Table of Contents Table of Contents
Previous Page  87 / 100 Next Page
Information
Show Menu
Previous Page 87 / 100 Next Page
Page Background

CONTROLLO

tecnica

Automazione e Strumentazione

Gennaio/Febbraio 2018

87

functional policy framework of

computer security guidance

for

how organizations can assess and improve their ability to prevent,

detect, and respond to cyber-attacks.

Based on above issues the main customer request is to have a sin-

gle, agnostic solution that can support all control system cyber

assets, regardless of supplier, model, or vintage.

A solution that supports for asset inventory data collection and auto-

mation system change management whether it is cyber related or not.

And a solution that supports local and remote access to information.

While some suppliers offer broad-based solutions, the coverage of

most products is generally limited to specific kinds of assets and

specific functionality.

ARC Advisory Group

has recently defined the list of

available

industrial cybersecurity management solution functionality:

Security Management Dashboard:

A central platform for

managing all security information about cyber assets, vulnera-

bility alerts, patches, and firmware/software/hardware updates;

launchpad and integration platform for a variety of security

maintenance support modules.

Security Maintenance Support:

Modules that enhance staff

cybersecurity management capabilities and reduce the time

required to perform security maintenance tasks like asset discov-

ery and inventories, change and patch management, backup man-

agement and policy compliance.

Remote Security Management Support:

Secure remote access

software/services that enable remote maintenance of cyber assets

and incident response support.

Incident Management Support:

Security Information and

Event Management (SIEM) and other

solutions that manage security event infor-

mation (alerts, configuration changes,

etc.), help people analyze and deal with

suspicious situations.

Then the

Situational Awareness

(SA)

of cyber-security and operational inci-

dents, ideally with high detection and low

false-positive rates, is a key factor as well as

the real-time alerts notification.

To support SA in a scenario of increasing

and challenging threats new and advanced

technologies are needed.

Machine learning, device profiling technologies and deep packet

inspection (DPI) applied to industrial network help to create an

adaptive whitelisting baseline: a sort of ‘secure’ network commu-

nication model where the ‘black hat’ struggling to work.

Another important element is the active threat intelligence ser-

vice (possibly given by an agnostic laboratory) to early discover

‘0-days’ vulnerabilities with data derived and qualified from

different deployments. Tools for automatic assessment are also

a way to check the current network architecture resilience particu-

larly whether possible attack vectors are clearly indicated.

But is OT Cyber Security all related to passive monitoring and

vulnerability prevention?

Surely prevention and monitoring reduce risks but do not totally

eliminate the problem because

threats are mutants

.

Next generation firewalls (there are specific types for industrial

applications) dynamically tightening or changing the firewall

rules in case of active threat.

And what to do if already damaged (e.g. ransomware or similar)?

The key to rapid recovery is the ability to access and download the

correct program to the device.

A common central repository

of

all program changes ensures that if a device fails, the most current

copies of program logic and documentation are available so plant

operations can be restored quickly and correctly.

This is true for automation devices as well as PC based appli-

cation (e.g. Scada or Historian) with the help of powerful auto-

mated recovery tools.

References

[1]

“Cyber Security Framework v1.1”, NIST (National Institute of

Standards and Technology).

[2]

J. Kosar, “Cybersecurity Maturity: We haven’t been hacked so

we’re good… zright?”, ARC Forum 2017.

[3]

S. Snitkin, “Cybersecurity Technology and Compliance Man-

agement Solutions”, ARC Advisory Group.

[4]

S. Snitkin, “What’s Really Needed for Network and Endpoint

Protection?”, ARC Advisory Group.

[5]

C. Bodungen, B. Singer, A. Shbeeb, K. Wilhoit, S. Hilt,

“Hacking Exposed Industrial Control Systems: ICS and Scada

Security Secrets & Solutions”.

[6]

“Critical Infrastructure: Security Preparedness and Maturity”,

Unisys and Ponemon, 2014.

[7]

www.servitecno.it

The 5 functions of the NIST Framework

ARC Cyber Security Maturity Model

1 82 83 84 85 86 87 88 89 90 91 92 93 100  FlippingBook