dla energy worldwide energy conference tsa surface ...€¦ · pipeline security guidelines •...
TRANSCRIPT
![Page 1: DLA Energy Worldwide Energy Conference TSA Surface ...€¦ · Pipeline Security Guidelines • Contains cyber security measures TSA has developed with industry. The cyber guidelines](https://reader034.vdocuments.us/reader034/viewer/2022042206/5ea8ddc959a34004c7368a3b/html5/thumbnails/1.jpg)
DLA Energy Worldwide Energy ConferenceTSA Surface Cybersecurity Resources
April 12, 2017
Office of Security Policy & Industry EngagementSurface Division
![Page 2: DLA Energy Worldwide Energy Conference TSA Surface ...€¦ · Pipeline Security Guidelines • Contains cyber security measures TSA has developed with industry. The cyber guidelines](https://reader034.vdocuments.us/reader034/viewer/2022042206/5ea8ddc959a34004c7368a3b/html5/thumbnails/2.jpg)
22
TSAastheCo-SectorSpecificAgency
• TSAistheTransportationSystemsSectorCO-SSAwithDOTandUnitedStatesCoastGuard.
• Missiono ContinuouslyimprovetheriskpostureofTransportationSystems
servingtheNation.• Goals
o Preventanddeteractsofterrorismusing,oragainst,thetransportationsystem.
o Enhancetheall-hazardpreparednessandresilienceoftheglobaltransportationsystemtosafeguardU.S.nationalinterests.
o Improvetheeffectiveuseofresourcesfortransportationsecurity.o Improvesectorsituationalawareness,understanding,and
collaboration.
![Page 3: DLA Energy Worldwide Energy Conference TSA Surface ...€¦ · Pipeline Security Guidelines • Contains cyber security measures TSA has developed with industry. The cyber guidelines](https://reader034.vdocuments.us/reader034/viewer/2022042206/5ea8ddc959a34004c7368a3b/html5/thumbnails/3.jpg)
33
ThreePillarsofCriticalInfrastructureCybersecurityatTSA
• OfficeofInformationTechnologyo FacilitatingtheImplementationofNational
Policy.
• OfficeofSecurityPolicyandIndustryEngagemento Managingrisksthroughindustryengagement.
• OfficeofIntelligenceandAnalysiso Identifyandcommunicatingcyberthreats.
![Page 4: DLA Energy Worldwide Energy Conference TSA Surface ...€¦ · Pipeline Security Guidelines • Contains cyber security measures TSA has developed with industry. The cyber guidelines](https://reader034.vdocuments.us/reader034/viewer/2022042206/5ea8ddc959a34004c7368a3b/html5/thumbnails/4.jpg)
44
CyberCriticalInfrastructureProtection
• Mandateso ExecutiveOrder13636:ImprovingCriticalInfrastructureCyberSecurity.o PresidentialPolicyDirective-21:CriticalInfrastructureSecurityand
Resilience.o PresidentialPolicyDirective-41:UnitedStatesCyberIncident
Coordination.
• Missiono Facilitatethemeasuredimprovementofthenationaltransportation
sectorcybersecurityposture.
• Approacho Non-Operational.Education,Facilitation,andCommunication.
![Page 5: DLA Energy Worldwide Energy Conference TSA Surface ...€¦ · Pipeline Security Guidelines • Contains cyber security measures TSA has developed with industry. The cyber guidelines](https://reader034.vdocuments.us/reader034/viewer/2022042206/5ea8ddc959a34004c7368a3b/html5/thumbnails/5.jpg)
55
PutCybersecurityRiskManagementontheAgendaBeforeitBecomestheAgenda
• Itisnolongersufficienttothinkaboutcybersecurityasapurelytechnicalproblem.Justlikephysicalsecurity,thecurrentthreatenvironmentrequiresacomprehensiveapproachtocybersecurityriskmanagement.
• Asabusinessleaderandemployee,itisvitaltorealizetheimportanceofprotectingyourcompany’ssystemsfromcyberthreatsbecausethesecurityofanorganization’sassets,employees,passengers,cargoandcustomersdependsonit.
• Itiscriticalthatyouandyouremployeesareengagedinappropriatepracticestoavertpotentiallydamagingcyber-attacks.
• Incorporatecyberrisksintoyourorganization'sexistingriskmanagementandgovernanceprocesses.
![Page 6: DLA Energy Worldwide Energy Conference TSA Surface ...€¦ · Pipeline Security Guidelines • Contains cyber security measures TSA has developed with industry. The cyber guidelines](https://reader034.vdocuments.us/reader034/viewer/2022042206/5ea8ddc959a34004c7368a3b/html5/thumbnails/6.jpg)
66
SurfaceTransportationCybersecurityResourceToolkitforSmall&MidsizeBusiness(SMB)
• Thetoolkitisacollectionofdocumentsdesignedtoprovidecyberriskmanagementinformationtosurfacetransportationmanagersownersandoperatorswhohavefewerthan1,000employees.
• ItprovidesguidanceonhowtoincorporateCyberRiskintoyourorganization'sexistingriskmanagementandgovernanceprocesses.
![Page 7: DLA Energy Worldwide Energy Conference TSA Surface ...€¦ · Pipeline Security Guidelines • Contains cyber security measures TSA has developed with industry. The cyber guidelines](https://reader034.vdocuments.us/reader034/viewer/2022042206/5ea8ddc959a34004c7368a3b/html5/thumbnails/7.jpg)
77
SurfaceTransportationCybersecurityResourceToolkitforSmall&MidsizeBusiness(SMB)
UNCLASSIFIED//FOR OFFICIAL USE ONLY
![Page 8: DLA Energy Worldwide Energy Conference TSA Surface ...€¦ · Pipeline Security Guidelines • Contains cyber security measures TSA has developed with industry. The cyber guidelines](https://reader034.vdocuments.us/reader034/viewer/2022042206/5ea8ddc959a34004c7368a3b/html5/thumbnails/8.jpg)
88
NoCostResourcesforSurfaceTransportationSystemsSector(TSS)IndustryStakeholders
“No-CostCybersecurityResourcesforSurfaceTransportationSystems”handoutthatprovidesalistofcybersecurityprogramsanddocuments thatindustrycanusetoreducetheircybersecurityriskandincreasetheircyberresilience.Examplesinclude:
• TheCriticalInfrastructureCyberCommunityVoluntaryProgram(CᶟVP)thatsupports criticalinfrastructureownersandoperatorsinterestedinimprovingtheircyberriskmanagementprocessesandcyberresilience.
• CyberRiskManagementPrimerforCEOsthathighlightsthefivequestionsbusiness leadersshouldaskaboutcyberriskstoprotecttheirorganization’ssystemsfromcyberthreats.
• InformationabouttheCyberResilienceReview(CRR)&CyberSecurityEvaluationTool(CSET)DHScyberriskassessmentsprovidedasthefirststepforadoptionoftheCyberFrameworkandawayforanorganizationtoview/understandtheirapproachtomanagingtheircybersecurityrisk.
![Page 9: DLA Energy Worldwide Energy Conference TSA Surface ...€¦ · Pipeline Security Guidelines • Contains cyber security measures TSA has developed with industry. The cyber guidelines](https://reader034.vdocuments.us/reader034/viewer/2022042206/5ea8ddc959a34004c7368a3b/html5/thumbnails/9.jpg)
99
TransportationSystemsSectorCybersecurityFrameworkImplementationGuidance
TheTransportationSystemsSectorCybersecurityFrameworkImplementationGuidanceprovidesanapproachforTransportationSystemsSectorownersandoperatorstoapplytheprinciplesoftheNationalInstituteofStandardsandTechnologyCybersecurityFrameworktohelp reducecyberrisks. Specifically,organizationsmayusetheimplementationguidance to:
• Characterizetheircurrentcybersecurityposture.• Identifyopportunities forenhancingexistingcyber
riskmanagementprograms.• Findexistingtools, standards,andguides tosupport
Frameworkimplementation.• Communicatetheirriskmanagementissuesto
internalandexternalstakeholders.
Organizationsthatlackaformalcybersecurityriskmanagementprogramcouldusetheguidance toestablishrisk-basedcyberpriorities.
![Page 10: DLA Energy Worldwide Energy Conference TSA Surface ...€¦ · Pipeline Security Guidelines • Contains cyber security measures TSA has developed with industry. The cyber guidelines](https://reader034.vdocuments.us/reader034/viewer/2022042206/5ea8ddc959a34004c7368a3b/html5/thumbnails/10.jpg)
1010
SurfaceCybersecurity“Pocket”AwarenessGuide
• Theguideoutlinesthetypesofthreatsmostcommonlyfoundincyberspaceandexplainshowyoucanprotectyourcompany’sdata,computersystems,andyourpersonalinformation. ItalsoprovidesdetailedinformationonthesafeuseoftheInternet,socialnetworks,andmobiletechnology.
• Theguideisformattedin“pocketsize”withtheaimthatfrontlineemployeeswillkeeptheguidecloseathandwhiletheyareon-dutysothatitcanserveasaconvenientreferencesourceandsecurityawarenesstool.
![Page 11: DLA Energy Worldwide Energy Conference TSA Surface ...€¦ · Pipeline Security Guidelines • Contains cyber security measures TSA has developed with industry. The cyber guidelines](https://reader034.vdocuments.us/reader034/viewer/2022042206/5ea8ddc959a34004c7368a3b/html5/thumbnails/11.jpg)
1111
SurfaceCybersecurity“Pocket”AwarenessGuide
Over10,000surfacecybersecurityawarenesspocketawarenessguideshavebeendistributedtopipelineowner/operators.
![Page 12: DLA Energy Worldwide Energy Conference TSA Surface ...€¦ · Pipeline Security Guidelines • Contains cyber security measures TSA has developed with industry. The cyber guidelines](https://reader034.vdocuments.us/reader034/viewer/2022042206/5ea8ddc959a34004c7368a3b/html5/thumbnails/12.jpg)
1212
PipelineSecurityGuidelines
• ContainscybersecuritymeasuresTSAhasdevelopedwithindustry.Thecyberguidelinesofferbaselinemeasurestosupportadoptionofcybersecurityprotectionstandards.
• These2011Guidelinesarebeingrevisedandthecybersectionreceived300commentsfromindustryrepresentatives. TSAplanstoaddressallcommentsbytheendofFY17andtargetsafinalguidancetobecompletebytheendofMarch2018.
![Page 13: DLA Energy Worldwide Energy Conference TSA Surface ...€¦ · Pipeline Security Guidelines • Contains cyber security measures TSA has developed with industry. The cyber guidelines](https://reader034.vdocuments.us/reader034/viewer/2022042206/5ea8ddc959a34004c7368a3b/html5/thumbnails/13.jpg)
1313
TSSCWGTransportationSystemsSectorCyberWorkingGroup&
WeeklyNewsletter
• ImplementingNationalPolicies
• ModalOutreachAwarenessandCoordination
• InformationSharingBestPractices
• FacilitatingGovernmentProgramsandEfforts
• WeeklyNewsletter
![Page 14: DLA Energy Worldwide Energy Conference TSA Surface ...€¦ · Pipeline Security Guidelines • Contains cyber security measures TSA has developed with industry. The cyber guidelines](https://reader034.vdocuments.us/reader034/viewer/2022042206/5ea8ddc959a34004c7368a3b/html5/thumbnails/14.jpg)
1414
https://www.tsa.gov/for-industry
![Page 15: DLA Energy Worldwide Energy Conference TSA Surface ...€¦ · Pipeline Security Guidelines • Contains cyber security measures TSA has developed with industry. The cyber guidelines](https://reader034.vdocuments.us/reader034/viewer/2022042206/5ea8ddc959a34004c7368a3b/html5/thumbnails/15.jpg)
15
• ForadditionalinformationaboutjoiningtheTSSCWGortoreceiveThisWeekinTransportationCybersecurity,email:[email protected]
• Foradditionalinformationand/ortorequesttheAwarenessGuideorToolkit,email:[email protected]
• Pleaseinclude“CybersecurityGuideandToolkit”inthesubjectlineofyouremailtofacilitateproperhandling.
![Page 16: DLA Energy Worldwide Energy Conference TSA Surface ...€¦ · Pipeline Security Guidelines • Contains cyber security measures TSA has developed with industry. The cyber guidelines](https://reader034.vdocuments.us/reader034/viewer/2022042206/5ea8ddc959a34004c7368a3b/html5/thumbnails/16.jpg)
16