Cyber Defense eMagazine June 2021 Edition
Cyber Defense eMagazine June Edition for 2021 #CDM #CYBERDEFENSEMAG @CyberDefenseMag by @Miliefsky a world-renowned cyber security expert and the Publisher of Cyber Defense Magazine as part of the Cyber Defense Media Group as well as Yan Ross, US Editor-in-Chief, Pieruligi Paganini, Co-founder & International Editor-in-Chief, Stevin Miliefsky, President and many more writers, partners and supporters who make this an awesome publication! Thank you all and to our readers! OSINT ROCKS! #CDM #CDMG #OSINT #CYBERSECURITY #INFOSEC #BEST #PRACTICES #TIPS #TECHNIQUES
Cyber Defense eMagazine June Edition for 2021 #CDM #CYBERDEFENSEMAG @CyberDefenseMag by @Miliefsky a world-renowned cyber security expert and the Publisher of Cyber Defense Magazine as part of the Cyber Defense Media Group as well as Yan Ross, US Editor-in-Chief, Pieruligi Paganini, Co-founder & International Editor-in-Chief, Stevin Miliefsky, President and many more writers, partners and supporters who make this an awesome publication! Thank you all and to our readers! OSINT ROCKS! #CDM #CDMG #OSINT #CYBERSECURITY #INFOSEC #BEST #PRACTICES #TIPS #TECHNIQUES
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
Plan<br />
Planning for ICS Security needs to start with an understanding of the different objectives held by those<br />
responsible for the safety and security of Operational Technology, and of those concerned with<br />
Information Technology, as well as their differing priorities and the implications of these. Make operational<br />
and cyber resilience a common task and goal for all.<br />
The security priorities along which OT and IT are organized quite often are the root cause for<br />
misconceptions, misunderstandings, and incomplete guidelines. As a kind of worst case, the attempt to<br />
force IT rules on OT devices can be devastating (try to roll out a patch to an embedded device providing<br />
a real-time control function for an industrial furnace in a Chemical Plant just because it is Patch Tuesday).<br />
OT focusses on control and availability as the top priorities and confidentiality as the least, in contrast to<br />
the known C-I-A triad of priorities, holding confidentiality as paramount.<br />
Similarly, there needs to be regular information exchanges among all stakeholders about new threats,<br />
new processes, new or changed assets and applications. The key aspect of these regular reviews is to<br />
share an understanding of any changes to the business as a whole. A new production line improving the<br />
efficiency of a plant can be rendered vulnerable if its connections to the maintenance provider is unknown<br />
or undocumented.<br />
In addition, establish guidance for the ‘emergency case’ that reflects tasks and responsibilities for<br />
systems, assets, and processes. Communication chains and loops will have to be prepared as well.<br />
Do<br />
With the planning and preparation in mind, get some threat & vulnerability intelligence in place. Use<br />
CISA’s ICS alerts and advisories (you can find them here as well) and other additional sources about<br />
vulnerabilities discovered, whether in IT or in OT devices. This intelligence will help you with the daily<br />
task of what to look out for. Share experience with industry peers and your supply-chain and learn from<br />
them by participating in regular exchanges.<br />
Depending on your infrastructure, you can use a good vulnerability scanner to detect any existence of<br />
vulnerabilities listed in the a.m. threat intelligence sources. Caution is advised when doing so, as for some<br />
OT equipment network scanning is not suitable. Use this combined knowledge (vulnerabilities and threat<br />
intel) to establish a Secure Baseline configuration for devices, where the latest firmware / software is<br />
installed with any recommended patches.<br />
Generate shared internal knowledge about all assets, whether IT or OT, involved in the business<br />
processes of your organization, how they interact and communicate. Find out which one depends on<br />
others or provides vital output to other OT machinery so to identify about critical overlapping paths in data<br />
flow and material flow. Again, this knowledge of essential communication paths should also become part<br />
of the Secure Baseline, with only approved network-accessible ports permitted for each class of device.<br />
Map out the communication network, with an overlay of the business process. If it is not possible for all,<br />
do it for the critical ones, those that have to be kept running – even if degraded – for the company to<br />
continue to generate its output of products and or services. Assign checkpoints to that map and what<br />
should be verified at each of these points.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>June</strong> <strong>2021</strong> <strong>Edition</strong> 69<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.