Page 45 - Cyber Defense eMagazine September 2022
P. 45
• How are you protecting home field advantage? – You must have a defendable architecture
specific to your OT/ICS environment. Many attacks focused on OT often start in the IT
environment and then navigate to OT. Implement a modern cybersecurity architecture that
incorporates leading practices such as:
o Industrial Demilitarized Zone-FW/IT-OT Network Segregation and Micro Segmentation for
safeguarding the OT perimeter and high value, vulnerable assets within OT – see this
CISA example.
o Identity and Access Management to enforce access and password policies
o Multi-factor authentication to enhance the security of remote access connections
o Endpoint device protection to enhance data integrity and security
o USB security controls to enforce removable media policies
This allows you to leverage a layered defense strategy to help keep out unauthorized users.
• How are you maintaining situational awareness? – You can’t effectively respond to threats if you
don’t know the status of your OT/ICS environment. Be sure to deploy continuous threat monitoring
controls to detect anomalous or suspicious activity in your OT network. Keep asset inventory
updated and establish a baseline that alerts the security team when unauthorized devices or users
come on the network.
• How are you preparing for the handling of incident responses? – Your ability to respond decisively
to security incidents is determined by your organization’s readiness. Establish a business
continuity plan that focuses on operational resiliency and perform tabletop exercises to pressure
test those incident response playbooks ahead of “game day.” Role play through situational
questions such as:
o Can the plant be isolated and run in a state of autonomy? If so, how long?
o Does the plant personnel know what production lines to run or focus on during a state of
isolation?
o What key stakeholders are required and authorized to make critical and timely decisions
during a security breach or incident?
o What specialized OT/ICS resources are on retainer for incident response investigations
and remediation activities?
o If wiped out, how long does it take to recover or rebuild from an attack versus paying a
potential ransomware fee?
You play how you practice, so be prepared.
How are you driving cultural awareness? – Your biggest threat, unintentionally in many cases, comes
from within the organization. Hold regular cyber awareness training for personnel, including activities
such as password hygiene and phishing email exercises.
Cyber Defense eMagazine – September 2022 Edition 45
Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.