WaterISAC will be hosting two webcasts in July and August to help utilities evaluate their cybersecurity risks and determine whether and how to implement the NIST Cybersecurity Framework, issued in February under the President's Executive Order 13636. The webcasts are available to members and nonmembers, but registration is required.
NIST Cybersecurity Framework, Getting Started in the Water Sector
Tuesday, July 22, 2:00-3:15 p.m. ET
Join WaterISAC on Tuesday, July 22, 2014 from 2:00 to 3:15 PM ET for a webcast on the NIST Cybersecurity Framework. The NIST Cybersecurity Framework is a set of best practices derived from consensus-based IT and industrial control systems security standards. Water and wastewater systems are not legally required to implement the Framework, but the Federal government is urging all critical infrastructure owners and operators to do so voluntarily in order to reduce their risks from possible cyber attacks against their IT and industrial control systems. The goal of the webcast is to help the water sector get started using the Framework by providing attendees a basic understanding of its components and recommendations. The webcast will also highlight various programs, guidance and tools to help the water sector implement the Framework, such as the AWWA Cybersecurity Guidance & Tool.
WaterISAC's guest will be Cheryl Santor, CGEIT, CISM, CISSP, CISA, the Information Security Manager of the Metropolitan Water District of Southern California.
Cybersecurity Assessments and Tools by DHS
Wednesday, August 20, 2014, 2:00-3:00 p.m. ET
On Wednesday, August 20, 2014, WaterISAC will host a webcast on cybersecurity services and tools offered by the U.S. Department of Homeland Security (DHS). These services include free, confidential onsite cybersecurity assessments conducted by the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) as well as the Cyber Security Evaluation Tool (CSET). CSET is a downloadable tool developed by cybersecurity experts under the direction of ICS-CERT to help users assess the security posture of their cyber systems and networks.
Presenters will also discuss the Cyber Resilience Review (CRR) provided by DHS’s U.S. Computer Emergency Readiness Team (US-CERT). The CRR measures the operational resilience of a specific critical service to provide participants with a detailed report containing options for consideration. It is a voluntary assessment that can either be conducted via a facilitated one-day workshop or as a self-assessment; the CRR Self-Assessment Kit is meant to complement the NIST Cybersecurity Framework.