Did I Do That? The Human Factor in Cyber

Carla Donev Chief Information Security Officer NiSource

NiSource | NYSE: NI | nisource.com | PREMIER REGULATED UTILITY BUSINESS Operating in Diverse Footprint with Constructive Stakeholder Relationships

SIGNIFICANT SCALE ACROSS SEVENSTATES

COLUMBIA GAS OF ~3.5M Gas Customers COLUMBIA GAS OF ~500K Electric Customers

COLUMBIA GAS OF ~8000 Employees NATURAL GAS COLUMBIA GAS OF

COLUMBIA GAS OF

COLUMBIA GAS OF

NIPSCO GAS

ELECTRIC NIPSCO ELECTRIC

NI LISTED COMPELLING ANNUAL 8%-10% TOTAL SHAREHOLDER RETURN PROPOSITION* NYSE

Delivering on Commitments to Customers, Communities, Employees and Investors

* Estimated total shareholder return at a constant P/E ratio

2 NiSource | NYSE: NI | nisource.com | 2 WHAT IS SOCIAL ENGINEERING?

NiSource | NYSE: NI | nisource.com | 4 DID YOU GET THIS EMAIL?

NiSource | NYSE: NI | nisource.com | 5 DID YOU GET THIS EMAIL?

NiSource | NYSE: NI | nisource.com | 6 DID YOU GET THIS EMAIL?

NiSource | NYSE: NI | nisource.com | 7 DID YOU GET THIS EMAIL?

NiSource | NYSE: NI | nisource.com | 8 WHAT IS PHISHING?

NiSource | NYSE: NI | nisource.com | 9 PHISHING IS A PART OF EVERYDAY LIFE…

NiSource | NYSE: NI | nisource.com | 10 PHISHING ATTACKS PRY ON EMOTIONS

NiSource | NYSE: NI | nisource.com | 11 LOOK FOR CLUES IN SUSPICIOUS EMAILS

NiSource | NYSE: NI | nisource.com | 12 THE “BUSINESS” OF PHISHING

Increase in 2,370% financial losses from BEC/EAC

Actual and $5.3 attempted loses Billion from BEC/EAC USD

131 Impacted by Countries BEC/EAC scams

FBI, “Business Email Compromise (BEC) Email Account Compromise (EAC): The 5 Billion Dollar Scam,” May 4, 2017 NiSource | NYSE: NI | nisource.com | 13 HOW TO REDUCE RISK?

1) PROTECT

2) AUTHORIZE

3) AUTHENTICATE

4) SIMULATE

NiSource | NYSE: NI | nisource.com | 14 RECOGNIZE THESE COMPANIES?

NiSource | NYSE: NI | nisource.com | 15 NISOURCE CYBER AWARENESS PROGRAM

CYBER WARRIOR CYBER PROGRAM AMBASSADORS Award individuals who have As Change Network members assisted in keeping the you will also serve as Cyber enterprise secure, through Ambassadors that promote their actions of reporting cybersecurity awareness. possible security issues, or promoting cybersecurity through their daily SECURITY BLOG responsibilities. Learn about more cyber security, why it's important, ROADSHOWS how you can further protect The Cyber Security team will travel yourself at home, and what's to every Tier 1 location at least currently happening in the once a year to bring Cybersecurity cybersecurity world. awareness. EMPLOYEE EDUCATION Educating all employees on how to identify and evaluate threats, vulnerabilities, and risks specific to his or her role in the organization.

NiSource | NYSE: NI | nisource.com | 16 THE CYBER WARRIOR PROGRAM

Be proactive & report any potential security concerns

Report “Phishy” emails or suspicious links MONTHLY CYBER WARRIORS ANNOUNCED Report Social Engineering* calls or suspicious activity

Always lock computer when leaving desk

Use strong passwords

All employees have an opportunity to become a Cyber Warrior by proactively demonstrating effective security best practices and championing information security through their daily responsibilities.

NiSource | NYSE: NI | nisource.com | 17 GETTING EMPLOYEES ENGAGED

Report possible phishing or harmful emails to Security / Participate in Cybersecurity Phishing mailbox Awareness Fairs and booth contests branded swag Contribute to IT Security Program that protects critical Proactively report potential user data and systems activities or processes that may lead to a compromise if or continued

AWARDS

Significant contribution to IT Security Awareness Report a security event that Program prevents significant compromise or harm to NiSource

Individuals will be awarded who go above and beyond their everyday responsibilities to keep NiSource secure, through their actions of reporting possible security issues, or promoting / championing information security through their daily responsibilities.

NiSource | NYSE: NI | nisource.com | 18 BUILDING AWARENESS

BUILD AWARENESS SOLICIT FEEDBACK PREPARE EMPLOYEES OFFER INSIGHTS • Become familiar with IT • Ask employees what • Demonstrate examples of • Share insights to improve Security Awareness questions they have about being a Cyber Warrior the program Program the program • Partner with leaders to • Assess employee readiness • Share the slides with your • Listen to concerns and recognize Cyber Warriors and offer feedback to team and encourage successes of the month improve communications employees to become • Share questions to help • Direct employees to • Help elevate awareness Cyber Warriors build FAQs available resources based on reporting results • Discuss the awards program • Become a Cyber Ambassador

NiSource | NYSE: NI | nisource.com | 19 EDUCATION IS KEY

EMPLOYEE EDUCATION Understand how to identify and evaluate threats, vulnerabilities and risks specific to your role in the organization.

20

NiSource | NYSE: NI | nisource.com | 20 REMOVING ADDITIONAL THREATS

The use of online Malvertising advertisements to spread malware.

Reduce the amount of Malvertising and further protect NiSource and our personal Communication assets from a cyber attack.

The frames on the web page that Web Browsing contain banners will be changed to a blank page.

NiSource | NYSE: NI | nisource.com | 21 BLOCKED ADVERTISEMENTS

Page without policy to block advertisements:

Page with policy to block advertisements:

NiSource | NYSE: NI | nisource.com | 22 TRUSTED EMAIL BANNERS

Emails sent from trusteed sources will have the following green tag line located at the top:

All other emails sent from external sources will continue using the following red tag line:

NiSource | NYSE: NI | nisource.com | 23 NISOURCE PHISHING BY THE NUMBERS

NiSource | NYSE: NI | nisource.com | 24 NISOURCE REPEAT OFFENDERS

4.68%

12.27%

53.21%

29.84%

Never Clicked Clicked 1 Clicked 2 Clicked 3+

NiSource | NYSE: NI | nisource.com | 25 WHAT’S NEXT?

NiSource | NYSE: NI | nisource.com | 26 NiSource | NYSE: NI | nisource.com | 27