cyber trends to stay informed while ensuring visibility across your infrastructure to effectively defend against evolving threats .
What are the biggest cybersecurity challenges facing ICS / OT defenders in the European markets ?
In contrast to the US and some East Asian countries , there is a noticeable lack of government drive and initiative in this region . This absence of proactive efforts from government organisations such as regulatory bodies or national security agencies has resulted in limited awareness of cybersecurity risks , inadequate monitoring and insufficient preparedness for potential cyberattacks .
Although these issues extend globally , the absence of mandatory standards and the accompanying lack of mitigation measures or timely software patches are still a problem and will cause organisations to struggle in prioritising their cybersecurity efforts effectively .
Also , the diversity of vendors and protocols used in Europe and other regions complicates matters . Reports and recommendations from the US may not apply to widely used vendors or protocols in Europe , leading to a lack of awareness regarding specific vulnerabilities . Consequently , organisations face a multitude of threats without comprehensive guidance .
So , while enhancing a cybersecurity posture requires organisations to take various measures , the main challenge also lies in the limited drive from government authorities to implement cybersecurity regulations effectively . What is needed is a more concerted effort to promote the adoption of practical strategies for complying with regulations . Providing step-by-step guides and architectural examples , especially regarding patch management solutions , can significantly assist organisations in transitioning from a vulnerable state to an effective cybersecurity stance . Ideally , such guidance should come from trusted bodies at either the European or national levels to ensure comprehensive support .
Cybersecurity adversaries have consistently challenged European ICS / OT cybersecurity defences which is a defining reason for their continued effectiveness . What is a more effective approach for organisations to handle these defences ?
Dragos CEO , Rob Lee , together with Tim Conway , released the SANS Five Critical Controls which organisations can use to focus their efforts in protecting OT networks and bolster a stronger security posture .
One of these controls is having a specialised incident response plan for Industrial Control Systems ( ICS ). While many organisations understand how to respond to typical enterprise IT-specific network incidents , the same cannot be said for ICS incidents , making it an area where preparedness often falls short .
Ransomware is a prevalent threat especially in the OT environment and understanding the tactics employed by ransomware actors is vital . Defending against the most prolific of these actors gets you a long way towards securing your systems . However , it is also essential to consider low-probability and high-impact scenarios . This necessitates a comprehensive understanding of your assets where predictive analysis can play a pivotal role . Visualising your network , especially in segmented environments , is invaluable as it allows you to maintain critical functions . Without this knowledge , organisations tend to resort to shutting down everything in response to a potential ICS incident , which can have devastating consequences . For example , say a water treatment plant was targeted in a cyberattack , with confirmed intrusion activity within the enterprise IT network . It is all too often the case that the response would be to shut down the OT environment in a safe manner , given the absence of a dedicated OT / ICS incident response plan , the lack of monitoring in the OT environment to provide assurances that the actor had not traversed the boundary , and the subsequent inability to accept the risk to continue operations in lieu of those assurances , which may also include doubts around the true depth of segregation between IT and OT networks . All too often , given constrained budgets and non-existent guidelines ( or ones that are simply not followed ) do we see issues such as credential reuse between environments , or sharing of switching infrastructure undermine the security that is thought to be in place .
Another critical control is building a defensible architecture . While many organisations have long-standing network infrastructures that may have existed since the 60s and 70s , adding new elements provides opportunities to enhance defence and security . In emerging sectors like renewables and nuclear power , greenfield sites offer a chance to establish highly defensible networks . Thus , conducting parameter analysis and architecture reviews is essential to identifying and implementing these security enhancements . Thinking about conduits and zones is one great approach , that you can read more about in our blog series on ISA / IEC 62443 .
The next control revolves around specific monitoring . Effective defence hinges on visibility as you can ’ t defend against what you can ’ t see . Regardless of how much you know about potential threats , if you can ’ t see them or their actions , your ability to prevent or mitigate incidents is compromised . This is particularly critical in the OT environment where detecting intrusions in their early stages is challenging without proper visibility . While we have improved in stopping the initial stages of attacks , achieving this in the OT realm is impossible without adequate visibility .
So , these critical controls are essential pillars of every organisation building a robust cybersecurity strategy . They address the unique challenges presented by ICS incidents , emphasise the importance of building defensible architectures and stress the need for comprehensive monitoring to enhance overall security posture . u www . intelligentciso . com
21