Recent and ongoing global conflicts have led to a significant increase in cyber threat activity. Here are three quick system checks you can do today.
The Canadian Centre for Cyber Security and the US Cybersecurity & Infrastructure Security Agency (CISA) have started releasing alerts. CISA highly recommends that all CI organizations review their cyber posture to reduce their attack surface area.
As a starting point, ICI Electrical Engineering recommends the following;
- Check the status of backups for relevant control and SCADA systems, including historian data, age of backup.
- Review your Disaster Recovery plan and update your list of contacts relevant to sustaining operation of your facilities.
- Check visibility in your OT network. Do you know what is attached or who is actually on your OT network?
- Patching is not the top priority. Activate logging on your network and ensure that the logs are being reviewed and stored in a safe location.
- Do not share access credentials (i.e. do service providers or engineering support providers have generic logins to your network?).
- Who has access to your systems remotely and do you rely on Active Directory or management through IT?
- Create a baseline for an operational system so that you can identify atypical behavior before it becomes an operational concern.
- Review the operation of manual mode capabilities.
- Review interconnections between IT and OT Systems.
- Enable multi-factor authentication (MFA) for existing remote access solutions where practicable.
Additional Information and Links
Dragos – ICS Cybersecurity Year in Review 2021 https://www.dragos.com/yir
Report a Cyber Incident (Canadian Centre for Cyber Security) https://cyber.gc.ca/en/incident-management
Canadian Centre for Cyber Security Alert 1 – Disruptive activity against Ukrainian organizations
CISA Alert – Understanding and Mitigating Russian State-Sponsored Cyber Threats to U.S. Critical Infrastructure
CISA Shields Up! – A catalog of free services to reduce the likelihood of a damaging cyber intrusion, take steps to quickly detect a potential intrusion, ensure that the organization is prepared to respond if an intrusion occurs and maximize the organization’s resilience to a destructive cyber incident.
It is ICI Electrical Engineering’s mission to secure critical infrastructure and enrich communities through the safe application of technology.