Sectrio

Improving Risk and Governance Profile for Compliance in the Manufacturing Industry

uh this is something that i wanted to just share with everybody uh a quick uh you know a snippet of a particular ics device uh controller uh which is you know which is one of the several uh devices that are to be installed in the operational facilities right we have different scada systems which run on modbus your bacnet uh your bass controllers that are connecting on your layer two uh protocol level uh that are connected inside your infrastructure now when we see this uh when we do an assessment on this uh we see that there is already a cve that has been identified which is vendor specific and the criticality so the cbe 3.0 based on the scores has identified that there is a buffer overflow issue uh but then how uh how do we actually look at specific endpoints that are uh carrying out these type of device profiles and then build controls on it NIST because if i use my existing security that are for our i.t systems my desktops laptops and mobiles they will not even have a way to list out these kind of vulnerabilities that are very specific to these devices so that’s where we uh kind of have laid out what exactly we think should be uh the process that we you know we work with our customers and most of them follow is basically fingerprinting based on what we scan on their device so what the accesses do people have on uh you know your ics devices like these uh what kind of privilege privileges that your admins your operational uh team actually has on the device type on this what is the password policies which are you know preliminary uh checks that has to be cleared off making sure that we are not using iec 62443 default password we have we not uh we’re basically employing the zero trust which means unless required nobody gets in the access into these devices uh then going a little bit further down to understand what does the protocol vulnerabilities look like are there any existing protocol vulnerabilities that can expose even though the devices and the infrastructure is inherently secure uh maybe there is somebody else trying to communicate over it maybe they’re exploiting a vulnerability that exists within the protocol or the message that are either in transit or at rest so those are some of the important aspects to start with and based on that we see fingerprinting and then identifying contextual based current profile so this is what it gives you here is what my current profile looks like here these are all the different vulnerabilities i’ve identified uh maybe i will only pick the top the critical ones that are directly going to impact our business then create a NERC CIP response plan for it and then assessing what does my uh vulnerability management for that look like how do we overlay so one of the most important aspects that missed also uh you know talks about quite a lot is it’s not here to replace anything that is currently in uh practice but it is to overlay and compliance uh complement your existing security controls with some of these things which are talking about certain uh vulnerabilities or certain gaps that are identified not covered by our traditional security measures and then establishing uh you know your target profile customized templates based on what our findings are and further to that enabling your detection mechanisms and then your response uh playbooks so this gives you a clear streamlined view of how you include or adopt to all the security uh you know you know security uh postures building your security postures and adopt that security strategy with your existing operations and not replacing anything

Leave a Reply

Your email address will not be published. Required fields are marked *

Scroll to Top