Tag: incidence response

Written by David Bacque, VP of Operations and Director of OT Security

When major cyber events hit the news, we are reminded again of the best practices and continuous improvement opportunities we may, or may not, be employing to lead a cyber resilient organization. Teams responsible for operational technology and industrial control systems should be keenly aware of the risks associated with cyber events and the potential for costly production downtime, not to mention damage to people, property, or the environment.

While it is important to have procedures in place to respond to cyber incidents, preventative measures should be your first line of defense. For OT Systems, there are several critical security controls that are often overlooked or not fully implemented which can go a long way towards mitigating risk and improving an organization’s ability to respond to a cyber event. This article briefly outlines a few foundational elements which should be utilized in addition to proper incidence response planning.

Asset Management

Often, organizations have an incomplete or outdated asset inventory stored in a file which is hard to find and even harder to manage or derive value from. Modern OT Asset Discovery and Monitoring solutions, such as Forescout, can proactively and safely monitor OT systems to maintain an asset inventory as well as monitor for unplanned system changes, current patch levels, and unauthorized devices.

Portable Media and Device Management

Because OT systems are typically segmented from other enterprise systems as well as the internet, well-intentioned administrators, consultants and technicians often must get creative on how to connect, update and configure devices. This typically involves connecting a portable computer to the system or bringing data in on a portable media device, such as an external hard drive. In order to maintain the integrity of an OT system, it is critical that a process exists to limit the use of unknown portable media and computers as well as a process to scan and quarantine any device which needs to connect into the OT environment.

System Patching and Hardening

Modern operating systems are insecure by design and require a plan for patching and unnecessary features to be disabled to minimize the possibility of malicious code execution. OT system administrators often skip patching and hardening OT systems because of the false sense of security provided by network boundaries, firewalls or even “air-gaps”. The fact is that malware or other exploits can still find their way into OT systems through portable media and computers or even through poorly configured firewalls or inadvertently connected systems. Once inside a network of unpatched computers, exploits are far more likely to wreak havoc through well-known vulnerabilities. Typically, these vulnerabilities have long been addressed by system vendors.

Disaster Recovery Planning

Most people know that it is important to routinely back-up mission critical data and systems to avoid data loss in the event of a system failure. What is often overlooked, however, is utilizing a process and practicing an actual system restore from that backup to verify that systems can be recovered in an amount of time consistent with a risk-based plan. In the same way disaster preparedness is important to ensure your team is familiar with the safety protocols put into place for emergency situations, disaster recovery planning prepares your team in the event of a cyber-attack. Backup integrity needs to be regularly verified and systems should be restored onto test hardware to verify that recovery processes are accurate and reduce the impact of a cyber event or system failure.

Preventative Measures

In summary, there are a number of risks associated with industrial cybersecurity of OT systems. While it is certainly important for organizations to have procedures in place to respond to cyber events, it is also crucial to be proactive about protecting your assets. A few preventative measures that should be implemented within organizations include:

• Asset management
• Portable media and device management
• System patching and hardening
• Disaster recovery planning

Ensure your systems are protected and your assets are defensible – contact RED Group today to get a better idea of where you currently stand on your cybersecurity journey and to lay out a roadmap to better cyber resilience.

David Bacque, an experienced cybersecurity and operational technology (OT) professional, has led, advised on and delivered OT projects and ICS security initiatives with industrial clients around the world.