Dams Sector Roadmap to Secure Control Systems - Association of ...

damsafety.org

Dams Sector Roadmap to Secure Control Systems - Association of ...

This affords companies and organizations the flexibility to

pursue projects that correspond with their special interests.

Outreach, Training, and Education Needs

Within the Dams Sector, outreach, training, and education

tools are critical in achieving a greater understanding of the

potential impacts and consequences associated with cyber

events. It is essential that the sector enhance its awareness

and understanding of these consequences in order to

improve the ability to recognize cyber incidents when they

occur and respond to them effectively using the most reliable

mitigations available.

Dams Sector Council members have developed a strong

partnership to help promote and facilitate sector and crosssector

planning, coordination, collaboration, and information

sharing for the protection of assets within the sector. In

continuing this cooperative relationship, the sector should

examine its current needs and shortcomings with regards to

outreach, training and education requirements.

The Dams Sector Security Education Workgroup, which

consists of members from the Dams Sector Councils, have

developed and distributed a multitude of reference documents

focused on providing owners and operators with

useful information regarding security awareness, protective

measures, crisis management, and other security

and protection related issues.These efforts represent the

cornerstone of a successful outreach strategy intended to

increase awareness and technical understanding across

the entire sector.The goal is to reach as many owners and

operators as possible, regardless of the size of the facility

or ownership characteristics.

Members of the Dams Sector Council, through the Security

Education Workgroup, will continue to identify outreach,

training, and education requirements in order to assist in

achieving and sustaining the level of expertise to thwart

cyber attacks on the Dams Sector ICS.

Information Sharing

Effective information sharing and awareness efforts help

ensure the successful coordination and implementation of

programs related to the protection of cyber assets, systems,

networks, and functions.These efforts also enable cybersecurity

partners to make informed decisions with regards to

short- and long-term cybersecurity posture, risk mitigation,

and operational continuity.

Utilizing effective methods for sharing information is critical

in ensuring sector partners have the capability to receive

information that may enhance the protection of ICS.

The roadmap is an excellent example of a mechanism with

which to conduct outreach and share information. It is

intended to increase the sector’s situational awareness and

offer suggestions focused on the reduction of potential consequences

associated with cyber threats to ICS.

Implementation Framework

Figure 3 illustrates the proposed implementation process

for this roadmap.The figure depicts the implementation

carried out over three phases with ongoing assessment of

results and impacts feeding back into the implementation

activities.

Socialization

The first phase of roadmap implementation begins with

the socialization process, which involves the publication,

dissemination, and promotion of the roadmap among

stakeholders.The experience of other sectors indicates that

this is an important first step that builds support and buy-in

and lays the groundwork for the collaboration and partnerships

required by the milestones. As the socialization efforts

proceed, the sector must be proactive in enhancing existing

partnerships and forming new ones, as well as identifying

roles and delegating responsibilities. It is the time to leverage

the buy-in from key players and to motivate industry

leaders to step forward and become more actively involved.

A critical component for the implementation process is

the development of a roadmap workgroup (workgroup),

which typically consists of members from the Dams Sector

Councils and may include representatives from multiple

stakeholder groups.The lessons learned from other sectors

indicate that this workgroup should be formed early on and

is vital to sustaining the momentum and forward movement

from the socialization process.

Implementation Activities

The second phase is where the majority of the milestones,

including policy development, partnership formation, training

initiatives and R&D efforts are implemented.The working

group will serve as the mechanism for the project coordination

of roadmap activities and takes the lead in carrying out

ongoing implementation activities in three areas: collaboration,

project coordination, and roadmap assessment.

Collaboration

The workgroup will provide venues for collaboration

efforts, ensure the tools being developed enable the

secure sharing of information (such as a shared portal for

monitoring activities), and promote ongoing information

exchange on best practices, industry developments, etc.

The workgroup may also help further define the roles and

responsibilities of Dams Sector stakeholders.

30

Dams Sector Roadmap to Secure Control Systems

More magazines by this user
Similar magazines