Cybersecurity Resources

Cyber Attack Risk Mitigation

Attackers are devising ever-more sophisticated ways to illicitly access, inspect, and manipulate critical infrastructure control systems—and security practices and products are constantly evolving in turn.

Keeping up with the ever-changing cybersecurity threats can seem daunting, but there are several practical steps that all owners of critical infrastructure systems can begin taking immediately to mitigate the risk of a damaging cyber attack.

These practical steps do not directly address regulatory requirements or any particular cybersecurity framework. Instead, they provide a broad set of best practices intended to help you and your team cut through the complexity of cyber-attack protection and improve the overall security of your systems.

For help meeting regulatory requirements and implementing risk mitigation solutions, please contact SEL Cyber Services.

Contact SEL Cyber Services

SEL cybersecurity professionals provide expert help with evaluating your control systems and communications networks and implementing solutions that mitigate cybersecurity risks. We provide a comprehensive range of professional services that include system baselining, security roadmaps, and the design and implementation of complete OT networking and cybersecurity solutions.

Know All Communications Paths to Your Assets

Securing all external and internal network access points is one of the most important things you can do to increase the cybersecurity of your system. Take an inventory of communications paths and the access points they require—and then disable all unused communications ports.

USB ports should also be considered, as they may be potential vulnerability points for viruses and malware propagated via thumb drives.

Having an alternate communications path for key system assets will minimize the impact of denial-of-service attacks. Security alarms should be sent through a second path as well.

Network access points include the following:

  • SCADA
  • Energy management system (EMS)
  • Engineering access
  • Maintenance
  • Telephone lines
  • Wireless
  • Internet
  • Network interconnections

SEL cybersecurity experts provide network assessments, OT system baselining services, and risk mitigation plans. We can provide detailed plans for you to follow or implement complete security solutions, depending on your needs.

Use Encryption and Authentication Tools

All communications access points should be secured with user access controls and authentication procedures. In addition, all communications entering or exiting the electronic security perimeter (ESP) should be encrypted to prevent man-in-the-middle attacks.

SEL layered cybersecurity products provide encryption, password management, secure access control, and device management for OT networks.

Practice a “Need-to-Know” Policy

Keep your designs safe, and limit access to system details to those who have a need to know in order to do their jobs. Be especially careful to protect the following:

  • Computers
  • Passwords
  • Software
  • Instruction manuals
  • Encryption equipment and keys

The SEL cybersecurity team provides comprehensive analyses of existing security plans, policies, and procedures as they relate to personnel, technology, and operations, including:

  • Onsite inspection of control system communications and security hardware/software.
  • Evaluation of electronic and physical perimeters.
  • Assessment and documentation of open ports and/or services.
  • Onsite interviews of operations personnel regarding security procedures.

Analyses include detailed reports, complete with findings and actionable suggestions for improvement.

Practice Security in Depth

A strong and effective security solution should have multiple layers of defense. Defense in depth should include:

  • Layering security for cyber assets.
  • Applying deny-by-default and whitelisting policies.
  • Encrypting all data leaving the ESP and data being transported across public or untrusted networks.
  • Implementing physical security.
  • Logging and monitoring all physical and cyber activity.
  • Baselining, monitoring, and logging all firmware updates and settings changes.
  • Training personnel on security best practices.
  • Creating a security-aware culture.

SEL cybersecurity professionals provide setup, documentation, and customer training on defense-in-depth best practices, including the following:

  • Physical security and cybersecurity
  • User accounts
  • Proxy services
  • Access controls
  • Logging
  • Firewall rules
  • VPNs
  • Network security

Whether you need to manage one substation or hundreds, SEL can help you apply layered cybersecurity that maximizes reliability and minimizes the intrusiveness of controls on critical processes.

Develop an Incident Response Plan

Your organization should have a clear, concise plan that details how your company will respond to a cyber incident. Having a cybersecurity incident response plan in place before the emergency occurs will help you mitigate potential damage and recover more quickly.

SEL helps companies build incident response plans that include the following recovery services:

  • Development of an incident response playbook
  • Restoration of system images
  • Virus response and onsite support
  • Investigation of unusual behavior in your substation or industrial control system
  • Update and patch management maintenance services
  • Document recovery

Use and Manage Strong Passwords

Implement these best practices to ensure that passwords protect access to devices and systems:

  • Do not use default passwords.
  • Change passwords periodically.
  • Change passwords when people leave.
  • Use different passwords in different regions.
  • Control passwords.

SEL provides a comprehensive approach to effective password management. In addition to offering services to review security plans, policies, and procedures, we also create solutions that include products and training.

SEL equipment such as the SEL-3620 and SEL-3622 Ethernet Security Gateway products make it easy to manage passwords and access to IEDs. You can use virtually all printable ASCII characters and a password manager, such as KeePass or Lastpass, to generate long, complex passwords for each unique login you have.

SEL University also provides real-world, hands-on training in using SEL solutions to implement strong electronic access controls for critical assets.

Implement Security Awareness Training

Cybersecurity is achieved not merely by products and software, but by people. Some of the most damaging cyber attacks in history have exploited human weaknesses to bypass strong electronic security.

Creating a security-aware culture with appropriate education and training is vital to the continued success of any cybersecurity program.

Take advantage of our cybersecurity awareness and education resources—many of them free—to help build a security-aware culture in your organization.

Questions? Contact Us!

If you have any questions about SEL products, services, solutions, or support, please contact us. Our service and support professionals are ready to provide the answers you need.

Unbeatable Support

SEL support teams are stationed in regional offices around the world and staffed with application engineers who are experts in our products and in power system applications.

Technical support for SEL-manufactured devices is always free. No matter how often you need to call or how long your SEL products have been in service, you’ll reach an SEL expert who can provide the service and support you need.

Our cybersecurity team is always ready with the information and resources needed to keep your OT networks and critical systems secure and working effectively. Cyber services support contracts can include incident response, audits, system hardening, and more, depending on your anticipated needs.

More about SEL warranty and support