BLOG

December 7, 2022

Defense in Depth strategies – Part 8 – Host Security

Host Security The key concept of Defense in Depth is the fact that there are multiple layers of security implemented throughout the system. And so, after protecting the devices within the OT network from an outside attack with the use of policies, zones and firewalls, the next layer of security is applied directly to the hosts within the OT environment by: Installing and configuring a host-based firewall Implementing a rigorous password policy: Replacement of all default passwords Strong passwords Enforced password change on a pre-defined schedule (every 30 to 90 days) Installing screen savers with short intervals and with a password required to log in where possible Installing and keeping operating systems and hardware firmware patched up to date Configuring and monitoring logs on the device Disabling unused or unnecessary services and accounts Replacing insecure services (telnet, RSH, rlogin) with more secure alternatives Restricting access to services that one cannot disable (where possible) Making and testing backups of the system in a consistent manner if not centrally controlled Securing laptops and other portable and mobile devices not continuously connected to the network Patch and Vulnerability Management Applying patches to ICS components can interfere with the ICS function.

Bring Your Own Device Security Strategies – Part 4

06.12.2022

Additional costs, implications, and best practices of BYOD The implementation of BYOD introduces new variables in the organisational, legal, and cost domains of the enterprise. Additional costs Allowing the employees to use their own devices will increase the variety of hardware and software combinations which will in return entail increase support costs. More different types of devices More different operating systems that need patching and be kept up to date Responding to security incidents related to an increased variety of devices and operating systems Repairs The enterprise must decide how it will handle the issue of repairs of BYOD devices should the need arise.

Defense in Depth strategies – Part 7 – Security Architectures

30.11.2022

Security Architectures Once an organization has designed and implemented a robust network architecture, they have established the security architecture for the network and systems. The security architecture includes the specific controls and their strategic placement within the network or systems to establish layers of security—Defense in Depth. Security controls must be applied at the network, system, application, and physical layers to provide information assurance. The security controls include: policy and security management, application security, data security, platform security, network and perimeter security, physical security, and user security.

Bring Your Own Device Security Strategies – Part 3

29.11.2022

Developing BYOD policy Having established BYOD objectives, user needs, and the level of risk an enterprise is willing to take, the next step is developing the policy. A policy is essential to outline the responsibilities of the enterprise and its employees in regard of BYOD. Policy Goals The policy should cover the following areas: Define the scope of tasks employees will be allowed to perform from their devices. Define the tasks employees will not be permitted to perform from their devices.

Defense in Depth strategies – Part 6 – ICS Network Architectures

23.11.2022

ICS Network Architectures The integration of once isolated ICSs helped enterprises to manage complex environments, however, merging a modern IT architecture with an originally isolated production environment that may not have any or very few cyber security countermeasures in place introduces potential vulnerabilities which must be resolved before issues arise. Some of the most common factors are: Insecure connectivity to internal and external networks Technologies with known vulnerabilities, create previously unseen cyber risks in the operational domain In order to countermeasure this the nowadays widely accepted integrated architecture Purdue Model was designed to define best practices for the relationship between the ICS and corporate networks.

Bring Your Own Device Security Strategies – Part 2

21.11.2022

Before implementing Bring Your Own Device solution an enterprise must gain clarity in the following four areas: Objectives User needs Risks Exploring alternatives Objectives The first step an enterprise must take is to become clear about what it wants to achieve by implementing BYOD. In order to establish its objectives, the following questions have to be addressed: Is BYOD intended to be an interim or long-term solution? Long-term solutions require a different approach such as regular reviews.

Defense in Depth strategies – Part 5

17.11.2022

Physical Security in ICS environment Physical security controls are any physical measures, either active or passive, that limit physical access to any information assets in the ICS environment. Organizations employ these measures to prevent undesirable system impacts such as the following: Unauthorized physical access to sensitive locations; Physical modification, manipulation, theft or another removal, or destruction of existing systems, infrastructure, communications interfaces, personnel, or physical locations; Unauthorized observation of sensitive information assets through visual observation, note-taking, photographs, or other means; Unauthorized introduction of new systems, infrastructure, communications interfaces, or other hardware; and Unauthorized introduction of devices intentionally designed to cause hardware manipulation, communications eavesdropping, or other harmful impact such as a universal serial bus (USB) memory device, wireless access point, or Bluetooth or cellular device.

Bring Your Own Device Security Strategies – Part 1

15.11.2022

Bring Your Own Device (BYOD) Introduction Bring Your Own Device is an arrangement whereby the employees are permitted to bring their own personally owned devices such as laptops, tablets, or mobile phones to work and to use them to access the enterprise’s resources. This form of use of personal devices for work became especially widely spread with the onset of the COVID-19 pandemic where many companies enabled remote and flexible working arrangements to get the work done.

Defense in Depth strategies – Part 4

09.11.2022

Risk Management Approach – Asset Inventory and Risk Characterisation The attack surface for an operation includes all the vectors associated with gaining access to the systems or equipment considered critical to business operations. To implement controls necessary to reduce the attack surface for critical assets, an organization must first identify the systems and components they consider business or mission critical. Then they must determine the criticality of the assets based on its function and importance to business operations.

Defense in Depth strategies – Part 3

03.11.2022

Risk Management as a Defense-in-Depth strategy element for ICS Understanding the business risk associated with ICS cybersecurity and managing that risk is the first stop to improving the enterprise’s cybersecurity posture. Indispensable in the application of a Defense in Depth layered cybersecurity approach is: a clear understanding of the threats to the business the operational processes and technology used within the organization its unique functional and technical requirements Multitier Risk Management Integration In order to integrate the ICS risk management process throughout the enterprise, a three-tiered approach should be deployed to address the risk at the following level