Spring Cleaning for your Cyber Program
image credit: Photo by Alexandru Dinca from Pexels
- Feb 23, 2021 5:17 pm GMTFeb 23, 2021 4:31 pm GMT
- 135 views
We’re approaching the time of the year when the grass starts to turn green, the trees start to bud out and we all need to get spring cleaning done. It’s also a great time to look at your cyber program and make sure you’re on track to accomplish your long-term goals. Here are three recommended areas for review to see if your program is heading in the right direction or if you need some mid-course corrections.
With the COVID-19 pandemic starting to abate slightly, now is a good time to review security projects that may have been delayed due to field work, travel, or other pandemic-related issues. Perhaps staff training can start in person again – there’s no substitute for being able to talk with an instructor face to face about specific issues or challenges. The industrial control system training from the Cybersecurity and Infrastructure Security Agency (CISA) from the U.S. Department of Homeland Security is available at no tuition cost. It is unknown when this training will start in person again, but it is well worth the cost to travel when it is available.
Because of the massive hack of SolarWinds and the resulting chaos from this event, all cyber programs need to review their security monitoring strategy. This area for Operational Technology (OT) systems is typically limited to a sensor or two at the electronic security boundary. This implementation is starting to show its age in the supply chain attack era. OT systems need to include internal communications and device interface monitoring as part of their design. Integrating SCADA alerts and alarms into the security monitoring strategy is a good first step for those devices that support SCADA but not syslog or other security logging mechanisms. The next step may include mirrored ports on substation switches that capture network traffic between devices coupled with a sensor programmed to alert on potentially anomalous or malicious SCADA traffic, non-SCADA traffic, and other indicators of compromise.
Worth mentioning is the Federal Energy Regulatory Commission (FERC) Notice of Proposed Rulemaking (NOPR) related to incentives for public utilities that make cybersecurity investments above and beyond the baseline requirements of NERC CIP. This NOPR will apply to each utility differently and is tied to adjustments in the allowable transmission rate recovery that FERC has jurisdiction over. Utilities that may be eligible and interested will need to make their own benefit calculations.
These are just a few areas to review. Each organization will have its own set of priorities and goals – the important point is to keep moving the program forward and address areas that may have unacceptable risks. Enjoy the warmer weather – take a walk and clear your head. Then see if your cyber program is on track to reduce risk for your organization.