Sectrio

Author name: Prayukth K V

Prayukth K V has been actively involved in productizing and promoting cross eco-system collaboration in the emerging tech and cybersecurity domains for over a decade. A marketer by profession and a published author, he has also proposed and promoted critical infrastructure protection strategies that rely on in-depth threat research and deflection strategies to deceive hackers and malware. Having been at the frontlines of cyber securing infrastructure, Prayukth has seen cyberattacks and defense tactics at close quarters.

prayukth
Factors to consider while selecting an OT/ICS cybersecurity solution

Top ICS factors to consider while selecting an OT/ICS cybersecurity solution

Explore Sectrio’s solutions today: Solutions | Products | Services | SOC Choosing an OT/ICS cybersecurity solution can be a long-drawn process if the right parameters are not considered. Common pitfalls that need to be avoided while selecting an OT/ICS cybersecurity solution include In order to select the right solution, the right place to start would be to understand your unique needs before approaching a vendor. Such needs include your unique device landscape, the networks that support these devices, the presence or absence of remote sites, and the presence of legacy systems that require a unique security layer.  Sectrio has put together a set of factors that can be considered while going for a OT/ICS cybersecurity solution. Factor: OT/ICS Asset visibility including inventory and situational intelligence Factor: OT/ICS threat detection Factor: OT/ICS vulnerability management Factor: eye-on-glass view of OT/ICS infrastructure Factor: OT/ICS cybersecurity solution configuration   Factor: OT/ICS cybersecurity solution implementation Interested in learning about the most comprehensive ICS/OT security solution? Talk to us for a demo, now Go for a IEC 62443 based assessment with Sectrio. Book a consultation with our OT/ICS cybersecurity experts now. Contact Us  Thinking of an ICS security training program for your employees? Talk to us for a custom package.   

Top ICS factors to consider while selecting an OT/ICS cybersecurity solution Read More »

OT Security policy - Blog

Developing customized OT security policy in complex industrial environments 

Explore Sectrio’s solutions today: Solutions | Products | Services | SOC For most Operational Technology (OT) operators, an IT security policy is often the default policy instrument for ICS security. The IT security policy is even relied upon for complex OT systems including remote sites.   This brings forth a clear mismatch between OT security priorities and IT security intricacies, leading to large gaps in the enterprise security posture.   Why should one have a separate OT security policy?  The inherent architecture of OT systems and the critical role it plays in running businesses and critical infrastructure should be sufficient for OT operators to develop and deploy specific policies for OT security. That is however not the case.   Most businesses we have been speaking to do not have a security policy that is specific to OT and considers the unique needs of OT security.   In fact, even the IT security policies that we have encountered have not been modified by businesses in any way to account for OT systems, devices, and network specifics.    Having a separate OT security and governance policy also helps with:  Organizations that have an OT security policy in place are less susceptible to cyberattacks if the policy prescriptions are adhered to with diligence and sincerity. Often, organizations with a comprehensive OT security policy in place are seen to have a more robust approach to cybersecurity.   When policies are deployed with strong interventions including ICS security solutions, practices, and training, each intervention acts as a force multiplier for the overall enterprise security posture.   Practices such as secure remote access, micro-segmentation, building DMZs, and layered security (defense-in-depth) are all the outcomes of policy guidance.    In enterprises that do not have an OT security policy, security measures are deployed in a piecemeal manner and are often a result of reactive rather than proactive inclinations.   In such entities, a compliance mandate could also drive security measures but only to the extent that the mandate prescribes.   There is usually no inclination to go beyond and explore new territories and methods for improving security.   Cost benefits  of having an OT Security Policy Having a policy for OT security also proves to be cost-effective in the long run. This is because an entity that has a comprehensive OT security policy in place doesn’t have to worry about new compliance mandates or threats and may already be compliant with standards such as IEC 62443 whose variants are being incorporated in national mandates on OT cybersecurity.   Since the entity has implemented the policy suggestions in a timebound manner, it has been able to do so in a more cost-sensitive manner without having to resort to affording a single outgo of a significant amount.   Further, by avoiding the downtimes caused by cyber incidents and poor response to incidents, OT security policy-driven businesses can save even more. They are also able to present a higher level of credibility to their customers, shareholders, and to all stakeholders thanks to the adoption of a more responsible approach to cybersecurity.   All this adds up to significant value addition to the business when one considers the long run.   Getting started with an OT security policy   If your business has a governance, risk, and compliance program, then you can build on that by engaging a mature ICS vendor who can draft an OT security policy for you.   In case you don’t have a GRC policy then we recommend you start with an ICS risk and gap assessment to identify the parameters for framing the policy.   Sectrio has enabled many enterprises in the manufacturing, oil and gas, maritime, and other sectors to frame a comprehensive OT/ICS security policy for their operations.   We can also modify your existing OT/ICS policy to ensure relevance and better implementation. From pre-policy framing exercises to monitoring the implementation and effectiveness with the right KPIs and outcomes, we can help you derive and deploy the right OT/ICS security policy. Our policy development practice team is at hand to help.   Book a consultation with our OT/ICS Policy and Governance Expert now. Contact Us  Thinking of an ICS security training program for your employees? Talk to us for a custom package.   

Developing customized OT security policy in complex industrial environments  Read More »

Oil & Gas Sector Addressing the key OTICS and IoT Security challenges

Addressing the key OT/ICS and IoT cybersecurity challenges in the oil and gas industry 

An industry veteran brought out an interesting point at a recently concluded cybersecurity conference. As per him, cybersecurity in the oil and gas industry across upstream, midstream and downstream segments involved a complex play of OEM priorities, asset and site complexities, varying plant specificities, and employee awareness levels. Despite being labeled as critical infrastructure in many countries, as per him, many sector participants were yet to realize the gravity of the consequences arising from deploying adequate cybersecurity levels.   As an industry, the oil and gas sector does face some unique challenges. Beyond everything that is known, certain practices are yet to face security scrutiny. These include reliance on cybersecurity tactics that are IT-focused and miss out on security for Operational Technology/Industrial Control System security altogether. Explore Sectrio’s solutions today: Solutions | Products | Services | SOC The lack of an institutionally embedded approach for OT security that informs all aspects of operations is another challenge that merits mention.   As per Sectrio’s threat research team, oil and gas sector entities lost over 7 TB in data in the first 5 months of the calendar year 2024 to cyberattacks. These include attacks traced back to APT groups and sophisticated threat actors.   Key security challenges in the oil and gas sector   How can oil and gas industry sector entities manage their cybersecurity priorities better?  The path to cyber maturity in the oil and gas sector is a journey and needs to pass through the following milestones:   Where can the Oil and Gas Sectrio start?  No matter where your oil and gas firm is in the cybersecurity level or maturity, an IEC 62443 and NIST CSF based ICS risk and gap assessment can help you plan your journey. Not only does such an assessment expose gaps it also outlines residual risks that can be matched with risk tolerance/appetite to ensure risks are well within acceptable limits.   All measures that are recommended after an IEC 62443-based risk assessment should be implemented in letter and spirit to ensure that every security gap is addressed.   Once the gaps are addressed, a security operations center can be established to ensure the institutionalization and replication of ICS security measures. This will also ensure the propagation of security best practices and prevent the erosion of such knowledge over a period of time.   Talk to Sectrio to secure your oil and gas infrastructure   Sectrio is working with leading oil and gas companies to secure their ICS infrastructure. In addition to solutions and SOC for securing ICS infrastructure, we can also conduct cyber risk and gap assessment exercises to identify and address the security gaps as per IEC 62443.    Thinking of an ICS security training program for your employees? Talk to us for a custom package.   

Addressing the key OT/ICS and IoT cybersecurity challenges in the oil and gas industry  Read More »

a purple and white background with a purple sphere

Phantom OT is the number one threat to industrial security  

What is phantom OT?   Phantom OT comprises systems that operate without any policy, security, or governance controls within an enterprise. They are either outside the realm of any security intervention or are deliberately overlooked in terms of security measures and policy recommendations because:  An AI-Generated tool paints an apt representation of a phantom OT system Security challenges associated with Phantom OT  Phantom OT can have multiple security and operational implications for ICS asset owners. It also opens up a gap in compliance with IEC 62443 specifically vis-à-vis  IEC 62443 2-1 outlining the requirements for an Industrial Automation Control System (IACS) security program. It can also hamper the validation of organizational security measures while lowering the accuracy of reassessments done to measure the impact of organizational and technical security measures.   “If the organization has conducted an ICS risk and gap assessment but has not identified Phantom OT for remediation, there is a strong possibility that the assessment was not performed in accordance with the requirements outlined in IEC 62443-3-2.”  The security gaps arising from Phantom OT also bring forth issues related to ownership of these assets and the infrastructure.  Overall, it renders the infrastructure vulnerable to attacks, breaches, and rogue insider activity.    As the rest of the enterprise moves on, such assets could theoretically be stuck in a time warp and exist as silos within the larger infrastructure. This presents challenges in terms of security and operations and if not addressed, can pose a much bigger security and disruption risk to the enterprise. Read More: How to get started with OT security   Phantom OT is not a mere symptom of bad governance and security practices. Instead, it represents challenges in adopting security measures at a granular level. Phantom OT also opens gaps that grow with the passage of time and allow threats to move across converged environments to target more complex systems upstream or downstream.    Threats from Phantom OT   How to deal with Phantom OT  Developing a deeper understanding of the asset landscape is a good place to implement a strategy to deal with Phantom OT. By identifying the presence of and the practices that lead to the establishment of Phantom OT, an enterprise can address the security challenge.   Other steps to deal with Phantom OT include:  To learn more about better asset management strategies and IEC 62443-based security practices and compliance measures, get in touch with us for a free no-obligation consultation.   Thinking of a ICS security training program for your employees? Talk to us for a custom package.   

Phantom OT is the number one threat to industrial security   Read More »

The Essentials Industrial Risk Assessment and Gap ANALYSIS

Risk Assessment and Gap Analysis for Industrial Control System infrastructure: the core essentials  

Conducting a risk assessment and gap analysis exercise for Industrial Control System environments is important from cybersecurity, business continuity, and risk mitigation perspectives. It is important to bring the risk exposure down to acceptable levels and minimize the risk tolerance with every assessment cycle so that the overall risk sensitivity of the enterprise improves measurably.   Where to start your Risk Assessment & Gap Analysis journey? What is the best time to start an assessment? As a matter of practice, there shouldn’t be a gap of more than 300 days between every OT/ICS & IoT risk assessment and gap analysis cycle.  If 300 days have passed since you conducted your last ICS risk assessment cycle, then an assessment is due right now. A gap of 300 days gives your security team enough time to address the gaps identified in the last round and gives you sufficient time to plan the next assessment with your OT/ICS & IoT risk assessment and gap analysis vendor.   Such a time frame also overlaps between multiple procurement cycles so that the maximum number of new assets are considered and are covered in an assessment.   Planning an assessment is not just about bringing the plant and other stakeholders on board to derive a schedule. Instead, an OT/ICS & IoT risk assessment and gap analysis planning exercise should ideally have the following: Planning an OT/ICS and IoT Risk Assessment and Gap Analysis An example from our experience of conducting OT/ICS and IoT Risk Assessment and Gap Analysis In one of the OT/ICS risk assessment and gap analysis projects that Sectrio did recently, we covered an asset base that was spread across over 994 miles (1600 km). In this project, the planning phase itself stretched over 38 days as we had to also study the report submitted by another vendor during a previous assessment. Further, our pre-assessment teams also visited multiple sites to get a first-hand view of the infrastructure along with site-specific challenges/considerations.   Other considerations while planning a Risk Assessment and Gap Analysis:  Focus areas for the pre-assessment phase    The initial/ pre-assessment steps should ideally set the stage for a more comprehensive and relevant assessment exercise. However, the initial assessment should be seen not merely as an enabler for the next assessment. The initial assessment has legs of its own to stand on and if done right, the gaps identified in this assessment can be addressed as action items on their own.   The following should be the focus areas for the pre-assessment phase:  Simplifying the approach to OT/ICS and IoT Risk Assessment & Gap Analysis Considerations for an On-site Risk Assessment and Gap Analysis Things to watch out for A less than diligent and studied assessment effort can tick a checklist line item but can never lead to any substantial change in the security posture of any organization.   Sectrio has engaged many enterprises where someone else had conducted the assessment but the findings were of no use to the teams or to the business. So how do you protect your business from unhelpful assessments? Here’s how:  When done well, an OT/ICS & IoT Risk Assessment and Gap Analysis Exercise can turn into a helpful ally to improve your security posture.   Sectrio can help you with an OT/ICS and IoT Risk Assessment and Gap Analysis Sectrio has extensive experience in securing enterprises across the globe using proprietary Risk Assessment and Gap analysis methodologies aligned with IEC 62443 and NIST CSF. Our assessments are decision-oriented and provide a complete picture of your security level along with clear measures to improve security levels and address any compliance mandate or security concern.   Talk to us today for more.  Contact us | Request for a quotation

Risk Assessment and Gap Analysis for Industrial Control System infrastructure: the core essentials   Read More »

Why-cyberspace-remains-largely-unaffected-amidst-ongoing-geopolitical-turmoil

Why cyberspace remains largely unaffected amidst ongoing geopolitical turmoil

The lack of any large cyber incidents doesn’t mean things are still deep under. Instead, this could well be the lull before a cyberstorm.     Earlier this week, Iran-linked APT group Charming Kitten (aka Ballistic Bobcat APT, APT35, and Phosphorus) initiated a fresh cyber espionage campaign targeting 14 countries across the globe. The objective of these attacks was to exfiltrate data and to open backdoors for long-term espionage.   Telemetric analysis conducted by Sectrio’s Threat Research Team revealed a higher level of APT 35 activity than ever before with governments, healthcare institutions, oil and gas, and manufacturing entities being targeted. The group is targeting these entities at two levels one is by attacking exchange servers and two by sending large-scale phishing campaigns using ‘critical media updates’ as the subject line.   In addition to this, certain groups are also scaling up their reconnaissance attacks taking advantage of the distraction that has been created by the large-scale DDoS and defacing attacks carried out by other groups. This is a pattern that we have often seen in the past where website defacing attacks are often used to cover targeted attacks.      As conflicts in the Middle East and Eastern Europe draw on, information warfare, or more specifically information held for ransom could become a game-changer for the parties involved. This is why we have not seen any major cyber incidents occurring since the latest outbreak of hostilities. However, knowing cyberspace, things could escalate quickly if the information already pilfered is put to use by the threat actor concerned or by their backers.       Cyberspace realities: Change in tactics Unlike past geopolitical conflicts where cyberspace was impacted almost immediately, the biggest impact this time around has been limited to DDoS attacks on websites and the compromise of social accounts. That’s how most of the attacks panned out. However, reconnaissance and data exfiltration attacks on businesses have also grown but not as significantly as the DDoS attacks.   To-do list for CISOs and Security leaders Thus, things might escalate quickly reducing your time to respond. Here is an immediate to-do list for you as a CISO or a security leader:   How sectrio can help Sectrio is a one stop solution to secure all the above needs and requirements. Reach out to us and find out how sectrio can help secure your organization today.

Why cyberspace remains largely unaffected amidst ongoing geopolitical turmoil Read More »

Fundamentals of attack path analysis in an OT environment

Fundamentals of attack path analysis in an OT environment

At its core, an attack path analysis presents a powerful visual and impactful representation covering a potential path that cyber threat actors or malicious payloads may tread to breach asset or network targets. The benefits justify resource and attention investments in an APA exercise. In addition to helping disrupt the changes of a successful cyberattack, it can also improve the maturity of your OT security team.    The depiction of a compromise path, so to speak, presents a visual dimension to a possible attack and enables security teams, SOC analysts, CISOs, and security decision-makers to derive and deploy countermeasures. Attack Path Analysis also helps prioritize vulnerabilities for action based on a deeper understanding of the impact a possible cyberattack could have.   How to approach Attack Path Analysis in an OT environment  An OT environment can present several challenges to the smooth conduct of an Attack Path Analysis effort. Knowledge of the environment, operational dynamics, asset topology and vulnerabilities are essential. As we have seen many times before, many OT operators do not have such information or lack information at the level required to conduct an APA in a structured manner. The relevance of the outcome of the APA for your organization depends on many factors.    To conduct an APA in an OT environment and to get results that matter, these pre-requisites have to be in place:  Once the above data is in place, a model can be derived to map the possible attacks and the targets along with the path an attack could potentially take. Contextual information that enables a direct correlation between targets, breach points, conduits, and the overall path can then be ascertained.   Reccommended reading: Complete Guide to Cyber Threat Intelligence Feeds APA should not be seen as a drawing board/whiteboard exercise to be conducted on paper. Instead, APA should be conducted as an objective exercise to identify and break existing attack paths and reduce the changes of a new one appearing in the future.    Charting the course of an attack   It is not essential for an attack to move horizontally in a network in a linear manner. Thus, when drawing the attack path, the model must be able to offer multiple paths with the probability of the attacker choosing a specific path to a target and link that with the probable success ratio. This will help security teams focus their attention on breaking the attack path through specific interventions starting with the most probable paths.   When deciding on prioritizing interventions the following aspects can be used to derive a path score:  Benefits of an Attack Path Analysis   Conducting an APA can lead to many benefits for your organization. Some of these include:  Interested in learning more about how you can deploy APA in your organization? Talk to our APA expert.    Watch our On-Demand webinar here: How to conduct OT attack path analysis in your organization

Fundamentals of attack path analysis in an OT environment Read More »

An-integrated-OT-SOC-Cost-or-Investment

An integrated OT SOC: Cost or Investment?

A dedicated OT Security Operations Center offers a strong foundation for launching and supporting many institutional security measures such as continuous threat detection, unified view and visibility, and OT governance and policy implementation.  When done well, a managed OT SOC can serve as a nerve center for all OT security efforts while reducing risk exposure and resource requirements by significantly reducing redundancies. OT SOC also institutionalizes all security measures and ensures the allocation of adequate levels of attention to OT security in line with the growing threats and cyber risks related to OT. Cost Vs investment: building a case for an OT SOC In an era dominated by the convergence of technologies, security blind spots can derail even the best security plans and approaches. Such blindspots can emerge due to many reasons one of which has to do with a general lack of a unified and evolving approach to OT security that keeps pace with the rising sophistication of cyberattacks, rising insider threat, and increasing threat surface area. Having an OT SOC reduces the chances of such blind spots existing for periods long enough to cause their impact to manifest. Through a mix of policies, interventions, best practices, and solutions, such blind spots can be addressed fairly early in their lifecycle. Efficiency is another area where businesses can gain significantly with a dedicated OT SOC. With an OT businesses can run automated processes that minimize time to respond to an incident, reduce manual tasks, and gain deeper insights to manage resources while keeping costs under control. These automated tasks can also help improve the quality of incidence response as well by offering the right data and decision-making context to security analysts or to workflows that serve as policy triggers. An OT SOC should be seen as an investment rather than a cost. In addition to reducing needless redundancies, an OT SOC can also offer information to an IT SOC to improve coordination between the two teams. It also makes security operate in a more proactive manner to contain threats, identify vulnerabilities (and patch them), and stop cyberattacks early. Thus security investments as a whole are rendered more effective and efficient. Keeping pace with changing threats and regulatory environment dynamics A managed SOC can bring flexibility and scale to your security initiatives. A good OT SOC vendor can bring in best-of-breed solutions, implement proven practices, identify and mitigate risks early, and ensure compliance with existing and new compliance mandates on an ongoing basis. This helps CISOs focus on strategic and operational improvements.   A good OT SOC pays for itself In addition to all the benefits mentioned above, a good OT SOC can make a huge difference to your margins. How do you ask? Well, for one, with a well-managed OT SOC, your security team can invest time, resources, and attention in improving skills, operations, and other aspects without worrying about cyberattacks or breaches on an everyday basis. Businesses can also save through a managed OT SOC through: Want to learn more about how a managed OT SOC can make a significant difference to your business? Talk to our OT SOC expert now: Contact Us

An integrated OT SOC: Cost or Investment? Read More »

Why the new AI cybercrime tool is just the tip of the iceberg

Why the new AI cybercrime tool is just the tip of the iceberg

Recent reports about the appearance of a new generative AI tool point to the levels of maturity that hackers have attained as far as leveraging AI is concerned. In the latest edition of our IoT and OT threat landscape report, we had predicted this trend with supporting data. Our prediction on the use of AI covered these points: If you wish to read more and understand how things got this far, I would encourage you to check out the AI section in this report available for free download. Now that that is out of the way, let’s focus on why we should look beyond just the tools to understand how hackers are preparing themselves for launching new waves of AI-powered cyberattacks. We will also look into ways to prepare our infrastructure to withstand these waves and continue operations without disruption. Not merely a tool for script kiddies and lazy hackers AI-based tools, while lowering the entry barriers for hackers, are also enabling them to reuse data that they used to sell or simply discard earlier. This data includes network access credentials, traffic baselines, packet composition, asset vulnerabilities, bandwidth usage patterns, and more. Such data can now be used to derive the best windows for a cyberattack or even figure out how to confuse security mechanisms by generating lots of false positives.       SOC operations and data on incident response frameworks can also be derived from the stolen data using AI. Generative AI can place these predictions in buckets and then craft a cyberattack tool armed with the relevant know-how to conduct another attack on the same victim in case they have not changed their processes and tools much (which is often the case). Here are a few more ways in which hackers will leverage AI-based tools to further their disruptive agenda: AI-based reconnaissance AI tools can also be used to run reconnaissance campaigns more effectively. A typical AI campaign could involve guised packets that could hide modular reconnaissance malware that could assemble itself within the network of the victim or on a device running on their network. The net result will be a clearer view of the victim’s network including weak points and unguarded threat surfaces. This also increases the level of situational awareness for the hacker or the group.   Supply chain manipulation AI-based tools can also be used to carve a path for adding embedded malware at various points in the supply chain. Using such tactics, the hackers can open up multiple points for embedding malware or snooping payload in the supply chain and enable it to travel upstream or downstream. Visit our compliance center to download free compliance kits New models and frameworks for hacking    With AI-based tools, hackers are also able to try out new breach tactics faster and eliminate tactics that do not work or work partially or may take much longer to succeed. Successful tactics can be further refined and fine-tuned. Co-opting insiders through campaigns   Hackers can run large-scale campaigns to target susceptible insiders across channels, platforms, and apps. This could lead to more such campaigns turning successful and providing hackers with a new avenue for high-quality data exfiltration. AI can also be used to identify susceptible profiles that can be targeted through persistent campaigns. AI-driven bot farms AI can also be used to manage bot farms that can run large-scale targeting across geographies. AI can also be used to minimize the footprint and signatures of individual bot farms to obscure them. Such bot farms can also be turned on and off sequentially to minimize the load on individual bots. This can have significant implications for projects and businesses that use the Internet of Things (IoT) in their infrastructure.  Asset profiles, vulnerabilities, and Zero Days    AI can profile OEMs and their components to discover Zero Days through a systemic study of design principles and production processes to determine flaws and unpatched vulnerabilities. This can make a big difference to Operational Technology security measures implemented at a plant/unit level.  These are just a few use cases related to the use of AI by hackers. What we are seeing now is just a preview of how things will evolve in the days to come. With greater attention and resource involvement, hackers will be able to gain a clear upper hand when it comes to breaching targets with ease. How to defend your IoT and OT infrastructure against AI-powered cyberattacks The following steps can be taken to secure against AI-powered cyberattacks: Interested in learning more about AI-powered attacks and ways to prevent them on your networks? Talk to our security expert. See our IoT and OT security solution in action through a no-obligation demo Gain Ample visibility into your network and identify gaps today, Sign up for a comprehensive asset discovery with vulnerability assessment today from Sectrio

Why the new AI cybercrime tool is just the tip of the iceberg Read More »

Looking-ahead-of-CEA-guidelines-to-secure-the-power-sector-in-India

Looking ahead of CEA guidelines to secure the power sector in India

India’s Central Electricity Authority (CEA) issued the Cyber Security in Power Sector Guidelines 2021 in October 2021. The comprehensive guidelines are intended to help all power sector entities in India take measured steps to improve their overall cybersecurity posture and protect critical infrastructure from cyber attacks through specific interventions. The guidelines cover a wide gamut of topics, including: Information security management It outlines a set of requirements for establishing an information security management system (ISMS) in power sector entities. OT/ICS Asset management The guidelines offer inputs on how to identify, classify, and manage assets in the power sector. OT/ICS Risk assessment The guidelines elaborate on ways to conduct risk assessments on IT and operational technology (OT) systems used by responsible entities in the sector OT/ICS Security controls The guidelines list a number of security controls that should be implemented by the power sector entities. Incident response The guidelines also offer guidance in responding to cyber incidents in the power sector. The CEA cybersecurity guidelines 2021 can serve as an important foundational platform for securing power sector entities in India. By adopting these guidelines, responsible entities can address various cybersecurity gaps and plan and deploy interventions on priority to secure their infrastructure.     Highlights of the guidelines: Responsible entities Responsible entities, as per the guidelines are those entities that serve various roles in the power sector and are sector participants with significant exposure to cyber threats. These entities include power generation companies, transmission companies, distribution companies, OEMs and system operators. Information security management system The guidelines require responsible entities to establish and maintain an ISMS. The ISMS should be based on the international standard ISO 27001. OT/ICS and IoT Asset management The guidelines require responsible entities to identify, classify, and manage all assets in the power sector. This includes IT assets, OT assets, and physical assets. OT/ICS and IT Risk assessment The guidelines require responsible entities to conduct risk assessments of IT and OT systems. The risk assessments should be based on the international standards ISO/IEC 27005 and IEC 62443. OT/ICS Security controls The guidelines list several security controls that should be implemented in power sector entities. These controls include access control, data encryption, and incident response. OT/ICS Incident response The guidelines provide guidance on responding to various types of cyber incidents covering steps such as detection, containment, eradication, and recovery. Access controls: All REs must put in place controls that enable access management in a secure manner Complying with CEA guidelines: Sectrio can help power entities comply with CEA guidelines in a structured manner. With its extensive experience in critical infrastructure (specifically the power sector), Sectrio can enable power companies to address the requirements suggested by the guidelines as well as be prepared to comply with the power sector cybersecurity regulation, which is on the horizon. Here are a few ways in which Sectrio can help power sector entities in India: CEA Requirement How Sectrio helps address this mandate Continued scanning of all systems for any vulnerability/malware as per the SOP laid down, and for all such activities, digital logs are maintained and retained under the custody of CISO for at least 6 months. Sectrio’s vulnerability management module and threat detection modules can meet this need. The first one detects any vulnerability arising from a lack of patches, misconfigurations, or the addition of a device with pre-existing vulnerabilities. The assessments will be comprehensive across locations and assets, providing a detailed report on the findings with logs as well. The Responsible Entity shall have a Cyber Security Policy drawn upon the guidelines issued by NCIIPC. Sectrio can help power companies develop a comprehensive cyber security policy, including governance, RACI matrix, and other rules aligned to NCIIPC guidelines RE must secure cyber assets through updates, patching, testing, configuration security, and additional controls Sectrio can ensure early detection of exploits, and it can also flag assets that are not secure, unpatched, misconfigured, or not inventoried. Potential gaps can also be highlighted along with exposed and exploitable threat surfaces.  Cyber Risk Assessment and Mitigation Plan – Document and implement a Cyber Risk Assessment and Mitigation Plan Such a plan can be put in place by Sectrio’s team in collaboration with the relevant team from the power company. The plan will also have a roadmap component to ensure the scaling of all security measures. REs must implement ISMS and audit IT and OT systems yearly with CERT-In empaneled cyber security OT auditors. Sectrio is a CERT-In empaneled cyber security OT auditor, and we also have extensive experience in conducting similar work. Identification of Critical Information Infrastructure (CII) Res must provide information on their cyber assets, critical business processes & information infrastructure to NCIIPC Sectrio’s solution can help inventory assets covering information on each asset in detail available in one click. Only identifiable whitelisted devices are used to download or upload any data or information from their internet-facing IT system. Sectrio’s solution can help inventory assets and their digital footprint and identify their functions and activities on the network. The CISO manages a list of whitelisted IP addresses for each firewall, and each firewall is set up to only permit communication with the whitelisted IP addresses. Our solution can help identify any deviation from the set communicated communication rules through a white list. It can also identify and block communications to a blacklisted or suspicious IP as well. The Cyber Security Policy must include specific information about the process of Access Management for all cyber assets that the Responsible Entity owns or controls. Access management at a device level can be controlled to ensure that only permitted services and devices are allowed to interact.  Through its Information Security Division, the Responsible Entity shall be solely responsible for implementing the Cyber Security Policy (ISD). Sectrio can work with the responsible entity for implementing the CSD and improving its implementation. Sabotage reporting: responsible entity must incorporate procedures for identifying, reporting, and preserving records of cyber sabotage Sabotage attempts through cyberattacks can be blocked by Sectrio’s solution. This

Looking ahead of CEA guidelines to secure the power sector in India Read More »

Scroll to Top