5 BEST PRACTICES TO SECURE ICS AND OT DATABASE SYSTEMS AND ENVIRONMENT
It is vital to put in place a security plan to protect your company’s Industrial Control Systems (ICS) and Operational Technology (OT) database systems and prevent ransomware attacks that has been increasing in occurences in the past 2 years.
A study done in 2014 by ARC called “The Future of Industrial Cyber Security”, highlighted the need for a developed security plan for organizations. The study recommended that industrial companies should focus more on cures and not remedies as many companies in the industrial sector find themselves solving a bigger problem when an attack has already occured.
Case in point was the ransomware attack that happened to a natural gas compression plant that shut down for two days, which was reported by the Cybersecurity and Infrastructure Security Agency (CISA). The threat actor used the Spear Phishing link to first gain access to the Windows 10 systems used in the plant and then infiltrated its network. The company regained control after the attack, but it required the need to maintain best cybersecurity practices in ICS and OT environments.
Attacks like the above mentioned and many more are increasing and it is advisable for companies to invest more effort in establishing the necessary best practices to protect ICS and OT database systems and environments. By establishing a cybersecurity plan based on top best practices, organizations can establish a baseline understanding of their existing security posture and start to develop an effective long-term strategy for maintaining overall security and system health for their ICS / OT database systems and networks.
In this article, we share 5 best practices that can help in protecting and securing your company’s ICS / OT database systems and networks.
5 BEST PRACTICES TO SECURE ICS AND OT SYSTEMS
ICS and OT security best practices are technologies that can be used to protect people, infrastructure and critical information used to monitor and control physical assets, operations and events. Applying all of these practices recommended below can ensure that your game plan is at par in securing your company’s ICS / OT assets and networks.
1. APPLY APPLICATION WHITELISTING
Application Whitelisting is a proactive OT security strategy that allows individual administrators to pre-approve and run programs. Essentially, whitelisting applications in an OT environment prevent malware from penetrating endpoints, systems, and networks and executing commands. Control over which programs can be run on a user system lies with the administrator, not the end user, and can be obtained through normal operations. Programs that are missing from the whitelist are blocked.
2. PERFORM PROPER PATCH MANAGEMENT
Many companies have lost millions of dollars because of ransomware infiltration on industrial and control processes. An example is an event in 2016 where a vulnerability was discovered in Microsoft systems. Although Microsoft has released a patch, most organizations have failed to download it and have stuck to an old version that is now obsolete.
This loophole was exploited by the WannaCry Ransomware and the Cryptoworm. Over 200,000 computers in 150 countries had encrypted their data, which we never released, unless the user paid a ransom. Maersk is one of the companies that was attacked as it was not able to download the new patch released by Microsoft, which would have saved it from the attack and have its systems breached. The world’s largest shipping container company had its global operation shut down for 3 days and lost over $300 million.
Hacking is poison, and patch management is the antidote. Patch management is an ongoing effort to manage patches installed on your IT infrastructure like IIoT devices, workstations, servers, VoIP phones etc. ATS has developed efforts in developing ICS patch management with many industrial companies inquiring about this more today than before.
3. UNDERSTAND AND REDUCE YOUR ATTACK INTERFACE
The attack interface is the multiple ways in which threat actors infiltrate your systems and extract critical data. If you understand and reduce your attack interface, you can reduce the threat to your ICS / OT systems and networks from cyber risks. Two basic areas of attack include devices and people.
Recent data show that in 2020, there were already 50 billion connected devices (IoT). The exponential increase in the amount of data generated, combined with potential vulnerabilities and cyber threats in software and operating systems, means that there will be more attacks in the future.
To reduce the attack area, organizations must evaluate their vulnerabilities, protect weak connections, and monitor discrepancies. The Tripwire Whitepaper explains in detail how to understand and reduce your attack area. Containment of infringements prevents threats from abusing systems. Since sophisticated malware such as ransomware has spread exponentially over the last two decades, there is a need for security and operations centers to further develop their techniques for containing, detecting and monitoring malicious traffic on their infrastructure and networks.
4. ESTABLISH LAYERS OF PROTECTION AND CREATE A DEFENDABLE ENVIRONMENT
To secure the OT systems and environment, multiple layers or protection should be established and these layers are:
- Pre-Breach or Mitigation: To stop the threats from entering the system
- Active Breach: Set up systems to isolate any threat that is hiding from your malware protection.
- Post-breach: In the case of endpoint detection and response (EDR), it makes sense to isolate the infected system. This phase is connected to the active break layer. It searches for known indicators of compromise, such as boot packets and data collection, to allow investigators to determine whether a system on the network has the same files as the compromised system. It also detects if the malware is still active. The active infringement phase means setting up the system to isolate a threat that disguises itself with your malware protection.
- Active Monitoring: After a system has been set up to protect against flagged malware, the next step is to monitor the network around the clock. Protocols should be sent to your internal SoC and third-party SoC so that they can become active in case of alerts. Monitoring should be uniform and up-to-date. Malware can mask itself for months on OT systems.
5. APPLY AUTHENTICATION MANAGEMENT
Authentication prevents threat actors from presenting IoT devices with the intention of stealing confidential data, images, chat history, conversations and sensitive data. If a password is required, set up a secure password policy that prioritizes length and complexity. Change your passwords every 90 days to ensure that your login credentials are unique. You can also set up multi-factor authentication to limit the privileges a user needs to perform these tasks.
With the rising number of malware and ransomware attacks globally, these 5 best practices can aid in securing your company’s ICS and OT database systems and networks and avoid big infrastructure, reputation and financial losses in the long run.
If you need more assistance in how to secure your company’s ICS and OT systems, you can reach out to our ATS specialists to give you a customized security plan which can include ICS Patch Management and other operations and maintenance solutions best suited for your company.
Still looking for more information on how to protect your business from cyber security issues and attacks?
Download the ATS exclusive Cyber Security Fundamentals: Weakness Checklist!
