Three Best Practices to Secure Critical Infrastructure

September 6, 2018

In the last few years, executives overseeing energy, utility and other industrial organizations have begun to worry about the threat of cyberattacks on our nation’s most critical infrastructures. Ten years ago, their main concerns were focused on safety or environmental risks. Back then, operators believed the virtual barricades, or air gaps, between networks and technologies were sufficient enough to defend against malware and cyberattacks.

Over the years that’s gradually changed, and today the industrial C-suite is acutely aware that cybercriminals, hackers, corporate espionage and state-sponsored actors have critical infrastructure and industrial environments in their sights. Last December, the TRITON attack against a petrochemical processing plant in the Middle East drove home the need to strengthen industrial control security.

There are important areas that executive teams should focus on in order to protect critical infrastructure and manage cyber risk associated with industrial operations. They include assessing and updating cyber defenses, improving network visibility, and establishing an effective preparedness plan ahead of possible attacks.

Three Important Best Practices to Strengthen Cybersecurity

The C-suite must manage industrial cybersecurity risk and protect their organizations’ reputations. Following three simple, yet important, best practices will allow your organization to prepare for the operational, business and industry reputation risks posed by cyberattacks on operational technology infrastructures.

Integrate Cybersecurity with Artificial Intelligence and Machine Learning

Advances in artificial intelligence now allow the process-oriented anomaly detection necessary to deliver the same levels of cyber protection in operational technology (OT) as in information technology (IT). Solutions that use machine learning to understand the OT environment can play a critical role in helping improve your OT security posture. By learning autonomously and adapting, as well as tapping into artificial intelligence, the right solutions can help manage alerts, reduce false positives and find the threats that might otherwise be lost in a flood of data. The end result is more effective threat mitigation and response.

Increase Visibility

Visibility into industrial networks and their risk exposure is key to improving critical infrastructure cyber resiliency and operational reliability. Effective visibility requires real-time network monitoring and a continuously updated network asset inventory.

Equally important is consolidated visibility across regional or multinational facilities. This helps reduce support costs, speeds troubleshooting and improves staff efficiencies. Facilities should be aligned to support visibility across the organization, so decisions can be made in context with the most accurate and up-to-date information.

Improve Preparation Planning

An important, yet often overlooked, part of an effective OT cybersecurity posture is a thoughtfully developed and well-rehearsed crisis response plan. On this topic we spoke with Standing Partnership’s Mihaela Grad, who advises industrial organizations on cybersecurity-related issues, crisis planning and reputation management. She recommends four key steps for getting it right:

Align all your crisis response plans: Assemble all existing policies, business continuity, operational and communications plans, plus reports that outline the risks your organization faces.
Build or update a cross-functional crisis team: Your crisis response team should include representatives from across the organization – safety operations, legal, IT/OT, customer service, communications, HR, etc. – spanning head office and remote operational units.
Develop a written plan: It’s best to have a written crisis response plan that contains response team members and responsibilities, assessment criteria, decision protocols and responses to scenarios most likely to impact your organization. A plan eliminates second-guessing and speeds up response time during a crisis. Ideally, it is reviewed and updated every six to 12 months.
Train your team: A plan without training isn’t worth much. Gather the cross-functional crisis response team at least once a year to run through the communications plan, and make sure members can execute seamlessly during high-stress situations.

Protecting the entire IT and OT environment is quickly becoming a business imperative for industrial executives. Organizations who acknowledge this threat are adopting technologies that provide real-time visibility for the best possible defense, and those who regularly practice an effective response plan will be well-equipped to meet the challenge.

This article originally ran in Today’s Cybersecurity Leader, a monthly cybersecurity-focused eNewsletter for security end users, brought to you by Security magazine. Subscribe here.

Edgard Capdevielle is CEO of Nozomi Networks

With the advent of Internet of Things (IoT) technology and Industrial Internet of Things (IIoT), the cyber security practices are increasingly getting integrated with the physical security practices.

We will provide insight on NDAA Section 889 and how the act has evolved and impacted business, so that organizations can better mitigate risk and stay compliant.