The industrial sector: An environment uniquely vulnerable to cyberattacks

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://insurancenewsnet.com/oarticle/2014/08/22/the-industrial-sector-an-environment-uniquely-vulnerable-to-cyberattacks-a-546856.html#.U_eJxPldVjI

Cybersecurity is a growing international concern. Global insurance market
Lloyd's of London's Risk Index 2013 rated cybersecurity the number three
top threat to the global economy in 2013, up from number 12 the previous
year. With the rise of cybercrime, it is important for companies and
organizations to understand their unique vulnerabilities to this type of
crime. Many government focused attacks originate from entities in
developing countries interested in growing their critical infrastructure
(such as for power, chemical, water, oil and gas), and who are looking at
successful companies and entities to understand how they design and operate
their systems. These industries, along with their corresponding industrial
and manufacturing production facilities, have unique vulnerabilities to
cyberattacks.

Safeguarding infrastructure critical industries

A change in the industrial landscape and increased vulnerabilities are
prompting industrial facility managers and operators to implement security
practices tailored to safeguard their network infrastructures.

It is important for a facility manager to understand the unique
characteristics of his or her industrial environment and where
cybersecurity actions should be applied. Below are six key steps for
operating facilities according to the highest possible security standards.

* Security plan: Have a plan that includes critical asset identification,
policies, and procedures to cover risk assessment, risk mitigation, and
methods to recover from disaster.

* Network separation: Separate the industrial automation and control system
from other networks by creating "demilitarized zones" to protect the
industrial system from enterprise network requests and messages.

* Perimeter protection: Use firewalls, authentication, authorizations,
virtual private networks (IPsec), and antimalware software to prevent
unauthorized access.

* Network segmentation: Contain a potential security breach to only the
affected segment by using firewalls and virtual local area networks to
divide the network into subnetworks and by restricting traffic between
segments. This helps contain the malware impact to one network segment,
thus limiting damage to the entire network.

* Device hardening: Manage passwords, define user profiles, and deactivate
unused services to strengthen security on devices.

* Monitor and update: Do surveillance of operator activity and network
communications. Regularly update software and firmware.

Vulnerable industrial environments

The increasingly open and collaborative nature of industrial operations
introduces higher risk in these environments. In the past, industrial
networks were primarily isolated systems, running proprietary control
protocols, using specialized hardware and software. These days, systems are
networked on IP-based, wireless, and mobile systems that are more open to
attack. What's more, legacy control systems were not designed to contend
with current threat levels.

Inadequate end user awareness and end user inertia lead to increased
vulnerability. End users in critical infrastructure environments are often
better organized in their cybersecurity defense. However, many end users in
other industries (including manufacturing) are either unaware of the risk
of cyberattacks or reluctant to implement security strategies in their
enterprises, because investments in cybersecurity do not appear to have a
tangible return on investment. This leads to a complacent "wait and watch"
approach that only mandatory regulation or the unfortunate instance of a
cyberattack may change.

Increased need for realtime operational data has propagated the use of
commercial off-the-shelf information technology solutions in industrial
environments. This has changed the playing field, and the gradual shift
toward "connected" network solutions in the industrial space has caused
control systems to face increased exposure to malware and security threats
that are targeted at commercial systems. Inadequately skilled workers leave
the industry with gaps in its knowledge base and expertise to protect
against attacks. Although the industrial sector prides itself on a highly
skilled workforce focused on automation systems, that does not always
translate into adequate expertise in industrial operational technology
networks. The skills gap weakens an organization's ability to develop
comprehensive protection and prevention strategies.

Using security best practices

Cybersecurity incidents are escalating in number and complexity. As
industrial processes are integrated with outside networks, plants are at
risk, and operations teams need to implement cybersecurity best practices.
Cyberattacks are an ever-present and an ever-evolving threat that require a
proactive and planned approach. To keep their operations safe,
organizations need to look at their internal policies, procedures, and
culture, and work in close partnership with their solutions providers.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!