“Proof of Compromise” from Ransomware Attacks on Critical National Infrastructure(CNI)

  • Legacy/end-of-life operating systems
  • Lack of awareness of Cybersecurity
  • Unpatched systems
  • No antivirus installed
  • Flat networks
  • No zoning and segmentation
  • No policies and procedures
  • Bidirectional communication from OT to IT
  • Zero Downtime — Since plant operations are running 24/7/365, implementation of solutions that require downtime is not easy to deploy
  • Third-Party Service Integration — Usually, OEMs don’t integrate with third-party vendors, which sometimes causes blockage for many security projects. OEMs may say, if you deploy this tool, we won’t be responsible if any OT system stops working.
  • Cyber Awareness and Resiliency — Lack of cyber skills set in OT environment
  • Compatibility — Status quo management and meeting compliance audits
  • Cost — Requiring additional budget and human resources
  • OT security programs should be initiated based on people, processes, and technology.
  • Roles and responsibilities should be identified. Baselines should be developed e.g. IEC-62443, NIST, etc.
  • Training and awareness of IT and OT people should be done, to bridge the gaps and the security program should be a collaborative effort of both sides.
  1. Assets inventory should be maintained and updated, and what’s on the network in real-time
  2. Zones and conduits should be developed based on the criticality of assets
  3. Network monitoring should be enabled
  4. Visibility of network using IPS should remain
  5. Configuration of network devices should be hardened per best practices

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Airgap Networks

Airgap Networks

Zero Trust Isolation — The Best Defense Against Ransomware Propagation. https://airgap.io