National Cyber Warfare Foundation (NCWF)

Launching a critical infrastructure security program in 4 phases
0 user ratings		2024-10-16 13:10:13
milo
Blue Team (CND)
 - archive -- 

As per the Cybersecurity and Infrastructure Security Agency (CISA), threat actors were still leveraging brute force intrusions, default credentials, and other unsophisticated attack methods to target internet-exposed operational technology and industrial control systems of critical infrastructure organizations. Organizations that are running their ICS infrastructure without adequate visibility into their networks and operations are especially vulnerable to such threat actors. So how can critical infrastructure operators respond to this emerging threat? The answer lies in launching a structured institutional OT security program with a strong foundation to improve and strengthen their existing OT security measures in a phased manner. Such an approach ensures asset assurance, and improved visibility into the outcomes of each measure and allows OT asset owners to move forward with more learning and knowledge. So what does a structured critical infrastructure OT security program look like? Now let’s look at each of these OT security phases in more detail. Phase 1: Understanding the present state of OT security in your Critical Infrastructure This phase includes conducting an IEC 62443-based OT/ICS Cybersecurity Assessment to determine the gaps and issues with the current OT security approach. The following aspects need to be highlighted in detail in the assessment: · You can use this IEC 62443 checklist for the above exercise. Phase 2: Implement security measures including those to secure infrastructure and detect threats In this phase, the measures designed to gain visibility, and protect networks and assets while securing them with various measures such as: Hard network segmentation between OT and IT networks Phase 3: Evaluate data and security measures (measure success) During this phase, all security management measures should be institutionalized through an OT Security Operations Center. The SOC should also have an incident response and management component either in-house or through managed means. An OT security audit is recommended at this phase to gather data on the effectiveness of the security measures and the impact of the OT governance and security policy in an integrated manner. This phase should cover: Phase 4: Channel the learnings from your OT security program Regular internal and external workshops to share learnings from all aspects of cybersecurity operations To learn more about a structured OT security program that incorporates IEC 62443, NIST CSF, and NIST SP 800, talk to a Sectrio OT governance expert. Book a consultation with our ICS security experts now. Contact Us Thinking of an ICS security training program for your employees? Talk to us for a custom package.   


The post Launching a critical infrastructure security program in 4 phases appeared first on Security Boulevard.



Prayukth K V

Source: Security Boulevard
Source Link: https://securityboulevard.com/2024/10/launching-a-critical-infrastructure-security-program-in-4-phases/

Comments
new comment
Nobody has commented yet. Will you be the first?
  
Forum
Blue Team (CND)


Copyright 2012 through 2025 - National Cyber Warfare Foundation - All rights reserved worldwide.