What are the top three pieces of advice you would give a CISO to make the plant OT/ICS environment more secure from cyber attacks?
Unlike some OT environments, nuclear power plants are heavily regulated. Nuclear Regulatory Commission (NRC) inspections, which include an evaluation of cybersecurity, typically occur every two years during scheduled outages for plant refueling. This is also when other plant maintenance occurs, such as updating and re-engineering control systems.
But even in this tightly controlled environment there can be devices that introduce vulnerabilities. “When systems are out there in the plant, they often stay there until they fail. One thing we evaluate is the health of those particular assets,” says Gabriel Agboruche, who has spent much of his career as a cybersecurity engineer and specialist.
The OT environment in a nuclear power plant is made up of layers of criticality, each one separated from the others by an air gap. One of the challenges in securing these systems while using modern ICS components is preserving those air gaps. Agboruche follows these practices in securing the plant’s OT systems:
1. Have a correct, accurate account of all digital assets within your plant.
This includes knowing what you have, understanding how and what those devices control, and working with IT people to understand the data inside those control systems. This is important for safe and secure operation of the plant, and it also helps with NRC inspections. “Having rogue devices in your OT environment that you don’t have control over is a big problem,” Agboruche notes.
2. Assess critical vulnerabilities immediately.
“As soon as we learn of any vulnerabilities or any possible threats that might be coming from anywhere, we have to evaluate our systems to make sure the plant is not at risk,” says Agboruche. These might be alerts from control system vendors, or information about a new kind of ICS attack such as Stuxnet. “We don’t just hear about things and say we’re OK. We need to be able to evaluate our systems to make sure that we’re not vulnerable to the same type of attack with the same issues,” he comments.
3. Carefully evaluate every piece of equipment that goes into the plant.
This is a continuous process that not only involves looking at new equipment, but it also means evaluating existing systems and comparing those to similar systems in other plants. Agboruche notes that an important part of nuclear power plant cybersecurity is sharing information with other plants. “Sometimes we’ll hear from another plant that may have a more mature cybersecurity program. We’ll evaluate our systems compared to theirs. We’ll do our own evaluation too on the back end, so we have a thorough look at the different vulnerabilities,” he says. Agboruche points out that there is no way to completely eliminate cyber risk, but people often don’t recognize there are risks when you open up your network to certain types of technologies or even vendors. He cites as an example one type of handheld communicator used to wirelessly configure different devices within the plant. It sends and receives proprietary communication protocols. The newest versions of that device now have Bluetooth capabilities. “There’s a new vector of interest for somebody who might have malicious intent. Are we comfortable with this? There needs to be an evaluation. If we’re comfortable with it, what are we doing to protect against it?”
Agboruche believes that inside an OT operation, data itself is ultimately the most critical asset, but not because of the intrinsic value of the data. “Data is your primary asset because that is what is interacting with the physical world,” he says.
This blog is one of many essays in the eBook Advice for CISOs: How to Approach OT Cybersecurity. Download the full eBook for more strategies from experts who are on the front lines of OT cybersecurity risk mitigation.
Download » Advice for CISOs: How to Approach OT Cybersecurity