https://www.engineeringnews.co.za

Top 10 Guidelines to Address Operational Technology Vulnerabilities in Critical Infrastructure Organisations

22nd June 2016

  

Font size: - +

This article has been supplied as a media statement and is not written by Creamer Media. It may be available only for a limited time on this website.

Fortinet  (0.04 MB)

Fortinet – the global leader in high-performance cybersecurity solutions, states that almost 80 percent of industrial security incidents in critical infrastructure organisations are caused by unintentional internal issues such as software misconfigurations from human error and malfunctioning network protocols. Critical infrastructure industries in particular, such as utilities, transportation and natural resource producers, together with the communities and economies they serve, face not only particularly damaging outcomes from cyber security attacks, but also need to deal with significant complexity due to the scale of their operations.

“Organizations across multiple industries today face an evolving threatscape and growing pressure to rethink security strategies for long-term sustainability. A more holistic security approach is required to protect against intentional targeted attacks as well as human error from internal sources,” said Hutton. “Solving ICS (industrial control systems) security issues requires a solution that unifies the best of current OT network security capabilities with an extensive understanding of ICS processes and protocols.”

The machines and technology used to manage and run hydropower dams, oil and gas companies and other infrastructures were never designed to be connected to remote or public networks. As these systems were isolated and physical access often restricted, information security has never been accorded the highest priority.

“But with emergence of Industry 4.0, these environments are now interconnected. Proliferation of open standard and off-the-shelf hardware and software also increases their vulnerability. This means that industrial control systems (ICS) now have a wider footprint for attack,” explained Hutton.

As organizations cannot predict every threat, they must then focus on what they can control. Fortinet has recently issued Top 10 guidelines to help local companies assess their operational technology (OT) vulnerabilities:
 

  • Identify critical elements that need immediate protection is a crucial first step
  • Identify protocols for permission management or access to controls - Most systems were previously isolated. Now that IT and OT are interconnected, they need to keep pace with OT security best practices. In addition, determining the appropriate privileges for authorized users is just as important as blocking unauthorized access
  • Update hardware and software operating systems regularly - Some hardware and software systems pre-date the very notion of cybersecurity. Organizations need to ensure compatibility with standard modern defences such as anti-virus software or threat scanning technologies
  • Perform regular and routine organization update and patch - While most operations cannot afford any down-time and cost associated with patching, deferring updates lead to wider security gaps
  • Identify unsecured, and IP-enabled telemetry devices such as sensors and pressure gauges - Data on these devices can be manipulated, which then impacts the safety and reliability of the overall system
  • Employ best practices in modern coding - Using embedded and often custom-built software written with little attention to recommended security techniques leaves OT systems open to attack
  • Adhere to a standard procedure for logging events - Organizations that establish a process for noting and reporting system events can often use this data to detect irregularities and implement security measures
  • Regulate component manufacturers and supply chain - Without proper monitoring and governance, equipment may be compromised before it is even installed
  • Implement Network Segmentation - Many operations have not yet partitioned their networks into functional segments (while remaining fully interconnected). Without proper segmentation, infected data and applications can overlap from one segment to another, and attackers who manage to breach perimeter defences can easily move undetected across the network
  •  
  • Prepare an Operational Recovery Plan - In the unfortunate event of a disaster, every organization needs a documented procedure to assess damage, repair systems and machines, and restore operations. Regular security drills also help operators implement recovery quickly and efficiently when it is needed most.

Edited by Creamer Media Reporter

Comments

Showroom

Environmental Assurance (Pty) Ltd.
Environmental Assurance (Pty) Ltd.

ENVASS is a customer and solutions-driven environmental consultancy with established divisions, serviced by highly qualified and experienced...

VISIT SHOWROOM 
Weir Minerals Africa and Middle East
Weir Minerals Africa and Middle East

Weir Minerals Europe, Middle East and Africa is a global supplier of excellent minerals solutions, including pumps, valves, hydrocyclones,...

VISIT SHOWROOM 

Latest Multimedia

sponsored by

Option 1 (equivalent of R125 a month):

Receive a weekly copy of Creamer Media's Engineering News & Mining Weekly magazine
(print copy for those in South Africa and e-magazine for those outside of South Africa)
Receive daily email newsletters
Access to full search results
Access archive of magazine back copies
Access to Projects in Progress
Access to ONE Research Report of your choice in PDF format

Option 2 (equivalent of R375 a month):

All benefits from Option 1
PLUS
Access to Creamer Media's Research Channel Africa for ALL Research Reports, in PDF format, on various industrial and mining sectors including Electricity; Water; Energy Transition; Hydrogen; Roads, Rail and Ports; Coal; Gold; Platinum; Battery Metals; etc.

Already a subscriber?

Forgotten your password?

MAGAZINE & ONLINE

SUBSCRIBE

RESEARCH CHANNEL AFRICA

SUBSCRIBE

CORPORATE PACKAGES

CLICK FOR A QUOTATION







sq:0.068 0.12s - 158pq - 2rq
Subscribe Now