Behind every sophisticated cyberattack is a team of bad actors generally seeking financial gain. In some cases, these criminals may also be backed by a nation-state.
These are formidable adversaries and companies should not attempt to take on these battles alone. Nevertheless, it is critically important for companies to proactively adopt mitigating measures to protect information and operational technology (IT/OT) systems. In fact, some of the simplest measures can make the most difference. Here are six commonsense starting points.
1. Spread Awareness
Industry-specific cybersecurity awareness training is a great first step in establishing a readiness posture. Unfortunately, this is something most organizations tend to miss, or not do enough of. Without proper training of employees, organizations can easily open the door to major cyberattacks through unintentional acts by insiders. This becomes even more important for industrial companies if IT and OT networks have converged. An employee working in the IT environment may unintentionally click on a fraudulent link in an email, and the attack could make its way to the OT and production environment. The result of OT cyberattacks halting operations may be a lot more devastating than an IT attack taking down internet access or even an email server.
2. Know Your Assets
Asset identification and management is a crucial step to take before implementing security measures. Though this can be done manually, there are advanced solutions in the market that can automatically identify assets across defined networks and provide further functionalities for monitoring the configuration of each asset for change management purposes. It would be challenging to secure your assets without knowing what is there.
3. Secure Your Assets
Next on the list is continuous system hardening and patch management to improve overall system resilience. Cyberattacks often happen because system software is not up to date, leaving weaknesses or vulnerabilities in the unpatched systems that can be exploited by hackers. Once the attackers identify and exploit these vulnerabilities and gain access into the network, it is too late to prevent the attack. Attacks can still occur even if the systems are not connected to an external network. In an OT environment, system patching is not always an option, as it may not be feasible to halt operations just to patch systems. In this case, operators tend to document the unpatched systems and schedule patching during the next outage window.
4. Segregate Your Network
Network segregation and/or segmentation using a demilitarized zone (DMZ) is essential, whether it is between a corporate intranet network and the outside internet or between the IT and OT networks. A DMZ is a buffer between two networks and consists of one or multiple security gateways such as firewalls, and in some cases a terminal server to serve as a termination point for access control.
5. Implement a Detection and Monitoring Solution
After you’ve done everything from training your staff to securing your assets, it’s time to implement a threat detection solution that continuously monitors the network and assets for anomalies that could result in a cyberattack. Insider threats can also be detected via the anomaly detection solution.
6. Implement an Incident Response Plan
The final step in your readiness plan is to have a thorough game plan, allowing you to respond effectively and efficiently to a cyberattack. A detailed and tested response plan can help guide users on the most efficient path to systems and operational recovery. A quick response to an attack is essential to business continuity and reliability.
These initial steps are important, but in today’s heightened-threat environment, having a relationship with trusted outside resources should be part of the plan.
1898 & Co. offers the world’s only consensus-based industrial automation and control system standards training in partnership with the International Society of Automation (ISA) to help train users on the OT industrial cybersecurity side. Furthermore, 1898 & Co. offers a variety of solutions: from executive advisory to various gap and vulnerability assessments; implementing security controls and system hardening; and providing holistic monitoring and anomaly detection solutions powered by advanced software solutions. Tools and services like these help you battle back against the most sophisticated OT cyberattacks.
Within the Global Cybersecurity Alliance (GCA), we map standards such as ISA/IEC62443 to the prevailing standards of today — National Institute of Standards and Technology (NIST), North American Electric Reliability Corp. Critical Infrastructure Protection (NERC CIP), International Organization for Standardization (ISO), etc. — using crosswalks, and we advocate and lobby for better standards adoption across industrial control systems (ICS) community vendors, products and services.
Managed threat detection and response is a critical element of your cyber defense strategy. Learn how you can prepare.