BLOG

October 27, 2022

Defense in Depth strategies – Part 2

Introduction to Defense-in-Depth strategy elements Defense in Depth is a combination of people, technology, operations, and adversar­ial awareness that creates a shield of security countermeasures. The setup of this shield must constantly be adjusted and refined to protect against known and emerging threats. Applying Defense-in-Depth strategies to ICS environments improves security by raising the “cost” of an intrusion while improving the probability of detection and capability to defend against a malicious threat actor.

Read more
Defense in Depth strategies – Part 1
Defense in Depth strategies – Part 1

19.10.2022

The days of physical separation between the corporate and operational domain, which together with the ‘security through obscurity’ approach were the main protective measures for ICS, are a tale of the past. Modern control system architectures, business requirements, and cost control measures result in increasing integration and interconnectedness of corporate and ICS IT architectures. The advantages of this shift in ICS management are many, such as: New and more efficient methods of communication More robust data collection and aggregation methods Quicker time to market Interoperability However, the integration of control system architectures with contemporary IT-based computing and networking capabilities introduces risks previously not encountered in isolated ICS.

More
IEC62443 – Examples of practical requirements implementation – Part 4
IEC62443 – Examples of practical requirements implementation – Part 4

13.10.2022

Security Assurance Level 3 By definition should an SL3-compliant system be able to withstand intentional violation of its integrity by the use of sophisticated means with moderate resources, IACS-specific skills, and moderate motivation. In practical terms, it means that a system should be able to withstand attacks carried out by cybercriminals, competitors, professional cyber thieves, or hacktivists. To fulfill this requirement, IEC 62443-3-3 defines a further 30 requirements (or enhancements to SL2) necessary for a control system to be compliant with SL3.

More
IEC62443 – Examples of practical requirements implementation – Part 3
IEC62443 – Examples of practical requirements implementation – Part 3

06.10.2022

Security Assurance Level 2 Additionally, to the specification of SL1, IEC 62443-3-3 defines a further 23 requirements (or enhancements to SL1) necessary to be compliant with SL2. The most prominent of them are: Just as in the case of SL1 a good number of requirements cover the area of Identification and Authentication Control. The main difference lies in the fact that in addition to authenticating and authorising human users, SL2 adds software processes and users to the list, and wireless users are verified against certificates issued by certificate authority added to the network, whereas before it was the network infrastructure itself conducting the authentication process.

More
Anti-patterns in security architecture – part 1
Anti-patterns in security architecture – part 1

04.10.2022

An Anit-pattern is a common solution or repeated behaviour that is ineffective or has the potential to create more problems than the advantages it is supposed to bring. In security architecture, an anti-pattern is a system design that should be avoided for security reasons. Here is a list of solutions that can cause potential problems, aka anti-patterns. ‘Browse-up’ for administration Management bypass Back-to-back firewalls Building an ‘on-prem’ solution in the cloud Uncontrolled and unobserved third-party access The un-patchable system ‘Browse-up’ for administration These days for a regular computer to operate off-line is most unusual.

More
IEC62443 – Examples of practical requirements implementation – Part 2
IEC62443 – Examples of practical requirements implementation – Part 2

28.09.2022

The IEC 62443 defines four Security Assurance Levels required for the safe operation of ICS systems mapped to the type of possible attack the security level is designed to address. Each ICS must fulfil the requirements applicable to one of the security levels. Reference architecture To increase the ICS system security, its architecture will have to be adjusted accordingly. Below is a sample network reflecting these changes. Security Assurance Level 1 (SL1) Reference Architecture The implementation of SL1 requirements directly impacts the ICS’ network architecture by separating new network segments and introducing network zones boundaries protection.

More
Enterprise Connected Devices – a cyber security challenge – Part 2
Enterprise Connected Devices – a cyber security challenge – Part 2

26.09.2022

Enterprise Connected Devices (ECDs) are all the devices that interact with, hold, or process an organisation’s data and can include end-user devices such as laptops and smartphones, physical devices connected to the Internet (IoT) such as cameras, and distinct ECDs (devices for specific use for enterprises). ECDs are an attractive target for various rogue actors due to the potential access of valuable, sensitive, or personal data, which can be turned into a financial gain once acquired.

More
IEC62443 – Examples of practical requirements implementation – Part 1
IEC62443 – Examples of practical requirements implementation – Part 1

22.09.2022

IEC 62443 – an introduction In the last decade, industrial automation systems have become the subject of an unprecedented scale of cyber-attacks. Along with the scale of these attacks, their technical sophistication also increases, causing a constantly growing level of threat to these systems. In response to this situation, based on the work and experience gathered by the Industrial Automation and Control System Security standards committee (ISA99) the International Electrotechnical Commission (IEC) approved in 2021 the IEC 62443 family of standards that provide a realistic and achievable model to mitigate security threats in the Industrial Automation Control System.

More
Enterprise Connected Devices – a cyber security challenge – Part 1
Enterprise Connected Devices – a cyber security challenge – Part 1

20.09.2022

What are Enterprise Connected Devices? Enterprise Connected Devices (ECDs) are devices that interact with, hold, or process an organisation’s data and can include such device classes as: End user devices (EUD) – laptops and smartphones including BYOD (private devices used also for work purposes) Internet of Things (IoT) – physical devices (such as cameras) connected to the internet can collect and share data. Connecting these devices to the internet and adding sensors and mechanisms to interact with their surrounding environment adds a level of digital intelligence to them and enables them to communicate real-time data without the necessity to involve a human being.

More
Karakurt Data Extortion Group
Karakurt Data Extortion Group

12.09.2022

Just over three months ago, on June 1st, the FBI, the Cybersecurity & Infrastructure Security Agency (CISA), the US Treasury Department and the Financial Crimes Enforcement Network (FinCEN) jointly issued a Cybersecurity Advisory on the Karakurt Team (Karakurt Lair). This comes nearly seven months after Accenture reported on this group dating their first activities back to June 2021 when they registered domains with their name followed by a Twitter handle.

More