You are on page 1of 24
ICS Cybersecurity Roles and Responsibilities

ICS Cybersecurity Roles and Responsibilities

Federal Electricity & Water Authority

Table of Contents

  • 1 Purpose

2

  • 2 Cybersecurity roles and responsiblities

........................................................... 3

  • 3 Version History

21

  • 4 Document Approval

22

Federal Electricity & Water Authority

1

PURPOSE

The purpose of this document is to define roles and responsibilities that are essential to the implementation of ICS cybersecurity policies and processes.

Federal Electricity & Water Authority

  • 2 CYBERSECURITY ROLES AND RESPONSIBLITIES

Role

 

Responsibility

CISO

Safeguard company’s information and assets required for normal

operations

Accountable for Risk Management

Set business goals and objectives

Approve CII Operator reports

Approve Risk Treatment Plan

Approve Security Program Documentation

ICS Security

Define ICS Security Program Objectives

Steering

Ensure participation in ICS Security Program by relevant FEWA business

Committee

units

Oversee ICS Security Program

Provide strategic direction on ICS Security Program as appropriate to ensure alignment with corporate strategy

Review and approve changes to ICS Security Program documents

Develop Strategy to involve larger set of organizations with shared objectives

Monitor ICS risk management activities.

Review and approve risk management strategy and policy.

Ensure FEWA demonstrates due diligence in addressing compliance requirements

Review of information/data security policies and processes Provide guidance to ICS Systems administrator in classifying

Federal Electricity & Water Authority

Role

Responsibility

ICS

  • Oversee ICS Security Program

Information

Manager

  • Review/Approve ICS Security business cases, request funding and resources, and provide reports and ROI information

  • Establish ICS Security Program Governance and Organization structure

  • Provide guidance to ICS Security Team

  • Identify processes and schedule for monitoring, tracking and reporting ICS Security Program success

  • Establish ICS Security Program KPI's

  • Manage creation and changes to ICS Security Program Charter documents

  • Coordinator for facilitating Risk, Incident and Audit management activities

  • Manage ICS Implementation communications plan

  • Govern compliance of ICS Security Program Policies, Processes and Procedures with Vendors

  • Enforce ICS Security training by vendors and contractors

  • Communicate ICS Security Implementation plans to sites

  • Overall responsibility for adherence to information legislation, including Freedom of Information Act, Environmental Information Regulations, Data Protection Act, Copyright Act

  • Overseeing security operations and information security incident management.

  • Overseeing investigations/forensics of security breaches.

  • Overseeing Information Security training & awareness programs.

Federal Electricity & Water Authority

Role

Responsibility

ICS Site

  • Interface with operations, customers and vendors to communicate ICS

Security Focal

Security Program policy, process and procedure changes

Point

  • Escalate major ICS Security Program issues to ICS Information Manager

  • Discuss ICS Security Program policy deviations or non-conformance issues to operations, customers, vendors

  • Communicate ICS Security Implementation plans to sites

  • Integrate cyber-security management into existing HSE Incident Management Process

  • Format and present regular security posture report generated from SIM/SIEM

  • Initiate FEWA/Site Incident Response Plan

  • Identify roles for specific training requirements and delivery strategy

  • Ensures role specific training requirements are maintained.

  • Supports identification and definition of cybersecurity specifications for ICS products, solutions, and services.

  • Assess ICS Vendor design proposal against cybersecurity specifications.

  • Manage risk to the ICS and FEWA from ICS Vendor products, solutions, and/or services and the associated supply chain

  • Ensure ICS Vendor’s continuous conformance with contractually defined

cybersecurity specifications.

  • Defines logging and real-time capture requirements

  • Creates and maintains up-to-date ICS relevant automated rules on analysis tools

  • Defines and Documents Vulnerability Management timelines.

  • Document vulnerabilities in internal reports.

  • Evaluates the risk of technical vulnerabilities to FEWA.

  • Manages Deviations with the ICS Exceptions Process.

  • Communicates new vulnerability information and vulnerability status internally.

  • Externally communicates vulnerabilities when necessary for legal or regulatory purposes through Legal Counsel approval.

  • Manages Operational approval and coordination for implementation of qualified patches.

Federal Electricity & Water Authority

Role

Responsibility

ICS Site

  • Initiates Incident Response Plan

Security Focal

  • Monitors available vulnerability data.

Point

  • Provide guidance to ICS Systems administrator in hardening configuration of ICS systems and assets.

  • Review site specific hardening configuration procedures.

  • Communicate ICS Cybersecurity Policy deviations or non-conformance issues to operations, Vendors, and Contractors.

  • Perform periodic user account management documentation and system audits to determine potential non-compliance.

  • Investigate and notify all stakeholders of potential process non-compliance.

  • Invoke Incident Response Plan if required.

  • Interface with operations to communicate ICS Security Program policy, process and other document changes

  • Discuss policy deviations or non-conformance issues to operations

  • Provide guidance to ICS Systems administrator in classifying and protecting ICS information/data

  • Review site specific information/data classification and protection procedures

  • Communicate ICS information/data policy deviations or non-conformance issues to operations, customers and vendors

  • Conduct Threat, Vulnerability, and Risk Assessments

  • Contribute to development of ICS Security Program Implementation Plans

  • Identify and document security risks

  • Create uniform set of procedural controls

  • Monitor and report risks and status to ICS Security Team lead, ICS Security Program Manager and ICS Security Steering committee

  • Manage ICS implementation plan and remediation activities

  • Provides Remote Telephonic support to the operations team for Low / Medium incidents and mobilizes to site for High / Critical incidents to provide on-site support & recovery efforts

Federal Electricity & Water Authority

Role

Responsibility

 
  • Coordinates and interfaces with the System Vendors & Suppliers for the needed support.

  • Coordinates storing and protecting evidence and system Logs.

  • Responsible for the Incident Recovery & Normalization of DCS & SCADA systems with respect to Cyber Security

  • Security Engineer analyzes network traffic together with Network Specialist for signs of denial of service, distributed denial of service, or other external

  • Coordinates and interfaces with the System Vendors & Suppliers for the needed support.

  • Coordinates storing and protecting evidence and system Logs.

ICS Security

  • Comprised of various ICS Security Team roles (see org chart)

Team

  • Execute ICS Security Program Implementation and Governance Activities

  • Provide status updates to ICS Security Program Manager as requested

  • Review Risk Assessments.

  • Prepare/receive reports from business units.

  • Recommend Risk treatment options.

  • Prepare reporting for Steering Committee.

  • Track Risk Treatment against plan.

  • Monitors and analyses real-time information

  • Reviews and formats regular security reports

  • Define, document applicable laws and review UAE IA for new requirements

  • Develop approach to address new compliance requirements

  • Align internal ICS Security documentation with new compliance requirements

  • Provide updates to Learning and Development (L&D) Coordinator for education strategy plan

Federal Electricity & Water Authority

Role

Responsibility

ICS Security

  • Supports development of and management of ICS Security Training and

Training Focal

delivery strategy.

Point

  • Coordinates training delivery schedules with HR.

  • Coordinates training communications with HR.

  • Ensures training content, modules, and syllabus are maintained

  • Conduct risk assessment on requested tools

ICS Network

  • Contribute to specific mitigation/transference strategies and plans

Engineers

  • Support site implementation plans (of technical controls) and interface with system support vendors where required

  • Maintain content of ICS Security Program content sites

  • Configures ICS assets to generate appropriate logs and related information

  • Evaluates the incident on receipt of information & diagnostics over phone.

  • Provides Remote Telephonic support to the operations team for Low / Medium incidents and mobilizes to site for High / Critical incidents to provide on-site support & recovery efforts

  • Responsible for the Incident Recovery & Normalization of DCS & SCADA systems with respect to Network Infrastructure

  • Network Engineer shall prevent incidents from further spreading and carry out the Recovery tasks on Network equipment (Switches, Routers, SDH system, etc.) and Network Infrastructure (Fiber Optics, Copper cabling, Converters, etc.).

  • Take action to block traffic from suspected intruder, or from the computer / network of cyber-attack originating.

  • Coordinates and interfaces with the System Vendors & Suppliers for the needed support.

  • Defines logging and real-time capture requirements

Federal Electricity & Water Authority

Role

Responsibility

Control

  • Evaluates the incident on receipt of information & diagnostics over phone.

Engineer

  • Mobilizes to site for supporting Incident Response & Recovery activities based on the information from Operations Chief / Team Leader.

  • Responsible for the Incident Recovery & Normalization of DCS & SCADA Hardware (Modules, Components, Marshalling, etc.), Control Sub-systems (ESD, F&G, RTU, etc.), System Utilities (UPS, Power supply, Grounding, etc.) and Field equipment (Instruments, Local panels, Pumps, Valves, etc.)

  • Supports the Team Leader and provide inputs to conclude on the severity of the incident (Low/Medium/High/Critical)

  • Coordinates and interfaces with the System Vendors & Suppliers for the needed support.

Site

  • Adhere to ICS Security Program policies, processes and procedures

Operations

  • Assist with implementation of ICS process and technical controls

  • Identify and report security risks

  • Keep up-to-date with ICS Security training requirements

  • Assists with implementation of ICS process and technical controls.

  • Coordinates for implementation of qualified ICS patches.

Site

  • Authorize access for creation of new ICS User Accounts

Supervisor

  • Authorize access for external user access to ICS systems for maintenance purposes

  • Regularly audit site activities to ensure compliance to ICS Security policies in collaboration with ICS Site Security focal point of contact

  • Provides guidance on confidential ICS information and approves select group of users that can access and handle confidential ICS information.

  • Helps the ICS system administrators determine specific users to be granted specific permissions.

  • Consolidate and address non-compliance with ICS Security Program Focal Point

  • Approve access and provide key(s)

  • Receive key(s)

  • Maintain key register log

Federal Electricity & Water Authority

Role

Responsibility

ICS Asset

  • Ensures assets are classified

Owner

  • Approve business requirement for removable media usage on an asset

  • Approve the disposal of asset

  • Track the destruction and disposal of asset

  • Approve business requirement for removable media usage on an asset

  • Ensure asset protection verification has been conducted

Operations

  • Operations Chief receives the incident information from Shift Supervisor /

Chief

Sr. Operators and evaluates on normal & abnormal functions.

  • Estimates the potential impacts to the plant operations when a part / component of DCS / SCADA system go out of service.

  • Supports the Team Leader and provide inputs to conclude on the severity of the incident (Low/Medium/High/Critical)

  • Supports the Operations team to stop / resume the operations as necessary.

  • Approve Incident report presented by Team Leader

Engineering

  • Adhere to ICS Security Program policies, processes and procedures

  • Identify and report ICS security risks

  • Notify ICS Security Team of potential changes to ICS infrastructure

  • Interface with ICS Security Team to ensure new site build solutions adhere to ICS Requirements

  • Notify ICS Security Team of related standards program requirements (example: ISDS)

  • Keep up-to-date with ICS Security training requirements

  • Identify sensitive ICS information/data such as design documents, network architecture diagrams etc.

  • Ensure appropriate controls are implemented in new and upgraded systems to identify and protect sensitive information/data

Federal Electricity & Water Authority

Role

Responsibility

Maintenance

  • Adhere to ICS Security Program policies, processes and procedures

  • Identify and report ICS security risks

  • Notify ICS Security Team of potential changes to ICS infrastructure

  • Notify ICS Security Team of related standards program requirements (example: ISDS)

  • Keep up-to-date with ICS Security training requirements

L&D

  • Contribute to ICS Security training and education strategy plan

Coordinator

  • Manage/Oversee delivery and completion of ICS Security training

  • Manage the ICS Security training delivery mechanisms and related processes

  • Manage the ICS Security training completion tracking and reporting mechanisms and related processes

  • Coordinate training delivery schedules with ICS Security Team

  • Coordinate training communications with ICS Security Team

  • Contribute to ICS Security training and education strategy plan

Federal Electricity & Water Authority

Role

Responsibility

Supply Chain

  • Procure ICS Systems in compliance with ICS Security Program security requirements

  • Communicate ICS Security Program requirements to Vendors

  • Notify ICS Security Team of potential changes to ICS systems/infrastructure

  • Keep up-to-date with ICS Security training requirements

  • Engage ICS Vendors with cybersecurity specifications for ICS products, solutions, and services.

  • Qualify ICS Vendors.

  • Ensure contracts with ICS Vendors include specific measureable cybersecurity requirements as provided by Site Security Focal Point.

  • Identify sensitive ICS information/data to be shared or received from Vendors, Subvendors, Contractors, Subcontractors, Consultants and Manufacturers

  • Communicate ICS information/data protection requirements to all involved stakeholders

  • Implement or enforce information/data protection schemes to protect ICS information/data in transit (via email or phone)

HSE Analyst

  • Keep ICS Security Team informed and integrated with Change Management process

IT Support / Site

  • Develop and Maintain ICS Security Program content sites and knowledge repository

Administrator (Example:

  • Maintain the configuration of the ICS Security Program sites

SharePoint)

  • Maintain static content of ICS Security Program sites

  • Define site usage guidelines

  • Manage Access credentials to ICS Security Program sites

HR

  • Enforce ICS Security Training for new and existing staff

  • Initiate ICS Account revocation requests when a user is terminated for cause

FEWA

  • Keep informed

Internal Audit

Rep

Federal Electricity & Water Authority

Role

Responsibility

 

Vendor

Provides asset inventory at SAT based on entity defined contracts.

 

Assists with asset inventorying including collection of logical attributes.

Consulted for recommended cybersecurity maintenance and feasible cybersecurity controls which can be implemented.

Owns cybersecurity maintenance tasks that are performed at defined intervals based on entity support/maintenance agreements.

Implements approved cybersecurity controls based on entity approvals and contracts.

Demonstrates the current state of cybersecurity controls based on entity defined contracts.

Assist ICS Security Team with responding to gap and risk related inquiries

Interface with ICS Security Team to support site implementation plans and ICS Security Program compliance

Keep up-to-date with ICS Security training requirements

Ensures delivery aligns with cybersecurity specifications.

Supports in assessment of Mitigating Controls for identified risks.

 

Demonstrates conformance with cybersecurity specifications.

Supports in testing activities to validate compliance with cybersecurity specifications.

Ensures delivery aligns with cybersecurity specifications.

Supports in assessment of Mitigating Controls for identified risks.

 

Demonstrates conformance with cybersecurity specifications.

Supports in testing activities to validate compliance with cybersecurity specifications.

Provides information on new ICS vulnerabilities.

Qualifies patches for applicable vulnerabilities.

Qualifies security configurations to protect information based on current installations.

 

Suggests mitigating controls wherever vendor system or asset does not provide protection capabilities.

Documents Patch Procedures to support implementation, implements Patches based on maintenance contracts.

Follows FEWA’s policies and processes.

Document Control Number:

Work with ICS System Administrator and Asset Owner to:

ICS Cybersecurity Roles and Responsibilities

Page 1-13

  • Provide backup and restore procedures

Federal Electricity & Water Authority

Role

Responsibility

Vendors,

  • Recommend ICS systems and assets configuration hardening baselines for

Subvendors,

protection against cyber-attacks.

Contractors,

  • Follow FEWA’s policy and process on configuration protection.

Subcontractors

  • Identify ICS information/data that needs protection

  • Recommend security configurations to protect information/data based on its classification

  • Recommend compensating measures wherever vendor system or asset does not provide protection capabilities

  • Follow FEWA’s policy and process on Information/data classification

External ICS

  • Provide ICS Security Program Policy, Process and Procedure Development

Security

Assistance

Advisory

  • Provide ICS Security Program Implementation assistance (gap analysis,

(Example: Al

risk assessment)

Hosn,

Wurldtech)

  • Assist with defining ICS Security Assessment/Certification Audit and Acceptance Criteria

  • Assist with yearly ICS Security Assessment/Certification cycle

ICS Systems

  • Responsible for following ICS Cyber Security Policies to ensure

Administrator

conformance

  • Responsible for implanting new technical and administrative controls to ensure compliance to ICS Cyber Security policies

  • Responsible for reviewing ICS processes and developing system/site specific procedures

  • Configures ICS assets to generate appropriate logs and related information

  • Configure collection, correlation analysis for local and central solutions with backup

Federal Electricity & Water Authority

Role

Responsibility

ICS Systems

  • Monitor Dashboard for real-time analysis updates on ICS security posture

Administrator

  • Execute and log the secure deletion and/or destruction of information.

  • Where locally possible, destroy and dispose of assets and subcomponents. Where not possible initiate FEWA Wide Disposal Process

  • Update ICS Asset Inventory when assets have been decommissioned

  • Provides Remote Telephonic support to the operations team for Low / Medium incidents and mobilizes to site for High / Critical incidents to provide on-site support & lead the recovery efforts

  • Instructs for the mobilization of other Automation team members to site (Security Engineer, Network Engineer, etc.) and directs them in supporting the incident recovery activities

  • Performs first hand incident analysis, and restoration activities onsite.

  • Responsible for the Incident Recovery & Normalization of DCS & SCADA systems with respect to Software Applications, Control & Monitoring Functionalities

  • Supports the Team Leader and provide inputs to conclude on the severity of the incident (Low/Medium/High/Critical)

  • Coordinates and interfaces with the System Vendors & Suppliers for the needed support.

  • Assisting in writing the Incident Report

  • Supports identification of vulnerabilities and risk management

  • Assesses implementation against design.

  • Support SAT Testing

  • Perform backup and restore activities during scheduled maintenance tasks.

  • Verify backup was successful

  • Perform restore activities

  • Document backup and restore procedures

  • Document back and restore strategy based on business requirements and system capabilities

Federal Electricity & Water Authority

Role

Responsibility

ICS Systems

  • Defines and configure logging and real-time capture requirements

Administrator

  • Updates the ICS Site Logging Register

  • Configure collection, correlation analysis for local and central solutions with backup

  • Creates and maintains up-to-date OT relevant automated rules on analysis tools (e.g: Q-Radar)

  • Monitors available vulnerability data.

  • Determines applicability of vulnerabilities.

  • Documents applicable vulnerabilities associated with ICS system and/or assets.

  • Communicates uncured vulnerabilities to Site Security Focal Point.

  • Evaluates the risk of technical vulnerabilities to the ICS and FEWA.

  • Assess and Identifies acceptable Mitigating Controls.

  • Documents Remediation.

  • Monitors local vulnerability status on in-scope ICS systems and assets.

  • Documents Patching procedures.

  • Maintains Patch Inventory.

  • Assists with the testing and deployment of new patches and mitigating controls through the Change Management Process.

  • Identify additional attributes, which must be recorded that provide business value (e.g. mapping assets to cybersecurity maintenance (e.g. backups, password changed, vulnerability management, etc. to the appropriate owners and frequency)).

  • Schedules maintenance arrangements for assets.

  • Ensures through periodic reviews that appropriate cybersecurity controls are implemented and maintained.

  • Ensures all legal requirements for ICS assets are met.

  • Responsible for configuring ICS assets per ICS cybersecurity policies.

  • Performs required system hardening tasks during scheduled maintenance.

  • Reviews ICS configurations to ensure that baseline levels of protection have not changed since the last review.

Federal Electricity & Water Authority

Role

Responsibility

ICS Systems

  • Updates records in Assets Inventory register.

Administrator

  • Assists with Asset Classification and information labeling.

  • Ensures Asset Inventory is maintained and reviewed periodically based on entity defined intervals.

  • Facilitates that assets are protected in accordance with their classification.

  • Consults vendors for technically feasible and approved cybersecurity controls.

  • Recommends cybersecurity controls based on system criticality, cybersecurity risk, and technical feasibility and/or vendor approval

  • Discuss media requirements and media kiosk requirements with requestor

  • Order sample set of media and test for appropriateness

  • Order media and media kiosk

  • Sanitize & scan media

  • Harden endpoint(s) and kiosk(s), deploy security software and verify effectiveness. Adjust security profile to subdue protection and restore security profile.

  • Update ICS Authorized Removable Media Inventory Register

  • Remove or oversee removal of tools

  • Add tool to approved tools register

  • Initiate Incident Management Process

  • Responsible for providing role based access Operation Users (Operators, Supervisors, Shift Controller, Engineer, etc.), Vendors, Subvendors, Contractors, Subcontractors or Consultants.

  • Responsible for defining user groups for ICS systems & applications (i.e. Operator, Supervisor, Engineer, Domain Administrator, etc.).

  • Reviews all access rights and account registrations every 6 months.

  • Test new physical key(s)

Federal Electricity & Water Authority

Role

Responsibility

 
  • Ultimate responsibility for protection of defined site/asset by maintaining key register and security container

  • Ensure ICS systems are accesses by only authorized users

  • Dispose of physical keys

  • Responsible for identifying and classifying ICS information/data

  • Implement controls to protect ICS information/data

  • Reviews information/data classifications to ensure that classification levels have not changed since the last review

Federal Electricity & Water Authority

Role

Responsibility

ICS Asset

  • Inventory asset physical and logical attributes based on defined Asset

Owner

Inventory requirements and local standards.

  • Classify assets in accordance with the ICS Information Classification Process.

  • Ensures Asset Inventory is maintained and reviewed periodically based on entity-defined intervals.

  • Ensures logging and real-time capture requirements are defined and enabled for new assets and are reviewed each quarter

  • Monitors available vulnerability data

  • Determines applicability of vulnerabilities.

  • Documents applicable vulnerabilities associated with ICS system and/or assets.

  • Communicates uncured vulnerabilities to Site Security Focal Point.

  • Evaluates the risk of technical vulnerabilities to the ICS and FEWA.

  • Assess and Identifies acceptable Mitigating Controls.

  • Documents Remediation.

  • Documents Patching procedures.

  • Maintains Patch Inventory.

  • Assists with the testing and deployment of new patches and mitigating controls through the Change Management Process.

  • Define RPO (Recovery Point Objective) and RTO (Recovery Time Objective)

  • Identify backup and restore strategy based on business requirements and system capabilities

Legal Counsel

  • Approves where necessary for legal or regulatory purposes external communication of vulnerabilities.

Federal Electricity & Water Authority

Role

Responsibility

End Users

  • Escalating any security incident or suspected events in the systems, applications, software, and any related malfunction to the Chief Information Security Officer as soon as it occurs.

  • Carefully following the information security policies and procedures specially when dealing with confidential information at FEWA.

  • Protecting devices used by them to perform their day to day activities at FEWA against unauthorized access, theft and any other harm.

  • Attending the Information Security Awareness workshops organized by the Information Technology Department and show interest in understanding their roles and applying it in their day-to-day activities at FEWA.

Federal Electricity & Water Authority

  • 3 VERSION HISTORY

Version No.

Date

Description of Change

By

1.0

07/02/2017

Initial Release

Al-hosn

Information

Security

Consultancy

       
       
       
       

Federal Electricity & Water Authority

  • 4 DOCUMENT APPROVAL

Reviewers Title Signature Date Comments
Reviewers
Title
Signature
Date
Comments

Federal Electricity & Water Authority