacilitatingGovernmentProgramsandEfforts
• WeeklyNewsletter
1414
https://www.tsa.gov/for-industry
15
• ForadditionalinformationaboutjoiningtheTSSCWGortoreceiveThisWeekinTransportationCybersecurity,email:[email protected]
• Foradditionalinformationand/ortorequesttheAwarenessGuideorToolkit,email:[email protected]
• Pleaseinclude“CybersecurityGuideandToolkit”inthesubjectlineofyouremailtofacilitateproperhandling.
16
Related Documents
