BLOG

October 11, 2021

Small Business Cyber Security Response and Recovery. Part IV – Resolve the incident

How to prepare for a cyber incident, from response through to recovery Part 4 – Resolve the incident Once you identified what type of cyber attack you have been subject to, collected all the necessary information on it, and contained the incident (these steps were described in part 3 of this series) it is time to resolve the situation and get your business up and running as soon as possible. This includes making sure that all your IT infrastructure is functioning normally and any problems caused by the attack have been fixed.

The Top 20 Secure PLC Coding Practices. Part 4 – Leave operational logic in the PLC wherever feasible

06.10.2021

Leave as much operational logic e.g., totalising or integrating, as possible directly in the PLC. The HMI does not get enough updates to do this well. Security Objective Target Group Integrity of PLC Logic Product Supplier Integration / Maintenance Service Provider Asset Owner Guidance HMIs provide some level of coding capabilities, originally aimed to help operators enhance visualisation and alarming, that some programmers have employed to create code that should rather stay in the PLC to remain complete and auditable.

The Top 20 Secure PLC Coding Practices. Part 3 – Track operating modes

06.10.2021

Keep the PLC in RUN mode. If PLCs are not in RUN mode, there should be an alarm to the operators. Security Objective Target Group Integrity of PLC Logic Integration / Maintenance Service Provider Asset Owner Guidance If PLCs are not in RUN mode (e.g., PROGRAM mode), their code could be changed to track the RUN mode. Some PLCs have a checksum to alert for code changes, but if they do not, there’s at least an indirect indicator of a potential issue while tracking operating modes: If PLCs are not in RUN mode, there should be an alarm to the operators.

Small Business Cyber Security Response and Recovery. Part III – Identify what’s happening

05.10.2021

How to prepare for a cyber incident, from response through to recovery Part 3 – Identify what’s happening In order to be able to mitigate a cyber incident one has to be aware in the first place that a cyber incident has taken or is taking place. It might sound obvious, but in the case of a cyber incident, it is not necessarily the case. According to the IBM security ‘Cost of a Data Breach Report 2021’, the average number of days it took to identify and contain a data breach was 287.

Small Business Cyber Security Response and Recovery. Part II – Prepare for incidents

28.09.2021

How to prepare for a cyber incident, from response through to recovery Part 2 – Prepare for incidents Identify critical assets, systems, and contacts Critical assets Establish what type of digital information is necessary to allow your enterprise to continue its operations. Depending on the type of main business activities this will vary but a certain type of data will most likely be common for all businesses – contact details, email, calendars, and essential documents.

The Top 20 Secure PLC Coding Practices. Part 2 – Modularise PLC code

23.09.2021

Split PLC code into modules, using different function blocks (sub-routines). Test modules independently. Security Objective Target Group Integrity of PLC Logic Product Supplier Guidance Do not program the complete PLC logic in one place e.g., in the main Organisation Block or main routine. Instead, split it into different function blocks (sub-routines) and monitor their execution time and their size in Kb. Create separate segments for logic that functions independently. This helps in input validation, access control management, integrity verification etc.

Small Business Cyber Security Response and Recovery. Part I – Introduction

21.09.2021

Part 1 – Introduction These days most businesses rely on computers and the internet to do business. As they do so they become more and more dependent on the digital information they store, use and exchange within the business and to interact with other businesses and organisations. This inadvertently gives rise to the possibility of something unexpected happening in the business’s cyber dimension – a cyber incident. A cyber incident can happen because of an accidental event – such as accidental damage to the IT infrastructure caused by fire, flood, theft, or some other occurrence.

The Top 20 Secure PLC Coding Practices. Part 2 – Modularise PLC code

16.09.2021

For many years, the workhorses of industrial automation as some call the Programmable Logic Controllers (PLCs) have been insecure by design. Several years into customising and applying best practices from IT gave rise to secure protocols, encrypted communications, network segmentation etc. However, to date, there has not been a focus on using the characteristic features in PLCs (or SCADA/DCS) for security, or how to program PLCs with security in mind. This gap has been filled now with the PLC Security Top 20 List project initiated with Jake Brodsky’s talk at the S4 annual event in Miami Beach in 2020 (see link to talk below this article).

The Top 20 Secure PLC Coding Practices. Part 1 – Introduction

16.09.2021

Small Business Cyber Resilience Improvement Guide. Part VI – Avoiding phishing attacks

14.09.2021

Part 6 – Avoiding phishing attacks A phishing attack is a social engineering tool combined with technology. The most common type is an email that is sent with the intent to obtain privileged information (such as access to various accounts) or containing links to a malicious website intended to cause harm. The following are some tips to help you minimise the possibility of becoming a victim of a phishing attack: