You are on page 1of 24
ICS Cybersecurity Roles and Responsibilities

ICS Cybersecurity Roles and Responsibilities

Federal Electricity & Water Authority

Table of Contents

1 Purpose

2

2 Cybersecurity roles and responsiblities

3

3 Version History

21

4 Document Approval

22

Federal Electricity & Water Authority

1

PURPOSE

The purpose of this document is to define roles and responsibilities that are essential to the implementation of ICS cybersecurity policies and processes.

Federal Electricity & Water Authority

2 CYBERSECURITY ROLES AND RESPONSIBLITIES

Role

Responsibility

CISO

Safeguard company’s information and assets required for normal operations

Accountable for Risk Management

Set business goals and objectives

Approve CII Operator reports

Approve Risk Treatment Plan

Approve Security Program Documentation

ICS Security

Define ICS Security Program Objectives

Steering

Ensure participation in ICS Security Program by relevant FEWA business units

Oversee ICS Security Program

Committee

Provide strategic direction on ICS Security Program as appropriate to ensure alignment with corporate strategy

Review and approve changes to ICS Security Program documents

Develop Strategy to involve larger set of organizations with shared objectives

Monitor ICS risk management activities.

Review and approve risk management strategy and policy.

Ensure FEWA demonstrates due diligence in addressing compliance requirements

Review of information/data security policies and processes Provide guidance to ICS Systems administrator in classifying

Federal Electricity & Water Authority

Role

Responsibility

ICS

Oversee ICS Security Program

Information

Manager

Review/Approve ICS Security business cases, request funding and resources, and provide reports and ROI information

Establish ICS Security Program Governance and Organization structure

Provide guidance to ICS Security Team

Identify processes and schedule for monitoring, tracking and reporting ICS Security Program success

Establish ICS Security Program KPI's

Manage creation and changes to ICS Security Program Charter documents

Coordinator for facilitating Risk, Incident and Audit management activities

Manage ICS Implementation communications plan

Govern compliance of ICS Security Program Policies, Processes and Procedures with Vendors

Enforce ICS Security training by vendors and contractors

Communicate ICS Security Implementation plans to sites

Overall responsibility for adherence to information legislation, including Freedom of Information Act, Environmental Information Regulations, Data Protection Act, Copyright Act

Overseeing security operations and information security incident management.

Overseeing investigations/forensics of security breaches.

Overseeing Information Security training & awareness programs.

Federal Electricity & Water Authority

Role

Responsibility

ICS Site

Interface with operations, customers and vendors to communicate ICS Security Program policy, process and procedure changes

 

Security Focal

Point

Escalate major ICS Security Program issues to ICS Information Manager

Discuss ICS Security Program policy deviations or non-conformance issues to operations, customers, vendors

Communicate ICS Security Implementation plans to sites

Integrate cyber-security management into existing HSE Incident Management Process

Format and present regular security posture report generated from SIM/SIEM

Initiate FEWA/Site Incident Response Plan

Identify roles for specific training requirements and delivery strategy

Ensures role specific training requirements are maintained.

Supports identification and definition of cybersecurity specifications for ICS products, solutions, and services.

Assess ICS Vendor design proposal against cybersecurity specifications.

Manage risk to the ICS and FEWA from ICS Vendor products, solutions, and/or services and the associated supply chain

Ensure ICS Vendor’s continuous conformance with contractually defined cybersecurity specifications.

Defines logging and real-time capture requirements

Creates and maintains up-to-date ICS relevant automated rules on analysis tools

Defines and Documents Vulnerability Management timelines.

Document vulnerabilities in internal reports.

Evaluates the risk of technical vulnerabilities to FEWA.

Manages Deviations with the ICS Exceptions Process.

Communicates new vulnerability information and vulnerability status internally.

Externally communicates vulnerabilities when necessary for legal or regulatory purposes through Legal Counsel approval.

Manages Operational approval and coordination for implementation of qualified patches.

Federal Electricity & Water Authority

Role

Responsibility

ICS Site

Initiates Incident Response Plan

Security Focal

Monitors available vulnerability data.

Point

Provide guidance to ICS Systems administrator in hardening configuration of ICS systems and assets.

Review site specific hardening configuration procedures.

Communicate ICS Cybersecurity Policy deviations or non-conformance issues to operations, Vendors, and Contractors.

Perform periodic user account management documentation and system audits to determine potential non-compliance.

Investigate and notify all stakeholders of potential process non-compliance.

Invoke Incident Response Plan if required.

Interface with operations to communicate ICS Security Program policy, process and other document changes

Discuss policy deviations or non-conformance issues to operations

Provide guidance to ICS Systems administrator in classifying and protecting ICS information/data

Review site specific information/data classification and protection procedures

Communicate ICS information/data policy deviations or non-conformance issues to operations, customers and vendors

Conduct Threat, Vulnerability, and Risk Assessments

Contribute to development of ICS Security Program Implementation Plans

Identify and document security risks

Create uniform set of procedural controls

Monitor and report risks and status to ICS Security Team lead, ICS Security Program Manager and ICS Security Steering committee

Manage ICS implementation plan and remediation activities

Provides Remote Telephonic support to the operations team for Low / Medium incidents and mobilizes to site for High / Critical incidents to provide on-site support & recovery efforts

Federal Electricity & Water Authority

Role

Responsibility

 

Coordinates and interfaces with the System Vendors & Suppliers for the needed support.

Coordinates storing and protecting evidence and system Logs.

Responsible for the Incident Recovery & Normalization of DCS & SCADA systems with respect to Cyber Security

Security Engineer analyzes network traffic together with Network Specialist for signs of denial of service, distributed denial of service, or other external

Coordinates and interfaces with the System Vendors & Suppliers for the needed support.

Coordinates storing and protecting evidence and system Logs.

ICS Security

Comprised of various ICS Security Team roles (see org chart)

Team

Execute ICS Security Program Implementation and Governance Activities

Provide status updates to ICS Security Program Manager as requested

Review Risk Assessments.

Prepare/receive reports from business units.

Recommend Risk treatment options.

Prepare reporting for Steering Committee.

Track Risk Treatment against plan.

Monitors and analyses real-time information

Reviews and formats regular security reports

Define, document applicable laws and review UAE IA for new requirements

Develop approach to address new compliance requirements

Align internal ICS Security documentation with new compliance requirements

Provide updates to Learning and Development (L&D) Coordinator for education strategy plan

Federal Electricity & Water Authority

Role

Responsibility

ICS Security

Supports development of and management of ICS Security Training and delivery strategy.

Training Focal

Point

Coordinates training delivery schedules with HR.

Coordinates training communications with HR.

Ensures training content, modules, and syllabus are maintained

Conduct risk assessment on requested tools

ICS Network

Contribute to specific mitigation/transference strategies and plans

Engineers

Support site implementation plans (of technical controls) and interface with system support vendors where required

Maintain content of ICS Security Program content sites

Configures ICS assets to generate appropriate logs and related information

Evaluates the incident on receipt of information & diagnostics over phone.

Provides Remote Telephonic support to the operations team for Low / Medium incidents and mobilizes to site for High / Critical incidents to provide on-site support & recovery efforts

Responsible for the Incident Recovery & Normalization of DCS & SCADA systems with respect to Network Infrastructure

Network Engineer shall prevent incidents from further spreading and carry out the Recovery tasks on Network equipment (Switches, Routers, SDH system, etc.) and Network Infrastructure (Fiber Optics, Copper cabling, Converters, etc.).

Take action to block traffic from suspected intruder, or from the computer / network of cyber-attack originating.

Coordinates and interfaces with the System Vendors & Suppliers for the needed support.

Defines logging and real-time capture requirements

Federal Electricity & Water Authority

Role

Responsibility

Control

Evaluates the incident on receipt of information & diagnostics over phone.

Engineer

Mobilizes to site for supporting Incident Response & Recovery activities based on the information from Operations Chief / Team Leader.

Responsible for the Incident Recovery & Normalization of DCS & SCADA Hardware (Modules, Components, Marshalling, etc.), Control Sub-systems (ESD, F&G, RTU, etc.), System Utilities (UPS, Power supply, Grounding, etc.) and Field equipment (Instruments, Local panels, Pumps, Valves, etc.)

Supports the Team Leader and provide inputs to conclude on the severity of the incident (Low/Medium/High/Critical)

Coordinates and interfaces with the System Vendors & Suppliers for the needed support.

Site

Adhere to ICS Security Program policies, processes and procedures

Operations

Assist with implementation of ICS process and technical controls

Identify and report security risks

Keep up-to-date with ICS Security training requirements

Assists with implementation of ICS process and technical controls.

Coordinates for implementation of qualified ICS patches.

Site

Authorize access for creation of new ICS User Accounts

Supervisor

Authorize access for external user access to ICS systems for maintenance purposes

Regularly audit site activities to ensure compliance to ICS Security policies in collaboration with ICS Site Security focal point of contact

Provides guidance on confidential ICS information and approves select group of users that can access and handle confidential ICS information.

Helps the ICS system administrators determine specific users to be granted specific permissions.

Consolidate and address non-compliance with ICS Security Program Focal Point

Approve access and provide key(s)

Receive key(s)

Maintain key register log

Federal Electricity & Water Authority

Role

Responsibility

ICS Asset

Ensures assets are classified

Owner

Approve business requirement for removable media usage on an asset

Approve the disposal of asset

Track the destruction and disposal of asset

Approve business requirement for removable media usage on an asset

Ensure asset protection verification has been conducted

Operations

Operations Chief receives the incident information from Shift Supervisor / Sr. Operators and evaluates on normal & abnormal functions.

Chief

Estimates the potential impacts to the plant operations when a part / component of DCS / SCADA system go out of service.

Supports the Team Leader and provide inputs to conclude on the severity of the incident (Low/Medium/High/Critical)

Supports the Operations team to stop / resume the operations as necessary.

Approve Incident report presented by Team Leader

Engineering

Adhere to ICS Security Program policies, processes and procedures

Identify and report ICS security risks

Notify ICS Security Team of potential changes to ICS infrastructure

Interface with ICS Security Team to ensure new site build solutions adhere to ICS Requirements

Notify ICS Security Team of related standards program requirements (example: ISDS)

Keep up-to-date with ICS Security training requirements

Identify sensitive ICS information/data such as design documents, network architecture diagrams etc.

Ensure appropriate controls are implemented in new and upgraded systems to identify and protect sensitive information/data

Federal Electricity & Water Authority

Role

Responsibility

Maintenance

Adhere to ICS Security Program policies, processes and procedures

Identify and report ICS security risks

Notify ICS Security Team of potential changes to ICS infrastructure

Notify ICS Security Team of related standards program requirements (example: ISDS)

Keep up-to-date with ICS Security training requirements

L&D

Contribute to ICS Security training and education strategy plan

Coordinator

Manage/Oversee delivery and completion of ICS Security training

Manage the ICS Security training delivery mechanisms and related processes

Manage the ICS Security training completion tracking and reporting mechanisms and related processes

Coordinate training delivery schedules with ICS Security Team

Coordinate training communications with ICS Security Team

Contribute to ICS Security training and education strategy plan

Federal Electricity & Water Authority

Role

Responsibility

Supply Chain

Procure ICS Systems in compliance with ICS Security Program security requirements

Communicate ICS Security Program requirements to Vendors

Notify ICS Security Team of potential changes to ICS systems/infrastructure

Keep up-to-date with ICS Security training requirements

Engage ICS Vendors with cybersecurity specifications for ICS products, solutions, and services.

Qualify ICS Vendors.

Ensure contracts with ICS Vendors include specific measureable cybersecurity requirements as provided by Site Security Focal Point.

Identify sensitive ICS information/data to be shared or received from Vendors, Subvendors, Contractors, Subcontractors, Consultants and Manufacturers

Communicate ICS information/data protection requirements to all involved stakeholders

Implement or enforce information/data protection schemes to protect ICS information/data in transit (via email or phone)

HSE Analyst

Keep ICS Security Team informed and integrated with Change Management process

IT Support / Site Administrator (Example:

Develop and Maintain ICS Security Program content sites and knowledge repository

Maintain the configuration of the ICS Security Program sites

SharePoint)

Maintain static content of ICS Security Program sites

Define site usage guidelines

Manage Access credentials to ICS Security Program sites

HR

Enforce ICS Security Training for new and existing staff

Initiate ICS Account revocation requests when a user is terminated for cause

FEWA

Keep informed

Internal Audit

Rep

Federal Electricity & Water Authority

Role

Responsibility

Vendor

Provides asset inventory at SAT based on entity defined contracts.

Assists with asset inventorying including collection of logical attributes.

Consulted for recommended cybersecurity maintenance and feasible cybersecurity controls which can be implemented.

Owns cybersecurity maintenance tasks that are performed at defined intervals based on entity support/maintenance agreements.

Implements approved cybersecurity controls based on entity approvals and contracts.

Demonstrates the current state of cybersecurity controls based on entity defined contracts.

Assist ICS Security Team with responding to gap and risk related inquiries

Interface with ICS Security Team to support site implementation plans and ICS Security Program compliance

Keep up-to-date with ICS Security training requirements

Ensures delivery aligns with cybersecurity specifications.

Supports in assessment of Mitigating Controls for identified risks.

Demonstrates conformance with cybersecurity specifications.

Supports in testing activities to validate compliance with cybersecurity specifications.

Ensures delivery aligns with cybersecurity specifications.

Supports in assessment of Mitigating Controls for identified risks.

Demonstrates conformance with cybersecurity specifications.

Supports in testing activities to validate compliance with cybersecurity specifications.

Provides information on new ICS vulnerabilities.

Qualifies patches for applicable vulnerabilities.

Qualifies security configurations to protect information based on current installations.

Suggests mitigating controls wherever vendor system or asset does not provide protection capabilities.

Documents Patch Procedures to support implementation, implements Patches based on maintenance contracts.

Follows FEWA’s policies and processes.

Document Control Number:

Work with ICS System Administrator and Asset Owner to:

Provide backup and restore procedures

ICS Cybersecurity Roles and Responsibilities

Page 1-13

Federal Electricity & Water Authority

Role

Responsibility

Vendors,

Recommend ICS systems and assets configuration hardening baselines for protection against cyber-attacks.

Subvendors,

Contractors,

Follow FEWA’s policy and process on configuration protection.

Subcontractors

Identify ICS information/data that needs protection

Recommend security configurations to protect information/data based on its classification

Recommend compensating measures wherever vendor system or asset does not provide protection capabilities

Follow FEWA’s policy and process on Information/data classification

External ICS

Provide ICS Security Program Policy, Process and Procedure Development Assistance

Security

Advisory

Provide ICS Security Program Implementation assistance (gap analysis, risk assessment)

(Example: Al

Hosn,

Wurldtech)

Assist with defining ICS Security Assessment/Certification Audit and Acceptance Criteria

Assist with yearly ICS Security Assessment/Certification cycle

ICS Systems

Responsible for following ICS Cyber Security Policies to ensure conformance

Administrator

Responsible for implanting new technical and administrative controls to ensure compliance to ICS Cyber Security policies

Responsible for reviewing ICS processes and developing system/site specific procedures

Configures ICS assets to generate appropriate logs and related information

Configure collection, correlation analysis for local and central solutions with backup

Federal Electricity & Water Authority

Role

Responsibility

ICS Systems

Monitor Dashboard for real-time analysis updates on ICS security posture

Administrator

Execute and log the secure deletion and/or destruction of information.

Where locally possible, destroy and dispose of assets and subcomponents. Where not possible initiate FEWA Wide Disposal Process

Update ICS Asset Inventory when assets have been decommissioned

Provides Remote Telephonic support to the operations team for Low / Medium incidents and mobilizes to site for High / Critical incidents to provide on-site support & lead the recovery efforts

Instructs for the mobilization of other Automation team members to site (Security Engineer, Network Engineer, etc.) and directs them in supporting the incident recovery activities

Performs first hand incident analysis, and restoration activities onsite.

Responsible for the Incident Recovery & Normalization of DCS & SCADA systems with respect to Software Applications, Control & Monitoring Functionalities

Supports the Team Leader and provide inputs to conclude on the severity of the incident (Low/Medium/High/Critical)

Coordinates and interfaces with the System Vendors & Suppliers for the needed support.

Assisting in writing the Incident Report

Supports identification of vulnerabilities and risk management

Assesses implementation against design.

Support SAT Testing

Perform backup and restore activities during scheduled maintenance tasks.

Verify backup was successful

Perform restore activities

Document backup and restore procedures

Document back and restore strategy based on business requirements and system capabilities

Federal Electricity & Water Authority

Role

Responsibility

ICS Systems

Defines and configure logging and real-time capture requirements

Administrator

Updates the ICS Site Logging Register

Configure collection, correlation analysis for local and central solutions with backup

Creates and maintains up-to-date OT relevant automated rules on analysis tools (e.g: Q-Radar)

Monitors available vulnerability data.

Determines applicability of vulnerabilities.

Documents applicable vulnerabilities associated with ICS system and/or assets.

Communicates uncured vulnerabilities to Site Security Focal Point.

Evaluates the risk of technical vulnerabilities to the ICS and FEWA.

Assess and Identifies acceptable Mitigating Controls.

Documents Remediation.

Monitors local vulnerability status on in-scope ICS systems and assets.

Documents Patching procedures.

Maintains Patch Inventory.

Assists with the testing and deployment of new patches and mitigating controls through the Change Management Process.

Identify additional attributes, which must be recorded that provide business value (e.g. mapping assets to cybersecurity maintenance (e.g. backups, password changed, vulnerability management, etc. to the appropriate owners and frequency)).

Schedules maintenance arrangements for assets.

Ensures through periodic reviews that appropriate cybersecurity controls are implemented and maintained.

Ensures all legal requirements for ICS assets are met.

Responsible for configuring ICS assets per ICS cybersecurity policies.

Performs required system hardening tasks during scheduled maintenance.

Reviews ICS configurations to ensure that baseline levels of protection have not changed since the last review.

Federal Electricity & Water Authority

Role

Responsibility

ICS Systems

Updates records in Assets Inventory register.

Administrator

Assists with Asset Classification and information labeling.

Ensures Asset Inventory is maintained and reviewed periodically based on entity defined intervals.

Facilitates that assets are protected in accordance with their classification.

Consults vendors for technically feasible and approved cybersecurity controls.

Recommends cybersecurity controls based on system criticality, cybersecurity risk, and technical feasibility and/or vendor approval

Discuss media requirements and media kiosk requirements with requestor

Order sample set of media and test for appropriateness

Order media and media kiosk

Sanitize & scan media

Harden endpoint(s) and kiosk(s), deploy security software and verify effectiveness. Adjust security profile to subdue protection and restore security profile.

Update ICS Authorized Removable Media Inventory Register

Remove or oversee removal of tools

Add tool to approved tools register

Initiate Incident Management Process

Responsible for providing role based access Operation Users (Operators, Supervisors, Shift Controller, Engineer, etc.), Vendors, Subvendors, Contractors, Subcontractors or Consultants.

Responsible for defining user groups for ICS systems & applications (i.e. Operator, Supervisor, Engineer, Domain Administrator, etc.).

Reviews all access rights and account registrations every 6 months.

Test new physical key(s)

Federal Electricity & Water Authority

Role

Responsibility

 

Ultimate responsibility for protection of defined site/asset by maintaining key register and security container

Ensure ICS systems are accesses by only authorized users

Dispose of physical keys

Responsible for identifying and classifying ICS information/data

Implement controls to protect ICS information/data

Reviews information/data classifications to ensure that classification levels have not changed since the last review

Federal Electricity & Water Authority

Role

Responsibility

ICS Asset

Inventory asset physical and logical attributes based on defined Asset Inventory requirements and local standards.

Owner

Classify assets in accordance with the ICS Information Classification Process.

Ensures Asset Inventory is maintained and reviewed periodically based on entity-defined intervals.

Ensures logging and real-time capture requirements are defined and enabled for new assets and are reviewed each quarter

Monitors available vulnerability data

Determines applicability of vulnerabilities.

Documents applicable vulnerabilities associated with ICS system and/or assets.

Communicates uncured vulnerabilities to Site Security Focal Point.

Evaluates the risk of technical vulnerabilities to the ICS and FEWA.

Assess and Identifies acceptable Mitigating Controls.

Documents Remediation.

Documents Patching procedures.

Maintains Patch Inventory.

Assists with the testing and deployment of new patches and mitigating controls through the Change Management Process.

Define RPO (Recovery Point Objective) and RTO (Recovery Time Objective)

Identify backup and restore strategy based on business requirements and system capabilities

Legal Counsel

Approves where necessary for legal or regulatory purposes external communication of vulnerabilities.

Federal Electricity & Water Authority

Role

Responsibility

End Users

Escalating any security incident or suspected events in the systems, applications, software, and any related malfunction to the Chief Information Security Officer as soon as it occurs.

Carefully following the information security policies and procedures specially when dealing with confidential information at FEWA.

Protecting devices used by them to perform their day to day activities at FEWA against unauthorized access, theft and any other harm.

Attending the Information Security Awareness workshops organized by the Information Technology Department and show interest in understanding their roles and applying it in their day-to-day activities at FEWA.

Federal Electricity & Water Authority

3 VERSION HISTORY

Version No.

Date

Description of Change

By

1.0

07/02/2017

Initial Release

Al-hosn

Information

Security

Consultancy

Federal Electricity & Water Authority

4 DOCUMENT APPROVAL

Reviewers Title Signature Date Comments
Reviewers
Title
Signature
Date
Comments

Federal Electricity & Water Authority