ICS Cybersecurity

Roles and Responsibilities

Federal Electricity & Water Authority

Table of Contents

1 Purpose ........................................................................................................... 2
2 Cybersecurity roles and responsiblities ........................................................... 3
3 Version History .............................................................................................. 21
4 Document Approval ....................................................................................... 22

Document Control Number: ICS Cybersecurity Roles and Responsibilities Page 1-1
Federal Electricity & Water Authority

1 PURPOSE
The purpose of this document is to define roles and responsibilities that are essential to the
implementation of ICS cybersecurity policies and processes.

Document Control Number: ICS Cybersecurity Roles and Responsibilities Page 1-2
Federal Electricity & Water Authority

2 CYBERSECURITY ROLES AND RESPONSIBLITIES

Role Responsibility

CISO Safeguard companys information and assets required for normal

operations
Accountable for Risk Management
Set business goals and objectives
Approve CII Operator reports
Approve Risk Treatment Plan
Approve Security Program Documentation

ICS Security Define ICS Security Program Objectives

Steering
Ensure participation in ICS Security Program by relevant FEWA business
Committee
units
Oversee ICS Security Program
Provide strategic direction on ICS Security Program as appropriate to
ensure alignment with corporate strategy
Review and approve changes to ICS Security Program documents
Develop Strategy to involve larger set of organizations with shared
objectives
Monitor ICS risk management activities.
Review and approve risk management strategy and policy.
Ensure FEWA demonstrates due diligence in addressing compliance
requirements
Review of information/data security policies and processes Provide
guidance to ICS Systems administrator in classifying

Document Control Number: ICS Cybersecurity Roles and Responsibilities Page 1-3
Federal Electricity & Water Authority

Role Responsibility

ICS Oversee ICS Security Program

Information
Review/Approve ICS Security business cases, request funding and
Manager
resources, and provide reports and ROI information
Establish ICS Security Program Governance and Organization structure
Provide guidance to ICS Security Team
Identify processes and schedule for monitoring, tracking and reporting ICS
Security Program success
Establish ICS Security Program KPI's
Manage creation and changes to ICS Security Program Charter documents
Coordinator for facilitating Risk, Incident and Audit management activities
Manage ICS Implementation communications plan
Govern compliance of ICS Security Program Policies, Processes and
Procedures with Vendors
Enforce ICS Security training by vendors and contractors
Communicate ICS Security Implementation plans to sites
Overall responsibility for adherence to information legislation, including Freedom
of Information Act, Environmental Information Regulations, Data Protection Act,
Copyright Act
Overseeing security operations and information security incident
management.
Overseeing investigations/forensics of security breaches.
Overseeing Information Security training & awareness programs.

Document Control Number: ICS Cybersecurity Roles and Responsibilities Page 1-4
Federal Electricity & Water Authority

Role Responsibility

ICS Site Interface with operations, customers and vendors to communicate ICS
Security Focal Security Program policy, process and procedure changes
Point
Escalate major ICS Security Program issues to ICS Information Manager
Discuss ICS Security Program policy deviations or non-conformance issues
to operations, customers, vendors
Communicate ICS Security Implementation plans to sites
Integrate cyber-security management into existing HSE Incident
Management Process
Format and present regular security posture report generated from
SIM/SIEM
Initiate FEWA/Site Incident Response Plan
Identify roles for specific training requirements and delivery strategy

Ensures role specific training requirements are maintained.

Supports identification and definition of cybersecurity specifications for ICS

products, solutions, and services.
Assess ICS Vendor design proposal against cybersecurity specifications.
Manage risk to the ICS and FEWA from ICS Vendor products, solutions,
and/or services and the associated supply chain
Ensure ICS Vendors continuous conformance with contractually defined
cybersecurity specifications.
Defines logging and real-time capture requirements
Creates and maintains up-to-date ICS relevant automated rules on analysis
tools
Defines and Documents Vulnerability Management timelines.
Document vulnerabilities in internal reports.
Evaluates the risk of technical vulnerabilities to FEWA.
Manages Deviations with the ICS Exceptions Process.
Communicates new vulnerability information and vulnerability status
internally.
Externally communicates vulnerabilities when necessary for legal or
regulatory purposes through Legal Counsel approval.
Manages Operational approval and coordination for implementation of
qualified patches.

Document Control Number: ICS Cybersecurity Roles and Responsibilities Page 1-5
Federal Electricity & Water Authority

Role Responsibility

ICS Site Initiates Incident Response Plan

Security Focal
Monitors available vulnerability data.
Point
Provide guidance to ICS Systems administrator in hardening configuration
of ICS systems and assets.
Review site specific hardening configuration procedures.
Communicate ICS Cybersecurity Policy deviations or non-conformance
issues to operations, Vendors, and Contractors.
Perform periodic user account management documentation and system
audits to determine potential non-compliance.
Investigate and notify all stakeholders of potential process non-compliance.
Invoke Incident Response Plan if required.
Interface with operations to communicate ICS Security Program policy,
process and other document changes
Discuss policy deviations or non-conformance issues to operations
Provide guidance to ICS Systems administrator in classifying and protecting
ICS information/data
Review site specific information/data classification and protection
procedures
Communicate ICS information/data policy deviations or non-conformance
issues to operations, customers and vendors
Conduct Threat, Vulnerability, and Risk Assessments
Contribute to development of ICS Security Program Implementation Plans
Identify and document security risks
Create uniform set of procedural controls
Monitor and report risks and status to ICS Security Team lead, ICS Security
Program Manager and ICS Security Steering committee
Manage ICS implementation plan and remediation activities
Provides Remote Telephonic support to the operations team for Low /
Medium incidents and mobilizes to site for High / Critical incidents to
provide on-site support & recovery efforts

Document Control Number: ICS Cybersecurity Roles and Responsibilities Page 1-6
Federal Electricity & Water Authority

Role Responsibility

Coordinates and interfaces with the System Vendors & Suppliers for the
needed support.
Coordinates storing and protecting evidence and system Logs.
Responsible for the Incident Recovery & Normalization of DCS & SCADA
systems with respect to Cyber Security
Security Engineer analyzes network traffic together with Network Specialist
for signs of denial of service, distributed denial of service, or other external
Coordinates and interfaces with the System Vendors & Suppliers for the
needed support.
Coordinates storing and protecting evidence and system Logs.

ICS Security Comprised of various ICS Security Team roles (see org chart)
Team
Execute ICS Security Program Implementation and Governance Activities
Provide status updates to ICS Security Program Manager as requested
Review Risk Assessments.
Prepare/receive reports from business units.
Recommend Risk treatment options.
Prepare reporting for Steering Committee.
Track Risk Treatment against plan.
Monitors and analyses real-time information
Reviews and formats regular security reports
Define, document applicable laws and review UAE IA for new requirements
Develop approach to address new compliance requirements
Align internal ICS Security documentation with new compliance
requirements
Provide updates to Learning and Development (L&D) Coordinator for
education strategy plan

Document Control Number: ICS Cybersecurity Roles and Responsibilities Page 1-7
Federal Electricity & Water Authority

Role Responsibility

ICS Security Supports development of and management of ICS Security Training and
Training Focal delivery strategy.
Point
Coordinates training delivery schedules with HR.
Coordinates training communications with HR.
Ensures training content, modules, and syllabus are maintained
Conduct risk assessment on requested tools

ICS Network Contribute to specific mitigation/transference strategies and plans

Engineers
Support site implementation plans (of technical controls) and interface with
system support vendors where required
Maintain content of ICS Security Program content sites
Configures ICS assets to generate appropriate logs and related information
Evaluates the incident on receipt of information & diagnostics over phone.
Provides Remote Telephonic support to the operations team for Low /
Medium incidents and mobilizes to site for High / Critical incidents to
provide on-site support & recovery efforts
Responsible for the Incident Recovery & Normalization of DCS & SCADA
systems with respect to Network Infrastructure
Network Engineer shall prevent incidents from further spreading and carry
out the Recovery tasks on Network equipment (Switches, Routers, SDH
system, etc.) and Network Infrastructure (Fiber Optics, Copper cabling,
Converters, etc.).
Take action to block traffic from suspected intruder, or from the computer /
network of cyber-attack originating.
Coordinates and interfaces with the System Vendors & Suppliers for the
needed support.
Defines logging and real-time capture requirements

Document Control Number: ICS Cybersecurity Roles and Responsibilities Page 1-8
Federal Electricity & Water Authority

Role Responsibility

Control Evaluates the incident on receipt of information & diagnostics over phone.
Engineer
Mobilizes to site for supporting Incident Response & Recovery activities
based on the information from Operations Chief / Team Leader.
Responsible for the Incident Recovery & Normalization of DCS & SCADA
Hardware (Modules, Components, Marshalling, etc.), Control Sub-systems
(ESD, F&G, RTU, etc.), System Utilities (UPS, Power supply, Grounding,
etc.) and Field equipment (Instruments, Local panels, Pumps, Valves, etc.)
Supports the Team Leader and provide inputs to conclude on the severity of
the incident (Low/Medium/High/Critical)
Coordinates and interfaces with the System Vendors & Suppliers for the
needed support.

Site Adhere to ICS Security Program policies, processes and procedures

Operations
Assist with implementation of ICS process and technical controls
Identify and report security risks
Keep up-to-date with ICS Security training requirements
Assists with implementation of ICS process and technical controls.
Coordinates for implementation of qualified ICS patches.

Site Authorize access for creation of new ICS User Accounts

Supervisor
Authorize access for external user access to ICS systems for maintenance
purposes
Regularly audit site activities to ensure compliance to ICS Security policies
in collaboration with ICS Site Security focal point of contact
Provides guidance on confidential ICS information and approves select
group of users that can access and handle confidential ICS information.
Helps the ICS system administrators determine specific users to be granted
specific permissions.
Consolidate and address non-compliance with ICS Security Program Focal
Point
Approve access and provide key(s)
Receive key(s)
Maintain key register log

Document Control Number: ICS Cybersecurity Roles and Responsibilities Page 1-9
Federal Electricity & Water Authority

Role Responsibility

ICS Asset Ensures assets are classified

Owner
Approve business requirement for removable media usage on an asset
Approve the disposal of asset
Track the destruction and disposal of asset
Approve business requirement for removable media usage on an asset
Ensure asset protection verification has been conducted

Operations Operations Chief receives the incident information from Shift Supervisor /
Chief Sr. Operators and evaluates on normal & abnormal functions.
Estimates the potential impacts to the plant operations when a part /
component of DCS / SCADA system go out of service.
Supports the Team Leader and provide inputs to conclude on the severity of
the incident (Low/Medium/High/Critical)
Supports the Operations team to stop / resume the operations as
necessary.
Approve Incident report presented by Team Leader

Engineering Adhere to ICS Security Program policies, processes and procedures

Identify and report ICS security risks
Notify ICS Security Team of potential changes to ICS infrastructure
Interface with ICS Security Team to ensure new site build solutions adhere
to ICS Requirements
Notify ICS Security Team of related standards program requirements
(example: ISDS)
Keep up-to-date with ICS Security training requirements
Identify sensitive ICS information/data such as design documents, network
architecture diagrams etc.
Ensure appropriate controls are implemented in new and upgraded systems
to identify and protect sensitive information/data

Document Control Number: ICS Cybersecurity Roles and Responsibilities Page 1-10
Federal Electricity & Water Authority

Role Responsibility

Maintenance Adhere to ICS Security Program policies, processes and procedures

Identify and report ICS security risks
Notify ICS Security Team of potential changes to ICS infrastructure
Notify ICS Security Team of related standards program requirements
(example: ISDS)
Keep up-to-date with ICS Security training requirements

L&D Contribute to ICS Security training and education strategy plan

Coordinator
Manage/Oversee delivery and completion of ICS Security training
Manage the ICS Security training delivery mechanisms and related
processes
Manage the ICS Security training completion tracking and reporting
mechanisms and related processes
Coordinate training delivery schedules with ICS Security Team
Coordinate training communications with ICS Security Team
Contribute to ICS Security training and education strategy plan

Document Control Number: ICS Cybersecurity Roles and Responsibilities Page 1-11
Federal Electricity & Water Authority

Role Responsibility

Supply Chain Procure ICS Systems in compliance with ICS Security Program security
requirements
Communicate ICS Security Program requirements to Vendors
Notify ICS Security Team of potential changes to ICS systems/infrastructure
Keep up-to-date with ICS Security training requirements
Engage ICS Vendors with cybersecurity specifications for ICS products,
solutions, and services.
Qualify ICS Vendors.
Ensure contracts with ICS Vendors include specific measureable
cybersecurity requirements as provided by Site Security Focal Point.
Identify sensitive ICS information/data to be shared or received from
Vendors, Subvendors, Contractors, Subcontractors, Consultants and
Manufacturers
Communicate ICS information/data protection requirements to all involved
stakeholders
Implement or enforce information/data protection schemes to protect ICS
information/data in transit (via email or phone)

HSE Analyst Keep ICS Security Team informed and integrated with Change
Management process

IT Support / Develop and Maintain ICS Security Program content sites and knowledge
Site repository
Administrator
Maintain the configuration of the ICS Security Program sites
(Example:
SharePoint) Maintain static content of ICS Security Program sites
Define site usage guidelines
Manage Access credentials to ICS Security Program sites

HR Enforce ICS Security Training for new and existing staff

Initiate ICS Account revocation requests when a user is terminated for
cause

FEWA Keep informed

Internal Audit
Rep

Document Control Number: ICS Cybersecurity Roles and Responsibilities Page 1-12
Federal Electricity & Water Authority

Role Responsibility

Vendor Provides asset inventory at SAT based on entity defined contracts.

Assists with asset inventorying including collection of logical attributes.
Consulted for recommended cybersecurity maintenance and feasible
cybersecurity controls which can be implemented.
Owns cybersecurity maintenance tasks that are performed at defined
intervals based on entity support/maintenance agreements.
Implements approved cybersecurity controls based on entity approvals and
contracts.
Demonstrates the current state of cybersecurity controls based on entity
defined contracts.
Assist ICS Security Team with responding to gap and risk related inquiries
Interface with ICS Security Team to support site implementation plans and
ICS Security Program compliance
Keep up-to-date with ICS Security training requirements
Ensures delivery aligns with cybersecurity specifications.
Supports in assessment of Mitigating Controls for identified risks.
Demonstrates conformance with cybersecurity specifications.
Supports in testing activities to validate compliance with cybersecurity
specifications.
Ensures delivery aligns with cybersecurity specifications.
Supports in assessment of Mitigating Controls for identified risks.
Demonstrates conformance with cybersecurity specifications.
Supports in testing activities to validate compliance with cybersecurity
specifications.
Provides information on new ICS vulnerabilities.
Qualifies patches for applicable vulnerabilities.
Qualifies security configurations to protect information based on current
installations.
Suggests mitigating controls wherever vendor system or asset does not
provide protection capabilities.
Documents Patch Procedures to support implementation, implements
Patches based on maintenance contracts.
Follows FEWAs policies and processes.

Document Control Number: Work withICS
ICS System Administrator
Cybersecurity and Asset Owner to:
Roles and Responsibilities Page 1-13

Provide backup and restore procedures

Federal Electricity & Water Authority

Role Responsibility

Vendors, Recommend ICS systems and assets configuration hardening baselines for
Subvendors, protection against cyber-attacks.
Contractors, Follow FEWAs policy and process on configuration protection.
Subcontractors Identify ICS information/data that needs protection
Recommend security configurations to protect information/data based on its
classification
Recommend compensating measures wherever vendor system or asset
does not provide protection capabilities
Follow FEWAs policy and process on Information/data classification

External ICS Provide ICS Security Program Policy, Process and Procedure Development
Security Assistance
Advisory
Provide ICS Security Program Implementation assistance (gap analysis,
(Example: Al
risk assessment)
Hosn,
Wurldtech) Assist with defining ICS Security Assessment/Certification Audit and
Acceptance Criteria
Assist with yearly ICS Security Assessment/Certification cycle

ICS Systems Responsible for following ICS Cyber Security Policies to ensure
Administrator conformance
Responsible for implanting new technical and administrative controls to
ensure compliance to ICS Cyber Security policies
Responsible for reviewing ICS processes and developing system/site
specific procedures
Configures ICS assets to generate appropriate logs and related information
Configure collection, correlation analysis for local and central solutions with
backup

Document Control Number: ICS Cybersecurity Roles and Responsibilities Page 1-14
Federal Electricity & Water Authority

Role Responsibility

ICS Systems Monitor Dashboard for real-time analysis updates on ICS security posture
Administrator
Execute and log the secure deletion and/or destruction of information.
Where locally possible, destroy and dispose of assets and subcomponents.
Where not possible initiate FEWA Wide Disposal Process
Update ICS Asset Inventory when assets have been decommissioned
Provides Remote Telephonic support to the operations team for Low /
Medium incidents and mobilizes to site for High / Critical incidents to
provide on-site support & lead the recovery efforts
Instructs for the mobilization of other Automation team members to site
(Security Engineer, Network Engineer, etc.) and directs them in
supporting the incident recovery activities
Performs first hand incident analysis, and restoration activities onsite.
Responsible for the Incident Recovery & Normalization of DCS &
SCADA systems with respect to Software Applications, Control &
Monitoring Functionalities
Supports the Team Leader and provide inputs to conclude on the
severity of the incident (Low/Medium/High/Critical)
Coordinates and interfaces with the System Vendors & Suppliers for
the needed support.
Assisting in writing the Incident Report
Supports identification of vulnerabilities and risk management
Assesses implementation against design.
Support SAT Testing
Perform backup and restore activities during scheduled maintenance tasks.
Verify backup was successful
Perform restore activities
Document backup and restore procedures
Document back and restore strategy based on business requirements and
system capabilities

Document Control Number: ICS Cybersecurity Roles and Responsibilities Page 1-15
Federal Electricity & Water Authority

Role Responsibility

ICS Systems Defines and configure logging and real-time capture requirements
Administrator
Updates the ICS Site Logging Register
Configure collection, correlation analysis for local and central solutions with
backup
Creates and maintains up-to-date OT relevant automated rules on analysis
tools (e.g: Q-Radar)
Monitors available vulnerability data.
Determines applicability of vulnerabilities.
Documents applicable vulnerabilities associated with ICS system and/or
assets.
Communicates uncured vulnerabilities to Site Security Focal Point.
Evaluates the risk of technical vulnerabilities to the ICS and FEWA.
Assess and Identifies acceptable Mitigating Controls.
Documents Remediation.
Monitors local vulnerability status on in-scope ICS systems and assets.
Documents Patching procedures.
Maintains Patch Inventory.
Assists with the testing and deployment of new patches and mitigating
controls through the Change Management Process.
Identify additional attributes, which must be recorded that provide business
value (e.g. mapping assets to cybersecurity maintenance (e.g. backups,
password changed, vulnerability management, etc. to the appropriate
owners and frequency)).
Schedules maintenance arrangements for assets.
Ensures through periodic reviews that appropriate cybersecurity controls
are implemented and maintained.
Ensures all legal requirements for ICS assets are met.
Responsible for configuring ICS assets per ICS cybersecurity policies.
Performs required system hardening tasks during scheduled maintenance.
Reviews ICS configurations to ensure that baseline levels of protection
have not changed since the last review.

Document Control Number: ICS Cybersecurity Roles and Responsibilities Page 1-16
Federal Electricity & Water Authority

Role Responsibility

ICS Systems Updates records in Assets Inventory register.

Administrator
Assists with Asset Classification and information labeling.
Ensures Asset Inventory is maintained and reviewed periodically based on
entity defined intervals.
Facilitates that assets are protected in accordance with their classification.
Consults vendors for technically feasible and approved cybersecurity
controls.
Recommends cybersecurity controls based on system criticality,
cybersecurity risk, and technical feasibility and/or vendor approval
Discuss media requirements and media kiosk requirements with requestor
Order sample set of media and test for appropriateness
Order media and media kiosk
Sanitize & scan media
Harden endpoint(s) and kiosk(s), deploy security software and verify
effectiveness. Adjust security profile to subdue protection and restore
security profile.
Update ICS Authorized Removable Media Inventory Register
Remove or oversee removal of tools
Add tool to approved tools register
Initiate Incident Management Process
Responsible for providing role based access Operation Users (Operators,
Supervisors, Shift Controller, Engineer, etc.), Vendors, Subvendors,
Contractors, Subcontractors or Consultants.
Responsible for defining user groups for ICS systems & applications (i.e.
Operator, Supervisor, Engineer, Domain Administrator, etc.).
Reviews all access rights and account registrations every 6 months.
Test new physical key(s)

Document Control Number: ICS Cybersecurity Roles and Responsibilities Page 1-17
Federal Electricity & Water Authority

Role Responsibility

Ultimate responsibility for protection of defined site/asset by maintaining

key register and security container
Ensure ICS systems are accesses by only authorized users
Dispose of physical keys
Responsible for identifying and classifying ICS information/data
Implement controls to protect ICS information/data
Reviews information/data classifications to ensure that classification levels
have not changed since the last review

Document Control Number: ICS Cybersecurity Roles and Responsibilities Page 1-18
Federal Electricity & Water Authority

Role Responsibility

ICS Asset Inventory asset physical and logical attributes based on defined Asset
Owner Inventory requirements and local standards.
Classify assets in accordance with the ICS Information Classification
Process.
Ensures Asset Inventory is maintained and reviewed periodically based on
entity-defined intervals.
Ensures logging and real-time capture requirements are defined and
enabled for new assets and are reviewed each quarter
Monitors available vulnerability data
Determines applicability of vulnerabilities.
Documents applicable vulnerabilities associated with ICS system and/or
assets.
Communicates uncured vulnerabilities to Site Security Focal Point.
Evaluates the risk of technical vulnerabilities to the ICS and FEWA.
Assess and Identifies acceptable Mitigating Controls.
Documents Remediation.
Documents Patching procedures.
Maintains Patch Inventory.
Assists with the testing and deployment of new patches and mitigating
controls through the Change Management Process.
Define RPO (Recovery Point Objective) and RTO (Recovery Time
Objective)
Identify backup and restore strategy based on business requirements and
system capabilities

Legal Counsel Approves where necessary for legal or regulatory purposes external
communication of vulnerabilities.

Document Control Number: ICS Cybersecurity Roles and Responsibilities Page 1-19
Federal Electricity & Water Authority

Role Responsibility

End Users Escalating any security incident or suspected events in the systems,
applications, software, and any related malfunction to the Chief Information
Security Officer as soon as it occurs.
Carefully following the information security policies and procedures
specially when dealing with confidential information at FEWA.
Protecting devices used by them to perform their day to day activities at
FEWA against unauthorized access, theft and any other harm.
Attending the Information Security Awareness workshops organized by the
Information Technology Department and show interest in understanding
their roles and applying it in their day-to-day activities at FEWA.

Document Control Number: ICS Cybersecurity Roles and Responsibilities Page 1-20
Federal Electricity & Water Authority

3 VERSION HISTORY

Version No. Date Description of Change By

1.0 07/02/2017 Initial Release Al-hosn

Information
Security
Consultancy

Document Control Number: ICS Cybersecurity Roles and Responsibilities Page 1-21
Federal Electricity & Water Authority

4 DOCUMENT APPROVAL

Reviewers Title Signature Date Comments

Document Control Number: ICS Cybersecurity Roles and Responsibilities Page 1-22
Federal Electricity & Water Authority

Document Control Number: ICS Cybersecurity Roles and Responsibilities Page 1-23