As per the Cybersecurity and Infrastructure Security Agency (CISA), threat actors were still leveraging brute force intrusions, default credentials, and other unsophisticated attack methods to target internet-exposed operational technology and industrial control systems of critical infrastructure organizations.
Organizations that are running their ICS infrastructure without adequate visibility into their networks and operations are especially vulnerable to such threat actors. So how can critical infrastructure operators respond to this emerging threat?
The answer lies in launching a structured institutional OT security program with a strong foundation to improve and strengthen their existing OT security measures in a phased manner. Such an approach ensures asset assurance, and improved visibility into the outcomes of each measure and allows OT asset owners to move forward with more learning and knowledge.
So what does a structured critical infrastructure OT security program look like?
- The program can be divided into 4 phases:
- Understanding the present state of OT security
- Implementing the relevant measures to secure OT infrastructure
- Monitoring success
- Channeling the learnings from each phase to improve the program
Now let’s look at each of these OT security phases in more detail.
Phase 1: Understanding the present state of OT security in your Critical Infrastructure
This phase includes conducting an IEC 62443-based OT/ICS Cybersecurity Assessment to determine the gaps and issues with the current OT security approach.
Reach out to us now.
Conduct an IEC 62443/NIST-CSF based risk assessment and gap analysis now!
The following aspects need to be highlighted in detail in the assessment: ·
- The present state of asset and network visibility and blindspots
- Gaps in OT security decision-making
- The relevance and impact of the present OT/ICS cybersecurity policy and governance measures
- Level of employee awareness of OT security threats and risks
- Adherence to cybersecurity best practices and standards including IEC 62443-2-1, NIST SP 800, NERC CIP or other relevant standards
- Relevance of OT security audit outcomes in improving the security posture
- Security gaps that need to be addressed immediately
- SecOps efficiency and impact
You can use this IEC 62443 checklist for the above exercise.
Phase 2: Implement security measures including those to secure infrastructure and detect threats
In this phase, the measures designed to gain visibility, and protect networks and assets while securing them with various measures such as:
Hard network segmentation between OT and IT networks
- Follow the Purdue architecture
- Implement OT asset discovery, vulnerability management and network threat detection tools; microsegment network to protect crown jewels
- Deploy secure remote access
- Implement controls for ensuring user privileges, network and asset configurations and supply chains
- Follow patch discipline and deploy compensatory controls wherever patches cannot be applied
- Ensure all assets are tested for security through a Security Acceptance Testing program before they are deployed
Phase 3: Evaluate data and security measures (measure success)
During this phase, all security management measures should be institutionalized through an OT Security Operations Center. The SOC should also have an incident response and management component either in-house or through managed means.
An OT security audit is recommended at this phase to gather data on the effectiveness of the security measures and the impact of the OT governance and security policy in an integrated manner.
This phase should cover:
- Expansion of parameters to measure the efficiency of SecOps
- Establishment of a SOC with dedicated resources if possible
- Connect the number of cyber events with the response and assess the quality of the response
- Assess all monitoring means and identify gaps, if any
Phase 4: Channel the learnings from your OT security program
Regular internal and external workshops to share learnings from all aspects of cybersecurity operations
- Form a team to ensure the learnings are shared and used to improve SecOps
- Track implementation of learnings from past incidents and episodes
- Track and adopt new standards and measures to improve benchmarks
To learn more about a structured OT security program that incorporates IEC 62443, NIST CSF, and NIST SP 800, talk to a Sectrio OT governance expert. Book a consultation with our ICS security experts now. Contact Us
Sectrio’s OT and IoT threat report uncovers the Chinese intelligence conveyor belt
Sectrio, the premier IoT and OT security company has launched the…
Leveraging Tabletop exercises to Enhance OT security maturity
Has your organization tested its OT security incident response plan in…
How to evaluate OT security program maturity
An OT security program can lead to better resource use, improved…
Launching a critical infrastructure security program in 4 phases
As per the Cybersecurity and Infrastructure Security Agency (CISA), threat actors…
Simple yet essential cybersecurity strategies for ensuring robust OT security
At the heart of an OT security strategy lies the ability…
10 steps for reducing ICS asset risk exposure
The level of asset risks that OT operators are exposed to…
Why is Chinese threat actor APT 41 in a tearing hurry?
Since June 1st 2024, Chinese frontline threat actor APT 41 has…
Thinking of an ICS security training program for your employees? Talk to us for a custom package.