CL-WaterSecurity-Webinar-7-2013

Critical Security for Water Management Infrastructure

Presented on July 17, 2013

www.CyberLock.com

Presented By

•  The leading supplier of key-centric access control systems

•  Based in Corvallis, Oregon

•  America’s most innovative city*

2

•  James T. McGowan

•  Technology & security industry veteran

•  Vice President of Sales & Marketing

* Most patents per 100,000 people as measured by scale-adjusted metropolitan indicators from the online journal of the Public Library of Science.

Presented By:

www.CyberLock.com

Objective

If you are involved in the

physical security of water management infrastructure . . .

this webinar is for you.

3

www.CyberLock.com

Security Challenges

•  Geographically wide-spread installations

•  Industry-specific infrastructure and equipment

•  Minimal physical security ‘guidelines’

•  High-profile target

Why is security so challenging for water districts?

4

www.CyberLock.com

The Metropolitan Water District of Southern California •  5,200 mi2 (13,000 km2)area •  14 cities/12 water districts •  18 million people

Challenge #1

5

The Geography of Water Is Extensive:

It takes a lot of territory to manage:

� Source � Distribution � Storage � Consumers � Treatment � Wastewater

Consider:

www.CyberLock.com

Challenge #2

6

Water Management Infrastructure & Equipment:

Innovative solutions are needed to secure unique equipment:

•  Gates � Filters � Tanks •  Pipes � Valves � Chemicals •  Pumps � Reservoirs � Facilities

www.CyberLock.com

Challenge #3

•  Few address water security: •  Homeland Security Presidential Directives (HSPDs)

•  HSPD 7: Critical Infrastructure Identification, Prioritization, and Protection (Makes EPA the lead)

•  Executive Orders •  13636 – Improving Critical Infrastructure Cybersecurity (2013)

•  Laws •  Public Health Security and Bioterrorism Preparedness and Response Act (2002)

o  Title IV: Vulnerability Assessments & Emergency Response Plans

•  Guidelines •  The Water Security Research & Technical Support Action Plan (2004)

•  Security Practices for Operations and Management ANSI/AWWA G430-09

7

•  Most regulations address water quality: •  i.e. Clean Water Act (CWA), Safe Drinking Water Act (SDWA)

www.CyberLock.com

Challenge #4

Critical Infrastructure Is a Target

• High demand

• Low supply

• Needed/used by all

• High-impact target

8

www.CyberLock.com

Security Solution

Guidelines point to: “Access Control and Intrusion Detection”

•  Creates a closed and secure watershed

•  Secures spread-out assets

•  Secures unique equipment

•  Controls access

•  Maintains records of key holder use

•  Generates audit trails

•  Affordable

•  Scalable

A primary theme in the regulations is finding a solution that

detects, deters, and delays potential threats to the facility.

9

www.CyberLock.com

Security Options

•  Mechanical Solution Master Key System

Delay

•  Lock-Centric Solution Key Card System

Detect, Deter, Delay

•  Key-Centric Solution Electronic Locks & Keys

Detect, Deter, Delay

10

www.CyberLock.com

What is Key-Centric?

Provides electronic access control to locks without power:

11

4 Components:

•  Intelligent cylinders that replace mechanical cylinders

•  Smart keys that hold permissions, store usage

information, and energize the lock •  Access control management software that

drives the system

11

www.CyberLock.com 12

System Comparisons

Feature Mechanical Key

Lock Centric

Key Centric

Low Initial Investment Build As You Grow Beyond the Door Low Impact Install No Power Concerns Pick Resistant Key Control Scheduled Access Audit Trails


System Comparisons


Lock Centric

Key Centric

Low Initial Investment Build As You Grow Beyond the Door Low Impact Install No Power Concerns Pick Resistant No Key Duplication Set Access Permissions Audit Trails


Lock Centric

Key Centric

Low Initial Investment X Build As You Grow X Beyond the Door X Low Impact Install X No Power Concerns X Pick Resistant Key Control Scheduled Access Audit Trails


System Comparisons


Lock Centric

Key Centric



Lock Centric

Key Centric

Low Initial Investment X Build As You Grow X Beyond the Door X Low Impact Install X No Power Concerns X Pick Resistant No Key Duplication Set Access Permissions Audit Trails


Lock Centric

Key Centric

Low Initial Investment X Build As You Grow X Beyond the Door X Low Impact Install X No Power Concerns X Pick Resistant X Key Control X Scheduled Access X Audit Trails X


System Comparisons


Lock Centric

Key Centric



Lock Centric

Key Centric

Low Initial Investment X Build As You Grow X Beyond the Door X Low Impact Install X No Power Concerns X Pick Resistant No Key Duplication Set Access Permissions Audit Trails


Lock Centric

Key Centric

Low Initial Investment X Build As You Grow X Beyond the Door X Low Impact Install X No Power Concerns X Pick Resistant X No Key Duplication X Set Access Permissions X Audit Trails X


Lock Centric

Key Centric

Low Initial Investment X X Build As You Grow X X Beyond the Door X X Low Impact Install X X No Power Concerns X X Pick Resistant X X Key Control X X Scheduled Access X X Audit Trails X X

www.CyberLock.com

Key-Centric Overview

• Electronic cylinders are installed

• Smart keys are programmed and issued

• Access activity is downloaded & new schedules are uploaded

• Audit trails & reports are created and distributed

16

www.CyberLock.com

Key holders access locks

Schedules & permissions are set in software

Access activity is uploaded into software

1 3

5

Updating permissions and downloading access activity

occur simultaneously

Key-Centric In Action

Key holders update permissions via

downloading devices

2

Key holders download activity via downloading

devices

4

17

www.CyberLock.com

Locks

18

Replace Existing Cylinders

Features • Intelligent locks • Fit all kinds of lock housings • No power/wiring needed

•  Power comes from key • High security options

Benefits •  Install anywhere •  Install on virtually anything •  Secure remote assets •  Delay & deter

www.CyberLock.com

Keys

19

Program & Distribute Smart Keys

Features •  Key energizes lock

•  Validates credentials •  Holds schedules & permissions •  Remembers every touch •  Easy to reconfigure Benefits •  Efficient use of keys (one key) •  Deactivate lost keys •  Only authorized personnel can

gain access •  Detect & deter

www.CyberLock.com

Downloading Devices

20

Authorize Access

Features • Interface to software • Easy to update • Docking the key:

•  Downloads audit trails •  Uploads new system info

Benefits

•  Made for wide-spread assets •  Easy management of

employees & contractors

www.CyberLock.com

Software

21

View & Manage Access

Features •  Set schedules & permissions •  Monitor access events •  Disable access •  Provide one time access

Benefits

•  Monitor access activity •  Generate audit trails •  Automate notifications •  Detect

www.CyberLock.com

Review

Recommendations

•  Perform a Vulnerability Assessment (VA)

•  Create an Emergency Response Plan (ERP)

•  Install a key-centric access control system

•  Distribute smart keys and train your team

•  Review and analyze access patterns and trends

•  Adjust access control process and privileges accordingly

22

www.CyberLock.com

CyberLock

The Leader in Key-Centric Access Control •  Proven:

•  Launched in 2000

•  Over 1 million CyberLocks installed in 50+ countries

•  Flexible: •  300+ lock designs

•  Multiple keys & downloaders

•  Browser-based software

•  Scalable: •  Simple to install, easy to expand

•  Supports 3rd party integration

23

CyberLock helps improve your ability to detect, deter, and delay threats to your system.

www.CyberLock.com

Seattle Public Utilities

Case Study: Seattle Public Utilities

•  Application: Managing Access to Watersheds

•  Challenge: To track and electronically document traffic in and out of facilities and watershed areas; to meet Federal Critical Infrastructure Guidelines for municipal water supplies

•  Benefit: CyberLock helped secure all the entrances to the watershed that could not be serviced with automated gates due to no available power and communication lines; gave additional control over the access of contractors, employees, and researchers throughout the watersheds; facilitated compliance with Department of Health regulations & Federal Guidelines for securing critical infrastructure.

24

www.CyberLock.com

EPA’s Water Security Web Page: http://epa.gov/safewater/watersecurity y

The Water Security Research &

Technical Support Action Plan

Water Security Resources

25

AWWA Water Security Web Page: http://www.awwa.org/legislation-regulation/issues/utility-security.aspx

Security Practices for Operation and Management

www.CyberLock.com

For More Information

•  On the web: www.cyberlock.com

•  Via email: [email protected]

•  Via phone: 541-738-5500

26

Documents

CL-WaterSecurity-Webinar-7-2013