USCG has previously announced that October is recognized in US as the National Cybersecurity Awareness Moth. In order to shed its focus on cyber security, USCG will feature a series of posts detailing cyber risk management in the maritime domain, examining governance, resiliency and defending critical infrastructure.
Having already addressed the importance of instilling a cyber security governance framework within your organization to better identify and mitigate cyber risk and also analyzed how to build cyber resiliency, in the third article, USCG gives his advice on why cyber security matters.
Cyber attacks on critical infrastructure are a growing concern for many organizations across the globe. The Marine Transportation System is no different and has been a target of attacks, with recent network breaches, data thefts, and denial-of-service attacks. Exploited vulnerabilities can vary from the basic, such as the lack of passwords or use of default-only passwords, to configuration issues and software flaws.
From a physical security standpoint, vulnerabilities in Industrial Control Systems (ICS) and Supervisory Control and Data Acquisition (SCADA) networks, which control industrial processes, are especially concerning. These ICS and SCADA systems or control systems usually have some level of defense, but attackers are always looking for ways to get inside, such as through an entry gate that is left open, unsecure wireless technologies, or a vulnerable communications channel. While control system networks are often physically separated from other corporate IT networks, this is not always the case. Although some companies operate their control and corporate networks on different internal Local Area Network (LANs) or “airgap” their control and corporate networks from one another, sometimes control and corporate networks share the same LANs or encrypt their control system traffic across a shared infrastructure. Usually, control and corporate system networks require some level of interconnectivity in order to obtain operational input from and/or export data.
To achieve the level of protection and resilience needed for critical control system networks, security needs to mature from a piecemeal collection of technologies to effective cyber security governance. This includes the ability to detect abnormal behavior and prevent attacks while providing the organization with meaningful forensics to investigate breaches when they occur. Examples of mitigation strategies are as follows:
- Prevent unauthorized entry to remote access ports used by vendors for maintenance, unless being actively used.
- Ensure system users do not click on unknown or suspicious URL links in an email.
- Minimize the use of unsecure laptops or removable media while inside ICS and SCADA networks unless fully tested and approved by technical staff.
- Document, verify, and test configuration changes, ensuring there are no mistakes with the security configuration of connected devices.
- Use application control with “Whitelisting” techniques and strategies.
- Use firewall, intrusion prevention, and anti-virus technologies to protect all critical systems.
Cyber threats focusing on ICS and SCADA systems have increased in recent years and this is a trend that is unlikely to change in the near future. Malicious actors are getting smarter and becoming more capable and willing to exploit the known vulnerabilities of critical infrastructure. It is essential that strategies and systems are implemented to defend the network and the services they control. These efforts will not only protect the organization that rely on them but also protect the entire Marine Transportation System at large.
Source: USCG News
