Cyber Attack Risk Mitigation
Attackers are devising ever-more sophisticated ways to illicitly access, inspect, and manipulate critical infrastructure control systems—and security practices and products are constantly evolving in turn.
Keeping up with the ever-changing cybersecurity threats can seem daunting, but there are several practical steps that all owners of critical infrastructure systems can begin taking immediately to mitigate the risk of a damaging cyber attack.
These practical steps do not directly address regulatory requirements or any particular cybersecurity framework. Instead, they provide a broad set of best practices intended to help you and your team cut through the complexity of cyber-attack protection and improve the overall security of your systems.
For help meeting regulatory requirements and implementing risk mitigation solutions, please contact SEL Cyber Services.
Know All Communications Paths to Your Assets
Securing all external and internal network access points is one of the most important things you can do to increase the cybersecurity of your system. Take an inventory of communications paths and the access points they require—and then disable all unused communications ports.
USB ports should also be considered, as they may be potential vulnerability points for viruses and malware propagated via thumb drives.
Having an alternate communications path for key system assets will minimize the impact of denial-of-service attacks. Security alarms should be sent through a second path as well.
Network access points include the following:
- Energy management system (EMS)
- Engineering access
- Telephone lines
- Network interconnections
SEL cybersecurity experts provide network assessments, OT system baselining services, and risk mitigation plans. We can provide detailed plans for you to follow or implement complete security solutions, depending on your needs.
Use Encryption and Authentication Tools
All communications access points should be secured with user access controls and authentication procedures. In addition, all communications entering or exiting the electronic security perimeter (ESP) should be encrypted to prevent man-in-the-middle attacks.
SEL layered cybersecurity products provide encryption, password management, secure access control, and device management for OT networks.
Practice a “Need-to-Know” Policy
Keep your designs safe, and limit access to system details to those who have a need to know in order to do their jobs. Be especially careful to protect the following:
- Instruction manuals
- Encryption equipment and keys
The SEL cybersecurity team provides comprehensive analyses of existing security plans, policies, and procedures as they relate to personnel, technology, and operations, including:
- Onsite inspection of control system communications and security hardware/software.
- Evaluation of electronic and physical perimeters.
- Assessment and documentation of open ports and/or services.
- Onsite interviews of operations personnel regarding security procedures.
Analyses include detailed reports, complete with findings and actionable suggestions for improvement.
Practice Security in Depth
A strong and effective security solution should have multiple layers of defense. Defense in depth should include:
- Layering security for cyber assets.
- Applying deny-by-default and whitelisting policies.
- Encrypting all data leaving the ESP and data being transported across public or untrusted networks.
- Implementing physical security.
- Logging and monitoring all physical and cyber activity.
- Baselining, monitoring, and logging all firmware updates and settings changes.
- Training personnel on security best practices.
- Creating a security-aware culture.
SEL cybersecurity professionals provide setup, documentation, and customer training on defense-in-depth best practices, including the following:
- Physical security and cybersecurity
- User accounts
- Proxy services
- Access controls
- Firewall rules
- Network security
Whether you need to manage one substation or hundreds, SEL can help you apply layered cybersecurity that maximizes reliability and minimizes the intrusiveness of controls on critical processes.
Develop an Incident Response Plan
Your organization should have a clear, concise plan that details how your company will respond to a cyber incident. Having a cybersecurity incident response plan in place the emergency occurs will help you mitigate potential damage and recover more quickly.
SEL helps companies build incident response plans that include the following recovery services:
- Development of an incident response playbook
- Restoration of system images
- Virus response and onsite support
- Investigation of unusual behavior in your substation or industrial control system
- Update and patch management maintenance services
- Document recovery
Use and Manage Strong Passwords
Implement these best practices to ensure that passwords protect access to devices and systems:
- Do not use default passwords.
- Change passwords periodically.
- Change passwords when people leave.
- Use different passwords in different regions.
- Control passwords.
SEL provides a comprehensive approach to effective password management. In addition to offering services to review security plans, policies, and procedures, we also create solutions that include products and training.
SEL equipment such as the SEL-3620 and SEL-3622 Ethernet Security Gateway products make it easy to manage passwords and access to IEDs. You can use virtually all printable ASCII characters and a password manager, such as KeePass or Lastpass, to generate long, complex passwords for each unique login you have.
SEL University also provides real-world, hands-on training in using SEL solutions to implement strong electronic access controls for critical assets.
Implement Security Awareness Training
Cybersecurity is achieved not merely by products and software, but by people. Some of the most damaging cyber attacks in history have exploited human weaknesses to bypass strong electronic security.
Creating a security-aware culture with appropriate education and training is vital to the continued success of any cybersecurity program.
Take advantage of our cybersecurity awareness and education resources—many of them free—to help build a security-aware culture in your organization.
Contact SEL Cyber Services
SEL cybersecurity professionals provide expert help with evaluating your control systems and communications networks and implementing solutions that mitigate cybersecurity risks.
We provide a comprehensive range of professional services that include system baselining, security roadmaps, and the design and implementation of complete OT networking and cybersecurity solutions.