What are the top three pieces of advice you would give a CISO to make the plant OT/ICS environment more secure from cyber attacks?
As a security analyst for industrial control systems and SCADA security, Ayo Folorunso Agunbiade recommends that CISOs take these three steps to protect the plant’s OT/ICS environment against cyber attacks:
1. Implement application whitelisting. “Application Whitelisting (AWL) can detect and prevent attempted execution of malware uploaded by adversaries,” Agunbiade says. It helps prevent industrial cyber attacks by denying any applications that are previously approved as non-malicious. Rather than simply blocking malicious code after the fact, AWL only permits trusted and known files to execute. By putting AWL in place and reducing the attack surface, security organizations are sure that the applications operating in their environment are fully vetted and authorized.
2. Ensure proper configuration/patch management. A configuration/ patch management program centered on the safe implementation of trusted patches will also reduce the attack surface and help keep control systems more secure. This must include asset discovery and the collection of all critical asset configuration information—essential steps in investigating and prioritizing risk mitigation activities. However, patches must be made carefully, especially in critical systems. “I recommend testing all security patches in test environments in partnership with vendors before deploying them into the production environment,” Agunbiade says. Special care must be taken at this stage because deploying patches could lead to further problems that could disrupt the ICS systems or even cause them to become unavailable. It is also worth considering a phased deployment approach, depending on the criticality of the applications or server, when issuing such patches.
3. Analyze attack vectors. Malicious actors have many opportunities to compromise your systems when there are multiple vectors through which they could potentially gain unauthorized access. For this reason, Agunbiade advises reducing the total attack surface area available to them by analyzing potential attack vectors. “Isolate your ICS networks from any untrusted networks, especially the Internet,” he counsels. “You should also lock down all unused ports and turn off all unused services.” In doing so, you can ensure that potential attackers have fewer points of entry into your ICS environment and that the company has less overall exposure to an attack.
This blog comes from the eBook Lessons Learned for Protecting Critical Infrastructure. Download the full eBook for more strategies from experts on the front lines of OT cybersecurity.
Download » Lessons Learned for Protecting Critical Infrastructure