Академический Документы
Профессиональный Документы
Культура Документы
Table of Contents
1 Purpose ........................................................................................................... 2
2 Cybersecurity roles and responsiblities ........................................................... 3
3 Version History .............................................................................................. 21
4 Document Approval ....................................................................................... 22
Document Control Number: ICS Cybersecurity Roles and Responsibilities Page 1-1
Federal Electricity & Water Authority
1 PURPOSE
The purpose of this document is to define roles and responsibilities that are essential to the
implementation of ICS cybersecurity policies and processes.
Document Control Number: ICS Cybersecurity Roles and Responsibilities Page 1-2
Federal Electricity & Water Authority
Role Responsibility
Document Control Number: ICS Cybersecurity Roles and Responsibilities Page 1-3
Federal Electricity & Water Authority
Role Responsibility
Document Control Number: ICS Cybersecurity Roles and Responsibilities Page 1-4
Federal Electricity & Water Authority
Role Responsibility
ICS Site Interface with operations, customers and vendors to communicate ICS
Security Focal Security Program policy, process and procedure changes
Point
Escalate major ICS Security Program issues to ICS Information Manager
Discuss ICS Security Program policy deviations or non-conformance issues
to operations, customers, vendors
Communicate ICS Security Implementation plans to sites
Integrate cyber-security management into existing HSE Incident
Management Process
Format and present regular security posture report generated from
SIM/SIEM
Initiate FEWA/Site Incident Response Plan
Identify roles for specific training requirements and delivery strategy
Document Control Number: ICS Cybersecurity Roles and Responsibilities Page 1-5
Federal Electricity & Water Authority
Role Responsibility
Document Control Number: ICS Cybersecurity Roles and Responsibilities Page 1-6
Federal Electricity & Water Authority
Role Responsibility
Coordinates and interfaces with the System Vendors & Suppliers for the
needed support.
Coordinates storing and protecting evidence and system Logs.
Responsible for the Incident Recovery & Normalization of DCS & SCADA
systems with respect to Cyber Security
Security Engineer analyzes network traffic together with Network Specialist
for signs of denial of service, distributed denial of service, or other external
Coordinates and interfaces with the System Vendors & Suppliers for the
needed support.
Coordinates storing and protecting evidence and system Logs.
ICS Security Comprised of various ICS Security Team roles (see org chart)
Team
Execute ICS Security Program Implementation and Governance Activities
Provide status updates to ICS Security Program Manager as requested
Review Risk Assessments.
Prepare/receive reports from business units.
Recommend Risk treatment options.
Prepare reporting for Steering Committee.
Track Risk Treatment against plan.
Monitors and analyses real-time information
Reviews and formats regular security reports
Define, document applicable laws and review UAE IA for new requirements
Develop approach to address new compliance requirements
Align internal ICS Security documentation with new compliance
requirements
Provide updates to Learning and Development (L&D) Coordinator for
education strategy plan
Document Control Number: ICS Cybersecurity Roles and Responsibilities Page 1-7
Federal Electricity & Water Authority
Role Responsibility
ICS Security Supports development of and management of ICS Security Training and
Training Focal delivery strategy.
Point
Coordinates training delivery schedules with HR.
Coordinates training communications with HR.
Ensures training content, modules, and syllabus are maintained
Conduct risk assessment on requested tools
Document Control Number: ICS Cybersecurity Roles and Responsibilities Page 1-8
Federal Electricity & Water Authority
Role Responsibility
Control Evaluates the incident on receipt of information & diagnostics over phone.
Engineer
Mobilizes to site for supporting Incident Response & Recovery activities
based on the information from Operations Chief / Team Leader.
Responsible for the Incident Recovery & Normalization of DCS & SCADA
Hardware (Modules, Components, Marshalling, etc.), Control Sub-systems
(ESD, F&G, RTU, etc.), System Utilities (UPS, Power supply, Grounding,
etc.) and Field equipment (Instruments, Local panels, Pumps, Valves, etc.)
Supports the Team Leader and provide inputs to conclude on the severity of
the incident (Low/Medium/High/Critical)
Coordinates and interfaces with the System Vendors & Suppliers for the
needed support.
Document Control Number: ICS Cybersecurity Roles and Responsibilities Page 1-9
Federal Electricity & Water Authority
Role Responsibility
Operations Operations Chief receives the incident information from Shift Supervisor /
Chief Sr. Operators and evaluates on normal & abnormal functions.
Estimates the potential impacts to the plant operations when a part /
component of DCS / SCADA system go out of service.
Supports the Team Leader and provide inputs to conclude on the severity of
the incident (Low/Medium/High/Critical)
Supports the Operations team to stop / resume the operations as
necessary.
Approve Incident report presented by Team Leader
Document Control Number: ICS Cybersecurity Roles and Responsibilities Page 1-10
Federal Electricity & Water Authority
Role Responsibility
Document Control Number: ICS Cybersecurity Roles and Responsibilities Page 1-11
Federal Electricity & Water Authority
Role Responsibility
Supply Chain Procure ICS Systems in compliance with ICS Security Program security
requirements
Communicate ICS Security Program requirements to Vendors
Notify ICS Security Team of potential changes to ICS systems/infrastructure
Keep up-to-date with ICS Security training requirements
Engage ICS Vendors with cybersecurity specifications for ICS products,
solutions, and services.
Qualify ICS Vendors.
Ensure contracts with ICS Vendors include specific measureable
cybersecurity requirements as provided by Site Security Focal Point.
Identify sensitive ICS information/data to be shared or received from
Vendors, Subvendors, Contractors, Subcontractors, Consultants and
Manufacturers
Communicate ICS information/data protection requirements to all involved
stakeholders
Implement or enforce information/data protection schemes to protect ICS
information/data in transit (via email or phone)
HSE Analyst Keep ICS Security Team informed and integrated with Change
Management process
IT Support / Develop and Maintain ICS Security Program content sites and knowledge
Site repository
Administrator
Maintain the configuration of the ICS Security Program sites
(Example:
SharePoint) Maintain static content of ICS Security Program sites
Define site usage guidelines
Manage Access credentials to ICS Security Program sites
Document Control Number: ICS Cybersecurity Roles and Responsibilities Page 1-12
Federal Electricity & Water Authority
Role Responsibility
Role Responsibility
Vendors, Recommend ICS systems and assets configuration hardening baselines for
Subvendors, protection against cyber-attacks.
Contractors, Follow FEWAs policy and process on configuration protection.
Subcontractors Identify ICS information/data that needs protection
Recommend security configurations to protect information/data based on its
classification
Recommend compensating measures wherever vendor system or asset
does not provide protection capabilities
Follow FEWAs policy and process on Information/data classification
External ICS Provide ICS Security Program Policy, Process and Procedure Development
Security Assistance
Advisory
Provide ICS Security Program Implementation assistance (gap analysis,
(Example: Al
risk assessment)
Hosn,
Wurldtech) Assist with defining ICS Security Assessment/Certification Audit and
Acceptance Criteria
Assist with yearly ICS Security Assessment/Certification cycle
ICS Systems Responsible for following ICS Cyber Security Policies to ensure
Administrator conformance
Responsible for implanting new technical and administrative controls to
ensure compliance to ICS Cyber Security policies
Responsible for reviewing ICS processes and developing system/site
specific procedures
Configures ICS assets to generate appropriate logs and related information
Configure collection, correlation analysis for local and central solutions with
backup
Document Control Number: ICS Cybersecurity Roles and Responsibilities Page 1-14
Federal Electricity & Water Authority
Role Responsibility
ICS Systems Monitor Dashboard for real-time analysis updates on ICS security posture
Administrator
Execute and log the secure deletion and/or destruction of information.
Where locally possible, destroy and dispose of assets and subcomponents.
Where not possible initiate FEWA Wide Disposal Process
Update ICS Asset Inventory when assets have been decommissioned
Provides Remote Telephonic support to the operations team for Low /
Medium incidents and mobilizes to site for High / Critical incidents to
provide on-site support & lead the recovery efforts
Instructs for the mobilization of other Automation team members to site
(Security Engineer, Network Engineer, etc.) and directs them in
supporting the incident recovery activities
Performs first hand incident analysis, and restoration activities onsite.
Responsible for the Incident Recovery & Normalization of DCS &
SCADA systems with respect to Software Applications, Control &
Monitoring Functionalities
Supports the Team Leader and provide inputs to conclude on the
severity of the incident (Low/Medium/High/Critical)
Coordinates and interfaces with the System Vendors & Suppliers for
the needed support.
Assisting in writing the Incident Report
Supports identification of vulnerabilities and risk management
Assesses implementation against design.
Support SAT Testing
Perform backup and restore activities during scheduled maintenance tasks.
Verify backup was successful
Perform restore activities
Document backup and restore procedures
Document back and restore strategy based on business requirements and
system capabilities
Document Control Number: ICS Cybersecurity Roles and Responsibilities Page 1-15
Federal Electricity & Water Authority
Role Responsibility
ICS Systems Defines and configure logging and real-time capture requirements
Administrator
Updates the ICS Site Logging Register
Configure collection, correlation analysis for local and central solutions with
backup
Creates and maintains up-to-date OT relevant automated rules on analysis
tools (e.g: Q-Radar)
Monitors available vulnerability data.
Determines applicability of vulnerabilities.
Documents applicable vulnerabilities associated with ICS system and/or
assets.
Communicates uncured vulnerabilities to Site Security Focal Point.
Evaluates the risk of technical vulnerabilities to the ICS and FEWA.
Assess and Identifies acceptable Mitigating Controls.
Documents Remediation.
Monitors local vulnerability status on in-scope ICS systems and assets.
Documents Patching procedures.
Maintains Patch Inventory.
Assists with the testing and deployment of new patches and mitigating
controls through the Change Management Process.
Identify additional attributes, which must be recorded that provide business
value (e.g. mapping assets to cybersecurity maintenance (e.g. backups,
password changed, vulnerability management, etc. to the appropriate
owners and frequency)).
Schedules maintenance arrangements for assets.
Ensures through periodic reviews that appropriate cybersecurity controls
are implemented and maintained.
Ensures all legal requirements for ICS assets are met.
Responsible for configuring ICS assets per ICS cybersecurity policies.
Performs required system hardening tasks during scheduled maintenance.
Reviews ICS configurations to ensure that baseline levels of protection
have not changed since the last review.
Document Control Number: ICS Cybersecurity Roles and Responsibilities Page 1-16
Federal Electricity & Water Authority
Role Responsibility
Document Control Number: ICS Cybersecurity Roles and Responsibilities Page 1-17
Federal Electricity & Water Authority
Role Responsibility
Document Control Number: ICS Cybersecurity Roles and Responsibilities Page 1-18
Federal Electricity & Water Authority
Role Responsibility
ICS Asset Inventory asset physical and logical attributes based on defined Asset
Owner Inventory requirements and local standards.
Classify assets in accordance with the ICS Information Classification
Process.
Ensures Asset Inventory is maintained and reviewed periodically based on
entity-defined intervals.
Ensures logging and real-time capture requirements are defined and
enabled for new assets and are reviewed each quarter
Monitors available vulnerability data
Determines applicability of vulnerabilities.
Documents applicable vulnerabilities associated with ICS system and/or
assets.
Communicates uncured vulnerabilities to Site Security Focal Point.
Evaluates the risk of technical vulnerabilities to the ICS and FEWA.
Assess and Identifies acceptable Mitigating Controls.
Documents Remediation.
Documents Patching procedures.
Maintains Patch Inventory.
Assists with the testing and deployment of new patches and mitigating
controls through the Change Management Process.
Define RPO (Recovery Point Objective) and RTO (Recovery Time
Objective)
Identify backup and restore strategy based on business requirements and
system capabilities
Legal Counsel Approves where necessary for legal or regulatory purposes external
communication of vulnerabilities.
Document Control Number: ICS Cybersecurity Roles and Responsibilities Page 1-19
Federal Electricity & Water Authority
Role Responsibility
End Users Escalating any security incident or suspected events in the systems,
applications, software, and any related malfunction to the Chief Information
Security Officer as soon as it occurs.
Carefully following the information security policies and procedures
specially when dealing with confidential information at FEWA.
Protecting devices used by them to perform their day to day activities at
FEWA against unauthorized access, theft and any other harm.
Attending the Information Security Awareness workshops organized by the
Information Technology Department and show interest in understanding
their roles and applying it in their day-to-day activities at FEWA.
Document Control Number: ICS Cybersecurity Roles and Responsibilities Page 1-20
Federal Electricity & Water Authority
3 VERSION HISTORY
Document Control Number: ICS Cybersecurity Roles and Responsibilities Page 1-21
Federal Electricity & Water Authority
4 DOCUMENT APPROVAL
Document Control Number: ICS Cybersecurity Roles and Responsibilities Page 1-22
Federal Electricity & Water Authority
Document Control Number: ICS Cybersecurity Roles and Responsibilities Page 1-23