Cybersecurity Converged Resilience :

Similar documents
CyberSecurity Solutions. Delivering

Cybersecurity Delivering Confidence in the Cyber Domain

THE WHITE HOUSE. Office of the Press Secretary. For Immediate Release February 12, February 12, 2013

Best Practices in ICS Security for Device Manufacturers. A Wurldtech White Paper

Microsoft s cybersecurity commitment

Critical Infrastructure Security and Resilience

Network Systems Integration

Cybersecurity and internal audit. August 15, 2014

Experience the commitment WHITE PAPER. Information Security Continuous Monitoring. Charting the Right Course. cgi.com 2014 CGI GROUP INC.

How To Protect Your Network From Attack From A Network Security Threat

Release of the Draft Cybersecurity Procurement Language for Energy Delivery Systems

Cybersecurity: Mission integration to protect your assets

Agenda. Introduction to SCADA. Importance of SCADA security. Recommended steps

Solutions and IT services for Oil-Gas & Energy markets

EEI Business Continuity. Threat Scenario Project (TSP) April 4, EEI Threat Scenario Project

Update on U.S. Critical Infrastructure and Cybersecurity Initiatives

National Communications System. December 6, 2007

IEEE-Northwest Energy Systems Symposium (NWESS)

Cisco Security Optimization Service

CYBER SECURITY GUIDANCE

Cyber ROI. A practical approach to quantifying the financial benefits of cybersecurity

Why you should adopt the NIST Cybersecurity Framework

Enterprise Security Tactical Plan

JOB ANNOUNCEMENT. Chief Security Officer, Cheniere Energy, Inc.

Advanced Threat Protection with Dell SecureWorks Security Services

JOINT EXPLANATORY STATEMENT TO ACCOMPANY THE CYBERSECURITY ACT OF 2015

The Comprehensive National Cybersecurity Initiative

Oil & Gas Industry Towards Global Security. A Holistic Security Risk Management Approach.

A COMPLETE APPROACH TO SECURITY

Reliable, Repeatable, Measurable, Affordable

NATIONAL STRATEGY FOR GLOBAL SUPPLY CHAIN SECURITY

Rebecca Massello Energetics Incorporated

MEMORANDUM. Date: October 28, Federally Regulated Financial Institutions. Subject: Cyber Security Self-Assessment Guidance

Motorola Enterprise Mobility Services. Maximize the value of your mobility solutions

Regulatory Compliance Management for Energy and Utilities

Internal audit of cybersecurity. Presentation to the Atlanta IIA Chapter January 2015

Security solutions White paper. Acquire a global view of your organization s security state: the importance of security assessments.

Privacy and Security in Healthcare

TUSKEGEE CYBER SECURITY PATH FORWARD

TEXAS HOMELAND SECURITY STRATEGIC PLAN : PRIORITY ACTIONS

Security Architecture: From Start to Sustainment. Tim Owen, Chief Engineer SMS DGI Cyber Security Conference June 2013

INFRAGARD.ORG. Portland FBI. Unclassified 1

C ETS C/ETS: CYBER INTELLIGENCE + ENTERPRISE SOLUTIONS CSCSS / ENTERPRISE TECHNOLOGY + SECURITY

Final Draft/Pre-Decisional/Do Not Cite. Forging a Common Understanding for Critical Infrastructure. Shared Narrative

FFIEC Cybersecurity Assessment Tool

Best Practices in ICS Security for System Operators. A Wurldtech White Paper

How To Write A National Cybersecurity Act

Cybersecurity. Are you prepared?

IT Infrastructure Services. White Paper. Cyber Risk Mitigation for Smart Cities

Tapping the benefits of business analytics and optimization

Network Management and Defense Telos offers a full range of managed services for:

U.S. Cyber Security Readiness

NGA Paper. Act and Adjust: A Call to Action for Governors. for cybersecurity;

Seamless Mobile Security for Network Operators. Build a secure foundation for winning new wireless services revenue.

A MULTIFACETED CYBERSECURITY APPROACH TO SAFEGUARD YOUR OPERATIONS

Cybersecurity on a Global Scale

National Cybersecurity & Communications Integration Center (NCCIC)

[STAFF WORKING DRAFT]

RE: Experience with the Framework for Improving Critical Infrastructure Cybersecurity

The President s Critical Infrastructure Protection Board. Office of Energy Assurance U.S. Department of Energy 202/

Symantec Cyber Threat Analysis Program Program Overview. Symantec Cyber Threat Analysis Program Team

Middle Class Economics: Cybersecurity Updated August 7, 2015

Department of Management Services. Request for Information

Cybersecurity Enhancement Account. FY 2017 President s Budget

Considerations for Hybrid Communications Network Technology for Pipeline Monitoring

BIG DATA. Shaun McLagan General Manager, RSA Australia and New Zealand CHANGING THE REALM OF POSSIBILITY IN SECURITY

IBM Internet Security Systems October FISMA Compliance A Holistic Approach to FISMA and Information Security

Defending Against Data Beaches: Internal Controls for Cybersecurity

NIPP Partnering for Critical Infrastructure Security and Resilience

Performs the Federal coordination role for supporting the energy requirements associated with National Special Security Events.

Industrial Security Solutions

THE CXO S GUIDE TO MANAGING EXPANSION... WHILE CONTROLLING COSTS & COMPLIANCE CONSIDERATIONS

Protecting Organizations from Cyber Attack

Software & Supply Chain Assurance: Mitigating Risks Attributable to Exploitable ICT / Software Products and Processes

The Protection Mission a constant endeavor

How To Buy Nitro Security

North American Electric Reliability Corporation (NERC) Cyber Security Standard

The Geospatial Approach to Cybersecurity: An Executive Overview. An Esri White Paper January 2014

CYBER SECURITY INFORMATION SHARING & COLLABORATION

How To Create An Insight Analysis For Cyber Security

7 Homeland. ty Grant Program HOMELAND SECURITY GRANT PROGRAM. Fiscal Year 2008

Bellevue University Cybersecurity Programs & Courses

Cyber Security Evolved

High Level Cyber Security Assessment 2/1/2012. Assessor: J. Doe

CYBER SECURITY AND RISK MANAGEMENT. An Executive level responsibility

ICBA Summary of FFIEC Cybersecurity Assessment Tool

Services. Cybersecurity. Capgemini & Sogeti. Guiding enterprises and government through digital transformation while keeping them secure

Enterprise Risk Management taking on new dimensions

CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL

Addressing Dynamic Threats to the Electric Power Grid Through Resilience

Infor CloudSuite. Defense-in-depth. Table of Contents. Technical Paper Plain talk about Infor CloudSuite security

ICS-CERT Year in Review. Industrial Control Systems Cyber Emergency Response Team. National Cybersecurity and Communications Integration Center

Understanding SCADA System Security Vulnerabilities

Transcription:

Cybersecurity Converged Resilience : The cybersecurity of critical infrastructure

2 AECOM Port Authority of New York and New Jersey (PANYNJ), New York, New York, United States. AECOM, working with the PANYNJ, developed a custom inventory schema and associated questionnaire to inventory the industrial control systems across all 17 PANYNJ transportation and commercial facilities. Developed by combining asset standards from the National Institute of Science and Technology, industry best practices and PANYNJ inventory practices, the plan is a vital first step in addressing security issues on the system.

Cybersecurity 3 Converged Resilience : An integrated approach to cybersecurity Some of the greatest management challenges facing the public and private sectors today are from persistent and advanced cyber threats. Trusted information delivery and assured control of an operational enterprise rely on much more than strong network passwords. Today s dynamic threat environment demands integrated solutions, aligned closely to industry-specific operations and critical business functions. The challenge is understanding potential vulnerabilities and making informed, critical decisions on what and where to budget for security and resilience of assets, systems and networks. AECOM s Converged Resilience approach provides integrated, holistic solutions that bolster your ability to anticipate, avoid and absorb threats. Operational resilience must address wired and wireless cybersecurity, physical security and safety, environmental impact, process improvement and an executable governance structure. These elements must be engineeredin to create a safe, secure, effective and economic solution focused on business continuity. We leverage our global capability to design, build, finance and operate facilities, systems and associated infrastructure for nearly every market sector. Our cybersecurity, information technology and risk experts work closely with our architects and engineers to provide tailored solutions that minimize risks, align security investments to industryspecific standards and greatly reduce the impact of an incident. Converged Resilience An integrated, holistic solution to cybersecurity and operational resilience that bolsters an organization s ability to anticipate, avoid and absorb threats.

4 AECOM Risk-informed protection of critical data Every business or government entity that relies on data for mission success must be prepared to face disruptions, natural disasters and other anomalies. Protecting that information delivery chain requires a robust enterprise solution addressing governance, policy, standards, a concept of operation, and a view of current and future technology states. AECOM considers your business information requirements and processes, potential risks and threats, operational systems and technologies, as well as future vision to develop sound strategies focused on resilience as well as business continuity. Our practice of identifying, characterizing, and classifying assets and information frames our risk management strategy. Our approach aligns critical processes and business technologies to improve resilience, preparedness, detection and response. AECOM s professionals provide greater insight that informs and enhances decision-making, ensuring resources are properly allocated for maximum benefit. Our teams combine the best technology, people and partners from across industry to deliver: Protecting your organization s data and data networks is central to our Converged Resilience approach. We focus on providing long-term data and intellectual property protection that shields your information and does not compromise your competitive advantage in the marketplace. 317;1 Million new pieces of malware created last year; the number of new threats released each day. Verizon 2015 Data Breach Investigations Report US$12.7 million The average cost of cybercrimes in the United States in 2014. Statista, The Statistics Portal 43% The percentage of firms in the United States that experienced a data breach in 2014. Ponemon Institute Enterprise vulnerability assessments Enterprise architecture and design RISK MITIGATION Cyber operations/network monitoring Data center consolidation and virtualization Wireless and remote sensing Secure industrial control system design and integration Disaster recovery and back-up Exercises and security evaluations Information assurance User training and cyber awareness Policy and regulatory requirements Secure cloud solutions RISK AWARENESS HN CH TEC T OGY TECHNOLOGY SYSTEMS TEM TE OLOG OL NO HNOLO ST SYS S SY Y S AECOM Converged Resilience PROCESSES SSE PEOPLE P PE PEO ROCESS ES OP L CE PR RO O C P CONTINUOUS IMPROVEMENT

Cybersecurity 5 Chicago Department of Water Management, Chicago, Illinois, United States. AECOM worked with the utility to develop a security and preparedness capital improvement plan to improve the security and resilience of supervisory control and data acquisition systems and critical infrastructure for the two largest capacity conventional water treatment plants in the world.

6 AECOM Life cycle solutions for infrastructure security AECOM considers life cycle protection of critical infrastructure from every type of risk: deliberate, accidental and natural. Converged Resilience encompasses cyber, wireless and physical domains identifying vulnerabilities and weaknesses within each domain, focusing in on gaps and seams, and aligning critical processes with the critical business technologies to ensure business continuity through improved resilience, preparedness, detection and response. Converged Resilience also integrates risk and security, incorporating a repeatable method of identifying and aligning assets with critical business processes. It uses the best practices of industry, government and sectorspecific methodologies. We crossreference the National Institute of Standards and the Technology, International Standards Organization, Critical Infrastructure Protection, Department of Homeland Security National Infrastructure Protection Plan, American Petroleum Institute and other industry-specific security controls. We work with key stakeholders to frame, assess, remediate and monitor risk focusing on those critical business processes that have the greatest impact to shareholder value, brand name and business operations. INTEGRATED RISK AND SECURITY CYBER PHYSICAL WIRELESS RISK INFORMED DECISIONS SHAREHOLDER VALUE MATERIALITY (HEADLINE RISK) ENTERPRISE (BUSINESS RISK) OPERATIONAL (SECURITY RISK) Critical infrastructure and key resources security Threat and vulnerability assessments Network topology/ desktop configuration Data retrieval/recovery Disaster recovery Emergency preparedness planning Continuity of operations planning Cyber resilience analysis Access security assessment and remediation Closed-circuit television and intrusion detection Bomb blast analysis Sensitive compartmented information facility secure space design and configuration Biometrics Transportation security Emergency operations centers design-build Electromagnetic spectrum vulnerability assessment Technical surveillance countermeasures Radio frequency propagation Electromagnetic interference Electromagnetic environment effects Radio frequency shielding Radio frequency security engineering IEEE 802.11 Wireless WAN IEEE 802.16 Wireless MAN Cellular (GSM, CDMA, LTE) FRAME ASSESS RESPOND AND REMEDIATE MONITOR AND MAINTAIN SECURITY LIFE CYCLE CONVERGED RESILIENCE

Cybersecurity 7 Developing an effective cybersecurity program requires an understanding of both your systems and your business/ operating model. AECOM combines network and operational expertise with a comprehensive flexible and proven process to deliver innovative solutions that improve your organization s resilience to deliberate attacks. Our solutions are built on: Big picture enterprise solutions We use situational awareness of the interdependencies and vulnerabilities across our clients organizations to lower their back-end security costs and improve overall resilience. Business assurance We align business and security objectives to business and security risk, arming senior leadership with the risk-informed knowledge they need to optimize capital and operational expenditures for protection against cyber threats. Integrated delivery approach We support all stages of the project, from planning to execution to ongoing management and operations. Our integrated approach is central to our practice and enables us to consider cyber vulnerabilities at every step in the process so that we can develop a customized approach with long-term value. Security of customer data We are committed to the security and confidentiality of the information, data and work products developed as part of any cybersecurity and preparedness project. We hold facility and individual security clearances across all disciplines. Deep technical expertise Our experts include engineers, planners, architects, landscape architects, environmental specialists, economists, scientists, consultants and construction specialists who understand the infrastructure needs of our customers. Our cyber security/ resilience experts work with our multidisciplinary project teams to integrate security and protection across the project life cycle, from planning and design to implementation and maintenance. Project flexibility and speed We are able to execute a rapid, agile and innovative process to effectively deliver customized solutions that consider future operational needs.

8 AECOM A partner in protection for critical network functions AECOM s leading-edge cybersecurity capabilities are built on our experience with the United States (U.S.) Department of Defense, Cyber Command and Defense Information System Agency benchmark practices and our design, build and operation of secure infrastructure assets for publicand private-sector clients worldwide. From information assurance and information systems security engineering for the U.S. Army to the design and engineering of a facility for real-time tracking of Air Force nuclear assets, we partner with government agencies to support mission-critical activities. Our teams bring unique expertise in intelligence, information technology and cybersecurity to provide situational awareness, risk analytics, and scalable and secure networkcentric defense. Maintaining tight network security is a top priority for AECOM. For this reason, we deliver information systems that comply with DoD ports, protocols and services guidance. AECOM also monitors various intelligence reports for new and current threats, and provides proactive defense capabilities to reduce the risk of future compromises. AECOM delivers the full spectrum of integrated planning, management and execution expertise for CYBERCOM s global cybersecurity missions, providing critical 24/7 cyber engineering and technical assistance that directly contributes to securing the Department of Defense s enterprise.

Cybersecurity 9 AECOM provided network security services, including information systems engineering and integration, for the U.S. Office of the Secretary of Defense, Army and Air Force components of the Pentagon information technology enterprise, which supports more than 22,000 users. We were responsible for detecting threats and controlling access to classified and sensitive but unclassified information. We continue to undertake periodic assessment of the network and subnetwork structure and configuration to identify vulnerabilities.

10 AECOM We build safety, security and resilience into everything we do As one of the world s largest professional and technical services firms that designs and constructs secure infrastructure assets around the globe, AECOM recognizes resilience as a critical consideration on all of our projects and we take a holistic approach that goes beyond cybersecurity. Our teams have unmatched resources and expertise to handle the complex, interconnected challenges associated with safety, security and functionality of critical infrastructure across every market sector. AECOM s resilience experts provide a streamlined process that integrates resilience into all project phases, from planning and design, construction, operations and maintenance. We are committed to strengthening and AECOM collaborates with the U.S. Department of Energy, Pacific Northwest National Laboratories, on a SCADA test bed to develop cybersecurity strategies for the National Power Grid. maintaining secure, functioning and resilient systems, networks and other assets. Our extensive realworld knowledge of infrastructure and the factors that impact business continuity such as aging and/or deteriorating infrastructure, climaterelated impacts and natural disasters, sophisticated criminal threats and economic fluctuations in the economy help us deliver proactive solutions that are customized to meet clients short- and long-term needs. Chemical Commercial facilities Communications Critical manufacturing Dams Defense industrial base Emergency services Energy Financial services Food and agriculture Government facilities Health care and public health Information technology Nuclear reactors, materials and waste Transportation systems Water and wastewater systems

Cybersecurity 11 With more than 100 years serving the oil and gas industry, AECOM is the leading provider of design, construction and production services across the oil and gas supply chain. This experience allows us to identify potential cyber, physical and operations security threats to this market s critical infrastructure, and design adapted risk management solutions.

About AECOM AECOM is a premier, fully integrated professional and technical services firm positioned to design, build, finance and operate infrastructure assets around the world for public- and private-sector clients. With nearly 100,000 employees including architects, engineers, designers, planners, scientists and management and construction services professionals serving clients in over 150 countries around the world, AECOM is ranked as the #1 engineering design firm by revenue in Engineering News-Record magazine s annual industry rankings, and has been recognized by Fortune magazine as a World s Most Admired Company. The firm is a leader in all of the key markets that it serves, including transportation, facilities, environmental, energy, oil and gas, water, high-rise buildings and government. AECOM provides a blend of global reach, local knowledge, innovation and technical excellence in delivering customized and creative solutions that meet the needs of clients projects. A Fortune 500 firm, AECOM companies, including URS Corporation and Hunt Construction Group, have annual revenue of approximately $19 billion. For more information, contact us at: askcyber@aecom.com www.aecom.com/cybersolutions Follow us on Twitter: @aecom V.01 2015 AECOM. All Rights Reserved.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information