Cyber attacks can cause serious upheaval for critical services, impacting lives. The pandemic has forced us to enact our business continuity plans due to heightened exposure to phishing attacks on remote workers. Does more need to be done to scale up security measures to meet the broader need?
Whilst power and water authorities are well prepared to protect their assets in times of disaster, it is a good time to look at the digital risks that may affect critical infrastructures. With a paradigm shift in the way of working causing mass movement towards remote access to digital assets and critical infrastructure, it is important to consider controls that minimise effects of cyber attacks on workers or devices used remotely.
Some key aspects to consider are:
Business Continuity Management (BCM)
There is no doubt that most, if not all, organisations would have enacted on their existing BCM plans that would include plans to execute during a pandemic or similar crisis situation. The BCM would entail, but not be limited to, business impact analysis, response and communication strategies, minimum business operational requirements, and key stakeholder involvement. The BCM planning process must include the risks around potential cyber threats and mitigation strategies. This is an opportune time to review the BCM planning to strengthen the resilience of key business functions, including key cybersecurity employees where it relates to Information Technology or Operational Technology (OT) assets and its users, to bolster controls and practices.
Increased phishing awareness
With the current wave of emails, text messages and news reports circulating that keep us informed about the current pandemic, cyber criminals are deploying similar tactics to fraudulently gain credentials, steal your money or establish access to secure computerised systems. To protect against a phishing attack, the user needs to recognise these fake messages, avoid opening attachments, abstain from clicking embedded links and make sure suspicious messages are reported. Organisations implement technical controls to help prevent phising scams like identity theft and fraud; however, we do need to remain vigilant for more covert attempts to compromise access to critical systems. Now is a good time to refresh your OT cybersecurity awareness training and assess the effectiveness of security controls.
Secure remote access
Remote access has allowed many industries to continue to operate in a reduced capacity, avoiding potentially more severe impacts for plant operations. While this has helped to provide business continuity, many remote access solutions were only designed to allow a small group of pre-authorised personnel to access OT systems. To restrict access to networks and applications in the OT environment beyond the initial connection, procedural controls are used to define who can perform what task from which location, relying on the trust placed in their people to enact the policies. With this increase in the number of people remotely connecting to perform production monitoring, reporting, and troubleshooting of operational assets, it becomes more critical to define, enforce and monitor this remote access. These controls should include multi-factor authentication, privileged access management, session recording and network anomaly detection to enhance your IT/OT DMZ (demilitarized zone).
Over the next few months, we will learn that some traditions will be challenged and we will need to formally review and define cybersecurity strategies to protect identity, information and finances.
By working collectively and sharing insight we can focus on opportunities to secure your critical operations, help digitalise your operational processes and drive faster recovery for your business, all brought on by necessity and not choice.
Meet Peter
Peter Clissold has over 24 years of experience in the industrial automation, information management, industrial networking and OT cybersecurity fields of practice. As a senior cybersecurity consultant, Peter is focused on reducing cybersecurity risks for critical infrastructure operators, OT and IoT asset owners. He is passionate about helping organisations digitally transform, incorporating cybersecurity as a key enabler and traversing the IT/OT domains. For more information, contact Peter at T: +61 7 3316 3442.