With increasing attacks on critical infrastructure networks that have become more frequent and consequential, more effective operational cyber solutions are required that aggregate, analyze, and correlate various sources of data and across multiple platforms into a near-real time visualization that depicts potential threats. Organizations must look beyond their own perimeters to collaborate and assess the impact of a cyber attack on corporate partners, suppliers and vendors. With complex systems of interacting devices, networks, organizations and people to facilitate the productive sharing of information, this capability is becoming as much a benefit as a threat.
With the U.S. Environmental Protection Agency (EPA) leading the water sector’s critical infrastructure protection activities, utilities have had to transition from focusing mostly on physical security to including cybersecurity.
Government reports confirm the water and wastewater sector faces threats from foreign governments’ multi-stage intrusion campaigns and individual criminal organizations looking to threaten the security of these operational systems and related data. Managing industrial control system (ICS) cybersecurity is already a complex endeavor. It requires an interdisciplinary, risk-based approach, involving an organization’s leaders, engineers and legal teams. Segmentation and design will be critical as some organizations increase Industrial Internet of Things (IIoT) implementations.
Organizations should have policies and procedures that address environments for operational technology (OT) and information technology (IT). There should be alignment between those processes and how they are governed so they don’t operate in silos.
The largest risk to cybersecurity compliance starts with the internal staff, which is followed by not having clearly defined routes for escalation when a breach occurs. Other risks include a lack of strict adherence to change management processes and a lack of enforcement for access control procedures.
Continuous culture change strategies and awareness training of employees and executive management needs to be sustained to mitigate these risks.
The ICS culture has focused on major risk consequences including major failure of industrial systems that can lead to loss of life. The focus will continue to be maintaining the system’s reliability to avoid facility downtime and control system changes. Anything that can compromise reliability or safety or the efficiency and effectiveness of these operational systems is a greater factor in their overall deployment.
By implementing a new governance model that enables collaboration among key groups inside the organization, such as IT, engineering, operations, ICS and security, will allow the industry to raise awareness of the need for standardized risk management approaches for sourcing, procurement and vendor management.
Ongoing challenges include determining how best to mitigate risks with capital projects that include scopes that makes changes to the control system, suppliers providing on-site support with their external laptops, and purchasing of equipment that may need to meet new industry compliance requirements. Addressing these and other concerns, such as how far into the supply chain should reach extend – third tier suppliers (integrated circuits, digital storage), second tier suppliers (meters, sensors, software) or just first tier suppliers (major systems, communication systems, integration)?
No longer are network intrusion detection; firewalls; patch management; security, information, event and management (SIEM) software; and antivirus components sufficient as security measures for an organization to put in place. Awareness and machine state learning are needed.
These are challenging times for security managers, with corporate boards demanding awareness of cyber risks, faster processing of complex data and efficient managed services for an increasing number of intelligent devices. Security teams are in a better position of strength to defend their organizations against threats if they know what is coming in their directions. Tools and staff are vital, but they should be augmented with intelligence.
Risk and compliance
With new market opportunities, continuous economic challenges, regulatory requirements and an increased burden to improve risk management effectiveness, many organizations are recognizing the need to transform their internal audit and risk management functions. Organizations are exposed to greater compliance risk than ever. By leveraging this platform into the risk management auditing strategy, stakeholders have the ability to assess and achieve compliance.
Compliance programs are critical for monitoring and assuring that an organization can verify that business processes reflect documented policies and procedures. This provides objective insight and improves efficiency by driving frequent review of processes, evaluate risks and ensures compliance.
Cyber situational awareness
Continuous monitoring of the operational system data traffic by collecting real-time data will allow detection of unfamiliar activity through a machine learning, modeling ability. This provides owners and cybersecurity auditors detection capabilities and visibility regardless if it’s a cyber attack, an operational malfunction or incident. Big Data applications also can capture and analyze each packet of information flowing through the network in real time.
Packet protocol layers can be broken down to ascertain the destinations and details of every packet. By analyzing every packet, normal traffic patterns can be developed, giving detection of any potential deviations a greater probability of occurrence.
However, there are security challenges with Big Data environments. Mitigation includes security solutions that can keep up with the continuous evolution of non-relational databases, security measures for automated data transfers. This helps ensure a high occurrence of data validation for trust, origin and accuracy, measures against unethical behaviors related to data mining, access control encryption, and having a detailed audit process that can manage the enormous amount of data.
Five steps to improve OT, ICS cybersecurity awareness in manufacturing