Shulou(Shulou.com)06/01 Report--

Industrial cyber attacks are another form of "economic warfare" to advance the geopolitical agenda. Countries around the world are beginning to realize that IT cyber attacks are a new type of interest-driven crime, and we must see clearly that the current global industry and critical infrastructure have become potential targets (whether intentional or collateral damage) in the 21st century war launched by powerful opponents.

The storm is forming. Are you ready?

Russia's infiltration of US energy facilities, state-backed Triton and NotPetya attacks, and other similar incidents described in FBI/DHS 's TA18-074A alert are evidence that the war is continuing. Last month, Symantec reported complex infiltration into the control systems of US satellite operators, defense contractors and telecommunications companies, allegedly attacking computers in China. The report said the series of attacks were coordinated espionage aimed at eavesdropping on military and civilian communications. After gaining control of the hacked system, the hacker can even change the position of the orbiting satellite and transmit the terminal data.

This is not alarmist talk. The global industrial equipment has become the target of hackers. The security of these devices has been neglected for a long time. We must act as soon as possible to protect these very important and critical infrastructure. The security of complex systems is not easy and requires time, money and commitment from senior management. So what can we do to reduce the risk immediately?

The highest eminence is to be gained step by step

The road to better situational awareness and risk reduction starts with the following seven steps:

1. Acknowledge the reality

It is well known that operational technology (OT) is the foundation of a company's business operations, but it is also important to recognize that these networks are also strategically important to competitors-they are the key to a company's operations and cause widespread business disruptions in the event of a failure, so they are attractive targets in the eyes of competitors. Recognizing this, you must make an honest assessment to see if the security status of your ICS network is commensurate with its value as a target. For decades, the security process and investment of most enterprises have been driven by protecting the data stored in IT systems, while the OT environment has been neglected. IT network security solutions are not suitable for OT networks, which are easily ignored by corporate security teams and are more exposed than they thought.

two。 Ask sharp questions

Driving a change in the company's security posture begins by asking very tough questions and getting answers that can be uncomfortable. Who is responsible for monitoring and protecting the ICS network? Is there collaboration between the security team and the operations team? Did these teams get together to discuss ICS network security strategy? Have you done a risk assessment of these networks to understand what your own security vulnerabilities are and prioritize them? Did the leadership of the company notice the risk exposure?

3. Mark the blind spot

The absence of evidence does not mean that there are no malicious hackers in the corporate network. The normal operation of the system does not mean that there are no potential security problems. Any attacker who tries to infiltrate the network will want you to think that the system is working properly. About the OT environment, be honest about what you know (not what you think you know but really clear) and what you don't know. Find your own blind spot and quantify the impact of the blind spot.

4. Lay a good foundation

Start increasing the visibility of the company and figuring out the risks of the OT environment-even if you can't fix everything in the short term. Audit your own network separation. A really solid network separation is the most important step for asset owners to protect their OT environment. Network separation does not only refer to the isolation between IT network and OT network, but also refers to the isolation in OT network environment. The isolation of IT and OT networks can make it more difficult for attackers to infiltrate OT networks and greatly reduce the "overflow" damage of IT network attacks. Isolation in the OT network environment makes it difficult for attackers to move horizontally to gain access to more systems even if they build a bridgehead on the OT network.

5. Make the OT network visible

A fundamental problem that makes it difficult for many companies to effectively protect their OT environment is the lack of visibility into their own ICS network structure. A handful of companies that are at the forefront of providing network visibility can attest to the fact that deploying private network monitoring can often identify network terminals that are not known to the security team that should not have access to a particular network or are communicating in an unexpected way. Obviously, it can't be protected if you can't see it. Therefore, we should adopt technologies that provide visibility at all levels of the corporate OT network, down to the serial / fieldbus level, and integrate that visibility and OT-specific threat detection in the IT Security Center.

6. Extend incident response and regulation

Network risks must be fully managed, which means strict monitoring, management, and reporting operations are applied uniformly in OT and IT environments. The most important thing is to ensure that there is someone responsible for the security of the OT system. This role is not for anyone to play, but someone who is respected by the operations team and can drive the progress of the business. Network security is always on the road, there is no end, there must be strong leaders to grasp the right direction. Who should be reported by the head of security? Many companies are often confused about this. However, the reporting structure is not as important as leadership and the ability to advance the security process. The head of OT security reports and notifies the head of operations to the CISO, or vice versa, there are success stories.

7. Educate executives and directors about the dangers of potential security incidents

This step is related to step 6 because the company's leaders, directors and executives are legally responsible for managing the company's risks. However, while the visibility of industrial network risk is increasing, the leaders of many enterprises still do not know that they know nothing. Security personnel naturally understand the technical risk; by letting the leadership see the risk and its associated business impact, they can naturally help drive change. Visibility drives understanding, understanding driving urgency, urgency driving action.

It doesn't matter if you don't have a full understanding of the answers to the above questions.

Churchill once said: "perfection is the enemy of progress." It may be difficult to determine where to start to assess industrial network risks and arrange mitigation steps. Starting with the above steps, you can bring the best risk reduction ratio and make your company safe and formal. You don't have to wait for the perfect solution; start here and iterate. The most important thing is to start now!

This article is reproduced from "Safety cattle", original author: nana

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.