With the threat of cybersecurity attacks against industry worldwide on the rise amid the war in Ukraine, which follows hard on the news about growing ransomware attacks on industry and the potential for control system incursions via log4j exploits, industrial companies of all sizes are turning a close eye to their own levels of cybersecurity protections.
The good news is there is no shortage of available information about how to protect your operations technology (OT) systems. In all this information, however, there are often references to the need for a “continuous OT monitoring solution to log and alert on malicious indicators and behaviors.” This particular reference comes from the CISA’s alert on advanced persistent threat actors increasing focus on industrial control system (ICS) supervisory control and data acquisition (SCADA) devices.
|Learn the cybersecurity lessons from the Colonial Oil cyber attack.|
In these government alerts that highlight the need for cybersecurity software, no specific products are mentioned. Consider that, how can you determine which is best for your operation.
Gabe Authier, senior product manager at Tripwire, a provider of security, compliance, and IT operations software, recommends using this 4-question guideline to evaluate the multitude of cybersecurity tools available.
- Why is it crucial to know what’s on your ICS network? Network monitoring systems provide the first line of defense when applications go down or when performance begins to deteriorate, says Authier, yet 64% percent of security leaders feel that they lack the tools and resources they need to monitor, 62 percent lack the tools and resources they need to analyze and understand, and 68 percent lack the tools and resources they need to mitigate external threats, according to research conducted by Ponemon Insitute. “It is not always easy to figure out what is running, much less whether or not it is configured properly,” he says. “But once you understand your current security posture, you can develop a strategy to assemble the assets and implement protocols to accomplish your security goals.”
- Does it test for regulatory compliance? In addition to detecting an unauthorized change on your industrial devices, cybersecurity software should aid in achieving and maintaining regulatory compliance with frameworks like IEC 62443, NERC CIP, NIST, and the Center for Internet Security’s CIS ISC CSC.
- How does it handle configuration security? Referencing a recent study by ServiceNow, Authier notes that 78% of chief information security officers are worried about their ability to detect intrusions and anamolies. He says this underscores the need for cyberscurity software to deliver not just best-in-class security, but integrity monitoring and configuration and compliance management with an extensible agent and agentless approach to data collection (i.e., data can be collected from your devices without needing to install additional software to do so).
- Will remediating suspicious changes cause system downtime? “One of the biggest concerns of control systems operators is that remediating suspicious changes will lead to an interruption in operations,” says Authier. Thus the importance of ensuring that the cybersecurity systems you’re reviewing can provide “centralized control of configurations across the entire physical and virtual IT & OT infrastructures, including multiple devices, platforms and operating systems, without interrupting operations,” he adds.
Authier points out that the Tripewire Enterprise cybersecurity software provides a single interface management system via “an agentless security solution which can be accessed from virtually anywhere to provide a comprehensive picture of security issues and actions. With automated continuous monitoring across different types of operating systems, industrial devices, and applications, industrial organizations now have a simplified and cost-effective solution for maintaining system hardening and continual proof of compliance for standards like IEC 62443, NERC CIP, NIST and CIS ISC CSC.”
|Read about how to protect your operations from log4j incursions.|