"... deploying systems and technologies that can monitor control systems to detect malicious activity and facilitate response actions to cyber threats is central to ensuring the safe operations of these critical systems. 

 

The Federal Government will work with industry to share threat information for priority control system critical infrastructure throughout the country."

 

---National Security Memorandum on Improving Cybersecurity

for Critical Infrastructure Control Systems

Why Your ICS/OT SCADA Architecture Needs Visibility

There was a time when keeping your ICS environment physically off the enterprise network was a major component of the ICS cybersecurity strategy.

And for years, it worked.

But in a world where just about everything is connected to the internet, that time has passed. Because hackers have already proven that the physical air gap can neither prevent malware intrusion, nor identify malware once it gets inside your network.

A strong cybersecurity strategy for ICS must now include the ability to see what network traffic is flowing inside your entire network; both the IT enterprise network and the OT operational technology network. And we call that, Network Visibility. Why?

Because you can’t protect what you can’t see.

Read Network Monitoring for Tough Spots

"We cannot address threats we cannot see; therefore, deploying systems and technologies that can monitor control systems to detect malicious activity and facilitate response actions to cyber threats is central to ensuring the safe operations of these critical systems.”

 

---National Security Memorandum

Ensuring Cybersecurity Compliance for Electric Power Industry

Operational technology (OT) networks and Industrial Control Systems (ICS) are increasingly interconnected with IT networks. This interconnectedness has increased the ICS/OT attack surface due to:

• Proprietary appliances and sensors

• Malware insertion via dedicated attacks to take control of critical infrastructure by criminal and nation-state actors

• Third-party remote access for contractors that may have lax security processes

NERC CIP are mandatory security standards for high-voltage electric transmission and power generation. CIP-005, CIP-007, and CIP-010 require utilities to collect and archive network traffic data at the plant and substation level. Network taps can be placed in power plants and substations at multiple levels of the SCADA network. Unlike Span ports, Network Taps don't drop packets, don't need programming, and can be installed where you need them.

NERC CIP Standards for Threat Visibility and Detection

Cybersecurity is often described as prevention, detection, response --- and recovery, if needed. What the Colonial Pipeline ransomware attack, the Oldsmar Florida Water poisoning attempt, and now the White House are all telling us is that prevention isn’t perfect and therefore, we need to increase focus on detection, response, and recovery.

The overall goal of the White House’s 100-Day Plan to Address Cybersecurity Risk to the Electric System (100-Day Plan) is to encourage critical infrastructure asset owners to deploy threat visibility and detection technologies to support their incident response and recovery capabilities, as well as provide greater information sharing potential. 

The North American Electric Reliability Corporation (NERC) is a regulatory authority whose mission is to assure the effective and efficient reduction of risks to the reliability and security of the grid. NERC’s jurisdiction includes users, owners, and operators of the Bulk Electric System, which serves nearly 400 million people.

The NERC Critical Infrastructure Protection (CIP) standards include regulatory elements that make collecting and archiving network traffic more important than ever before. NERC CIP Standards require utilities to monitor network traffic data at the control center, the plant, and the substation. Utilities are subject to regular NERC Compliance audits and must also regularly conduct vulnerability assessments.

Download the full white paper to go in depth on these topics and more. 

IT and ICS/OT Cybersecurity Convergence

It's become almost commonplace to hear pundits speak about the convergence of IT and ICS/OT cybersecurity. But how in the world would hacking something like a company's public facing website, impact revenue through the disruption of service delivery?

Good question.

When a website offering pay as you go utility services was hacked, customers lost the ability to prepay their electricity, which effectively turned out the lights. Because prepaid services are offered for a wide range of services, from cellphones to cloud storage they're just one more reason why ICS/OT teams are joining their IT counterparts, in a converged security strategy to secure the IT/OT environment.

With the sudden increase in work from home and the resultant surge in digital business transformation, are you ready?

Read Is IT Ready for OT and the Industrial IOT?

Taps vs SPANS

 

Costs, Coverage, Choices

And Why you Need Choices for Every Location in your ICS/OT environments

Partnerships to Fortify your ICS/OT Network

Digital business transformation allows enterprises to continue business as usual through increasingly unusual times. Fortify your IT and OT networks now before unwelcome intruders seize control of your IIoT assets. Partner with Keysight and gain market-leading end-to-end insights to innovate, transform, and win in fortifying your Industrial IoT.

Iot Security Assessment

Want help or have questions?