Keeping Critical Infrastructure Cybersecurity in Clear Focus during COVID-19
Our world has changed dramatically over the last few months with the COVID-19 pandemic setting in motion changes that will alter our lives possibly forever. As I think about how my personal habits have changed, I naturally also consider how to help our clients adjust protection of their critical systems during unusual times like these.
We could likely see future disruptions such as:
National-level quarantines with restricted travel among states and cities
Local quarantines at the city and town level resulting in restricted regional travel
The presence of an ill family member creating the need for others to self-quarantine and stay away from their workplace, or be quarantined separately from their family
Companies banning non-employee visitors from accessing their facilities
Cancellation of meetings, events or projects involving groups of people
Companies splitting shifts and physically separating people as much as possible
Companies enacting partial or whole disaster-recovery plans
So, our future industrial network architectures must be able to function amid such disruptions.
Risk Mitigation Steps During a Crisis
From a cybersecurity standpoint, here are a few areas to consider for mitigating the potential impact of the pandemic situation.
When there is only minimal staff available to monitor and diagnose security incidents, everyone needs to be aware of security management protocols. I'm advising facility owners to double down on training for areas of concern:
Spotting potential malware behaviors
Recognizing social engineering cyberattacks
Establishing protocols for reporting possible security threats
Review Assumptions and Incident Plans
All assumptions must be reviewed. Schedule a brief weekly status call with key members of the incident response team to update assumptions. The incident response contact list that you crafted during normal times may no longer be valid in light of the potential disruptions described above. Crisis Communication Plans must be created or checked for accuracy. Be sure employees know how to reach the Security Operations Center, leadership team and other critical incident response staff.
Check Event Logs Daily
This may seem rudimentary but staff must check security event logs daily, especially if no 24/7 NOC (network operations center) or SOC (security operations center) is in place. Reviewing event logs will help you keep a pulse on network activity. Most experts agree that major security breaches don't occur as one single event, but result from elaborate plans crafted over time through techniques such as fingerprinting, phishing, and network eavesdropping. The sooner you are aware of suspicious activity, the more success you'll have at mitigating an attack.
Throttle Remote Access
Evaluate who has remote access into critical systems, and then limit or restrict access until normal operations resume. If remote access is needed, consider adding an additional defense layer such as a phone call or secure email to the appropriate site personnel before the remote session is initiated, and again after the session is terminated.
Know What the Threats Are
Stay up to date on current threats. During weekly status meetings, discuss any questionable activities noticed during the week at the local level, and from other company sites, across the industry, and nationally. Use resources from websites like the Department of Homeland Security (DHS), Federal Emergency Management Agency (FEMA), Information Sharing and Analysis Centers (ISACs), Federal Bureau of Investigations (FBI), and others to stay aware.
Please review our “Quick ICS Cybersecurity Checklist During COVID-19 Pandemic” for additional guidance.
Even when the world is at a standstill, those of us who help protect critical infrastructure must remain diligent and alert. If our minds are distracted, our defenses are weakened. As the world recovers from this national pandemic, and I have no doubt that we will fully recover and be stronger for our resolve and endurance, these past two months remind me that, as an industrial control systems cybersecurity practitioner, I must vigilantly keep my team and client's eyes clearly focused on the bigger picture, maintaining the nation's critical infrastructure that provides the essential services that underpin American society.
Stay safe and God Bless.