With the recent breach of the Oldsmar Florida Water Treatment Plant, China warning India they have the ability to turn the lights out, the United States and Russia going back and forth with probes into each other’s power grids, and research showing just how easy it is to gain unauthorized access to Industrial Control Systems, it comes at no better time that the US is releasing three new programs. These programs aim to help protect and secure our energy grid. CESER Acting Assistant, Secretary Patricia Hoffman, said “Securing U.S. critical infrastructure, particularly in the energy sector, is one our most important and complex national security challenges.” The three new programs are:
- Secure against vulnerabilities in globally-sourced technologies
- Develop solutions to electromagnetic and geomagnetic interference
- Cultivate research on cybersecurity solutions and new talent needed to deploy
At critical infrastructure facilities, much attention is put into physical security. Hiring security guards, placing cameras everywhere, gates, fences, and barbed wire is common place. However, much is left to do to properly secure the online, connected systems that are most vulnerable to attack. With limited budget, scarce support, and outdated systems, organizations are left with a daunting task of properly securing this infrastructure from attack while maintaining accessibility and availability.
The Department of Homeland Security has published the Seven Strategies to Defend Industrial Control Systems (ICS).
- Implement Application Whitelisting
- Ensure Proper Configuration / Patch Management
- Reduce Your Attack Surface
- Build a Defendable Environment
- Manage Authentication
- Implement Secure Remote Access
- Monitor & Respond
Following these strategies will help secure critical infrastructure to a better place, but that is not where it ends.
What else can you do?
nGuard has a wide array of experience helping energy and all types of critical infrastructure organizations secure their networks and meet security compliance goals via penetration testing, managed security solutions, and Cybersecurity Incident Response (CSIR) and we can help you too.