Ransomware Tools and Resources

Ransomware is a type of malicious software that infects and restricts access to a computer until a ransom is paid. Although there are other methods of delivery, ransomware is frequently delivered through phishing emails and exploits unpatched vulnerabilities in software. AGA has identified a number of tools, resources, and guidance documents that may be helpful as operators protect themselves against these threats. For more, visit the Ransomware Tools and Resources page.

U.S. Department of Homeland Security (DHS)

United States Computer Emergency Readiness Team (US-CERT)
AGA recommends registering for access to the secured US-CERT portal, where actionable information is posted and alerts are issued to those registered. ICS-CERT encourages U.S. asset owners and operators to join the Control Systems compartment of the US-CERT secure portal. Send your name, e-mail address, and company affiliation to ics-cert@hq.dhs.gov.

DHS Cyber Security Evaluation Tool (CSET)
Intended to assist organizations in protecting their key national cyber assets. This tool provides users with a systematic and repeatable approach for assessing the security posture of their cyber systems and networks. It includes both high-level and detailed questions related to all industrial control and IT systems.

Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies
This document provides insight into some of the more prominent cyber risk issues and presents them in the context of industrial control systems. It provides commentary on how mitigations strategies can be developed for specific problems and provides direction on how to create a defense-in-depth security program for control system environments. The goal is to provide guidance regarding cyber mitigation strategies and how to apply them specifically to an industrial control systems environment.

DHS Enhanced Cybersecurity Services
Active Monitoring and Information Sharing: DOD started in August 2011 sharing classified signatures with 37 members of the Defense Industrial Base (e.g. Lockheed Martin, Raytheon, etc). This is the DIB CS/IA program since the defense contractors have the capability to store and protect classified information. DHS is now expanding the program to other critical infrastructure sectors through the use of Commercial Security Providers (CSPs) such as AT&T, McAfee, Symantec, Verizon, etc. As part of the Executive Order and PPD 21, the effort has been rebranded as Enhanced Cybersecurity Services.

DHS Cybersecurity Questions for CEOs
This document provides a list of questions that CEOs should ask about cybersecurity risks. The questions listed in the document are intended to provide guidance for leadership discussions focused on cybersecurity risk management. It also recommends a set of key risk management concepts for CEOs to consider. ​

Transportation Systems Sector Cybersecurity Framework Implementation Guidance
The purpose of this document is to provide the Transportation Systems Sector guidance, resource direction, and a directory of options to assist a TSS organization in adopting the NIST Framework. The implementation guidance may be used by organizations to characterize their current and target cybersecurity posture; identify opportunities for evolving their existing cybersecurity risk management programs; recognize existing sector tools, standards, and guidelines that may support Framework implementation; and assess and communicate their risk management approach to both internal and external stakeholders. This implementation guidance can be incorporated into an organization’s culture regardless of the organizations current cybersecurity maturity level.

U.S. Department of Energy (DOE)

Oil and Natural Gas Subsector Cybersecurity Capability Maturity Model (ONG-C2M2)
The ONG-C2M2 provides a mechanism that helps organizations evaluate, prioritize, and improve cybersecurity capabilities. It includes a common set of industry-vetted cybersecurity practices, grouped into ten domains and arranged according to maturity level. AGA encourages member companies to make use of this tool as a way of gauging the cybersecurity maturity of an organization. By analyzing the results of this self-assessment tool, utilities can identify areas for improvement as well as areas that are aligned with the company’s overall risk tolerance. If you have any questions or are seeking assistance with using the model, please contact Jeff Martin (jeffmartin@aga.org).

Energy Sector Cybersecurity Framework Implementation Guidance
This guidance is intended to help the energy sector align existing cybersecurity risk management programs to meet the objectives of the NIST Cybersecurity Framework. The voluntary Cybersecurity Framework consists of standards, guidelines, and practices to promote the protection of critical infrastructure.

21 Steps to Improve Cyber Security of SCADA Networks
The President’s Critical Infrastructure Protection Board, and the Department of Energy, have developed the steps outlined in this document to help any organization improve the security of its SCADA networks.

Office of the Director of National Intelligence (DNI)

National Counterintelligence and Security Center
This website includes a series of security training videos and other resources to assist organizations with combating security threats.

Federal Bureau of Investigation​ (FBI)

FBI InfraGard
InfraGard is an information sharing and analysis effort serving the interests and combining the knowledge base of a wide range of members. At its most basic level, InfraGard is a partnership between the FBI and the private sector. InfraGard is an association of individuals, academic institutions, state and local law enforcement agencies, and other participants dedicated to sharing information and intelligence to prevent hostile acts against the United States.

Other Cybersecurity Tools

NIST Cybersecurity Framework
AGA collaborated with federal and private sector partners during the development of both the Energy Sector and Transportation Systems Sector guidance documents to ensure they did not conflict or contradict the each other. Both are intended to provide a resource for organization seeking to adopt the NIST Cybersecurity Framework, which was developed for all critical infrastructure sectors at the direction of the White House.

The AGA and Edison Electric Institute joint comments on the Draft Update of the Framework for Improving Critical Infrastructure Cybersecurity can be found AGA EEI Response to Draft Update of Framework for or Improving Critical Infrastructure Cybersecurity.

DNG-ISAC
The DNG ISAC, Downstream Natural Gas Information Sharing and Analysis Center, is the downstream natural gas industry’s resource for cyber and physical threat intelligence analysis and sharing. It was created for the natural gas industry and operates as nonprofit entity. The DNG ISAC speeds security alerts to multiple recipients near-simultaneously while providing for user authentication and secure information sharing. For questions, please contact Jeff Martin (jeffmartin@aga.org)

INGAA Control Systems Cyber Security Guidelines for the Natural Gas Pipeline Industry
The purpose of this document is to provide guidance on addressing the control system cyber security plans in response to the TSA’s Pipeline Security Guidelines. It sets forth and details the unique risk and impact-based differences between the natural gas pipeline industry and the hazardous liquid pipeline and liquefied natural gas operators referenced equally in the aforementioned TSA guidelines.

SANS Twenty Critical Security Controls for Effective Cyber Defense
The Critical Security Controls effort focuses first on prioritizing security functions that are effective against the latest Advanced Targeted Threats, with a strong emphasis on “What Works” – security controls where products, processes, architectures and services are in use that have demonstrated real world effectiveness

​Shodan
Identifies internet-accessible devices.

NARUC Cybersecurity for State Regulators, Version 3.0
This primer was developed by the National Association of Regulatory Utility Commissioners (NARUC) to provide state regulators with some cybersecurity basics for the electric grid. The primer includes a sample set of questions that regulators can ask utilities to ensure sound cybersecurity investment and policy implementation, as well as other resources to develop internal expertise, assess the integrity of cybersecurity capabilities, and engage with public and private efforts.​

Common Sense Guide to Mitigating Insider Threats 4 th Edition ​
Developed by Carnegie Mellon University’s Software Engineering Institute, this guide lists several recommendations that organizations of various sizes should implement to mitigate (prevent, detect, and respond to) insider threats.