The scale and potential severity of injury or cost of life that define the most recent cyber attacks on the U.S. oil pipeline, Florida water purification system, and others around the world underscore a need to change the way we approach cybersecurity.
This is further reflected in the recent Executive Order on improving the nation’s cybersecurity.
While there is no “silver bullet” when it comes to creating a cybersecurity solution and potentially no way to “solve” cybersecurity, there are strong foundational ideas and principles upon which to build a solid cyber-defense strategy.
One aspect of being cybersecure means building layers of defense and being strategic, deliberate, and intentional with the purpose of each layer. It’s about maintaining a clear demarcation between information technology (IT) and operational technology (OT) systems—even in a converged network—in such a way that maintains the integrity of business operations and the availability of protection and control devices.
We follow a defense-in-depth approach, using the NIST Cybersecurity Framework as a guideline, which is reflected below and which shows the actions you can take today to assess and advance the security of your power system.
Read below or schedule a consultation with an SEL cyber expert.
One major component of defense in depth is an assumption that defenses will fail or will be compromised. Therefore, strategically layering your defenses will keep your system protected the longest. Each layer should further delay a cyber attack while bringing awareness to cyber professionals that something is happening.
Strong defense in depth incorporates multiple complementary controls at each layer. These controls revolve around policies, procedures, and technology that intersect and contribute to detection, prevention, and recovery of cyber attacks.
A defense-in-depth plan or strategy should be understandable by those who need to use it. The plan should be well-defined and account for all feasible threats and address what happens in the event that the system is compromised and how personnel should respond.
Cybersecurity systems should ideally be comprised of components that are easily interoperable and work together in a way that contributes to the performance and strength of an overall cybersecurity plan.
We have a long history of solution and product design for OT environments. This has allowed us to build a deep understanding of the intricacies and security considerations specific to OT networks, such as assumed trust between devices, deviation from baseline status, and how the concepts of confidentiality, integrity, and availability should relate to each other based on application.
Before you begin any cybersecurity plan, you need to understand what risks exist by conducting a risk assessment. This includes establishing a system baseline that identifies key aspects of hardware and software components.
This step also encompasses reviewing and updating existing security policies, plans, and procedures as well as conducting security training.
In addition to reviewing and auditing physical security, updating anti-malware, and applying strong password management at all levels, this is a good time to ensure a strategic layered defense network strategy.
Constant vigilance of your power system is key. Consider establishing a baseline monitoring solution and implementing system health monitoring to quickly identify anomalies and events.
Network and system behavioral monitoring solutions, like an intrusion detection system (IDS), are powerful resources you can use at this stage.
One key aspect of the Respond and Recover stages is conducting training exercises—simulate a cyber attack, such as the discovery of ransomware on a computer, and go through all of the steps in real time. Know who you will communicate to immediately upon discovery of the breach and what you will say; know what your mitigation action plan is; and know how quickly you can “reset” and get operations back under control, and what all that entails.
Emotions run high during a real cyber event; having a clear and practiced plan helps provide control and guidance. SEL’s cyber team can help facilitate and perfect these simulations and update the emergency plans.
Below is an approach to layered defense based on the concepts of deny by default, simplicity, and appropriately applying cryptographic and other protocols at each layer.
Software-defined networking (SDN) is purpose-built for OT environments: it adds security while at the same time increasing network performance. It takes the decision-making control out of the switch and puts it with the operator—the operator defines all pathways and predetermines all conversations. Anything that doesn’t match or belong on the network—like rogue packets and bad actors or unwanted devices attempting to traverse the network—is identified, denied by default, and contained within the switch to prevent the threats from infecting other parts of the system.
SDN eliminates vulnerable network technologies that can lead to spoofing, MAC flooding and table poisoning, BDPU attacks, ransomware attacks, and more. It’s also an ideal solution for baseline monitoring, and can send traffic alert data to an IDS.Watch the SDN video.
Blueframe is a cohesive application platform that provides a secure framework for running OT software applications and seamlessly exchanging data between them. Blueframe utilizes a specialized OS and containerized applications to ensure a more secure solution that is independent from frequent patches and upgrades. Blueframe also includes security features, such as exe-GUARD whitelisting technology, to prevent unauthorized access and potential attacks.
Watch the video demonstrating how the Blueframe platform works when confronted with a threat to a system.Watch the Blueframe video.
Relays are built to protect power systems, not to secure IT networks. The current trend of applying “off-the-shelf” IT cryptographic protocols directly into industrial control systems has serious implications on the performance of the protection and control devices responsible for keeping the power system available and safe.
Protocols like TLS and IPsec are powerful encryption tools for Level 4 and 5, which focus more on confidentiality of data. But when you move to Level 2 and Level 1, the focus should shift more to accessibility. And that’s where these IT protocols are often misapplied in industrial control system environments and, in doing so, make it more difficult to detect intrusions in OT systems and to perform forensic investigations into cyber attacks. There are better strategies or technologies to use at this layer that allow for a certain amount of encryption but that focus more on authentication.Read the technical paper about IT cryptography in OT systems.
Cybersecurity is never “complete.” However, some standards approach cybersecurity as if it’s something you can check off a “to-do” list upon certification. The downside is that this can result in the thought that cybersecurity is done and doesn’t need further attention.
We believe that cybersecurity is a continuous cycle of assessing, augmenting, and analyzing. We believe you should think about cybersecurity on a daily basis, regardless of any certifications. That's why we base our ongoing efforts to secure critical infrastructure using the NIST Cybersecurity Framework.
The NIST Cybersecurity Framework naturally causes system owners to better understand security in a nonprescriptive manner.
We are here to support you. Take the steps today to advance the cybersecurity of your power system.Schedule A Consultation