Scribd
Upload
28 views

Ics Cybersecurity For The C-Level: Six Questions Every C-Level Executive Should Be Asking

The document discusses the growing sophistication of cyber attacks against industrial control systems and outlines basic cybersecurity practices that C-level executives should understand. It summarizes two malware campaigns, Havex and BlackEnergy, that remotely accessed control systems. The document then provides six questions executives should ask about their organization's cybersecurity and outlines key risk management concepts like identifying critical assets and assigning a cybersecurity manager. It concludes by describing assistance available from the National Cybersecurity and Communications Integration Center.

Uploaded by

Avinash Choudhari
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
28 views

Ics Cybersecurity For The C-Level: Six Questions Every C-Level Executive Should Be Asking

The document discusses the growing sophistication of cyber attacks against industrial control systems and outlines basic cybersecurity practices that C-level executives should understand. It summarizes two malware campaigns, Havex and BlackEnergy, that remotely accessed control systems. The document then provides six questions executives should ask about their organization's cybersecurity and outlines key risk management concepts like identifying critical assets and assigning a cybersecurity manager. It concludes by describing assistance available from the National Cybersecurity and Communications Integration Center.

Uploaded by

Avinash Choudhari
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 2

National Cybersecurity and

Communications Integration Center

ICS CYBERSECURITY FOR THE C-LEVEL


Cyber threats against Industrial Control Systems (ICS) continue of control systems in the U.S. and hundreds globally. The
to increase in intensity, frequency, and complexity. Yet, basic malicious code could potentially be used to manipulate control
cybersecurity practices within many ICS organizations continue processes and cause physical damage. No interaction with the
to be an afterthought or significantly less than needed. This target was required as BlackEnergy targeted systems connected
document was developed as a tool to help facilitate the directly to the internet.
communication of strong, basic cybersecurity principles to the
Long-Term Threat
leadership of ICS organizations.
These two campaigns illustrate a concerted effort by
Through conversation with various stakeholders, the need
sophisticated threat actors for at least four years to understand
for a document that conveys concise cybersecurity concepts
critical ICS, discover unknown/ unpatched vulnerabilities for
and strategies to organizational leadership became apparent.
exploitation, and use differing techniques to gain access to the
Thus, the U.S. Department of Homeland Security’s (DHS)
operational environment.
National Cybersecurity and Communications Integration Center
(NCCIC), with direction from the Industrial Control System Six Questions Every C-Level
Joint Working Group (ICSJWG), developed this document to
support communication and improve cybersecurity practices Executive Should be Asking
across the Nation’s critical infrastructure (CI). 1) What’s at Risk – have we prioritized our assets and
identified the potential consequences if our control system
ICS Attacks - Growing Sophistication was compromised? Can we sustain operations of critical
Attacks that target ICS infrastructure continue to evolve and processes following a cyber incident?
mature. Through a variety of methods, malicious threat actors 2) Who is the manager ultimately responsible for
are introducing sophisticated malware into control systems cybersecurity or do we rely on third-party support?
at growing rates. The following case studies, Havex and
3) Is our ICS environment protected from the Internet and
BlackEnergy, represent sophisticated, global malware campaigns
how have we validated that?
against ICS that went unnoticed for years. These examples
evidence the ability of threat actors to remotely issue command 4) Do we have remote access to our ICS network? If so, why
functions via malicious code. do we need it, and how is it protected and monitored?
5) Do we have a DHS Homeland Security Information
Havex
Network (HSIN) account to receive alerts and advisories?
Sophisticated threat actors using Havex malware have targeted
6) Are we reading available resources and applying the
and compromised control systems worldwide since 2013. Spear
recommended cybersecurity best practices?
phishing and infected ICS software downloads from legitimate
websites have been the main attack vectors. The Havex malware Key Risk Management Concepts
operates as a Remote Access Trojan (RAT) with the ability to
inject unauthorized control commands as well as cause a denial Identify Critical Assets – Assess the Risk
of service effect on certain applications. Complete a risk assessment to ascertain areas of greatest
BlackEnergy vulnerability, identify critical assets, and define the parameters
for your security plan. Perform a baseline cybersecurity
The BlackEnergy campaign used previously unknown software assessment via NIST’s “Guide to Industrial Control Systems
vulnerabilities in multiple common Human Machine Interface (ICS) Security” or DHS’s Cyber Security Evaluation Tool (CSET).
(HMI) software products to gain direct access to control system
operating screens. Since 2011, BlackEnergy has infected dozens
National Cybersecurity and
Communications Integration Center

Assign a Manager Responsible (CS&C). NCCIC is an integral component of the DHS Strategy
for Cybersecurity for Securing Control Systems and strives to reduce risks and
threats to CI by collaborating with other government and
Every organization needs a trained and qualified individual private sector partners.
whose primary responsibility is cyber-security. A cybersecurity
NCCIC provides or sponsors the following services and
manager should set policies and implement procedures, enforce
activities to improve CI security:
monitoring and protective/detective controls, train employees,
perform regular assessments, and implement patching and • OUTREACH AND TRAINING – NCCIC performs outreach
configuration practices. activities to help CI sectors understand cybersecurity risks
and offers training opportunities to assist the control
Protect Your Networks from the Internet systems community in improving their cybersecurity
Do NOT allow direct connectivity from the internet to your ICS preparedness.
network. Protect your network from remote access via defensive • ICSJWG – The ICSJWG facilitates partnerships between the
measures, monitoring, and strong authentication requirements. Federal government and private sector owners and operators
Isolate, protect, and monitor your key assets. in all CI sectors through biannual face-to-face meetings,
Limit the Use of Remote Access to Your ICS webinars, and newsletters.
If remote access is required, protect your ICS with multiple • CSET – CSET is a desktop software tool that enables users
defensive layers. Consider using different levels of access and to self-assess their network and ICS security practices
appropriate controls for remote access, coupled with strong against recognized standards, guidelines, and recommended
detection/monitoring capabilities. Implement a control system practices.
demilitarized zone (DMZ) with two-factor authentication and a • SITE ASSISTANCE AND EVALUATIONS – NCCIC offers
virtual private network (VPN) connection. onsite field assessments, network design architectural
reviews, and network traffic analysis and verification.
Join HSIN
Joining HSIN allows access to alerts and advisories, indicators of
compromise, and a secure method of reporting cyber incidents
and requesting incident response services. About NCCIC
Take Advantage of Available Resources The National Cybersecurity and Communications Integration
Participate in your sector’s Information Sharing and Analysis Center (NCCIC) is a 24x7 cyber situational awareness, incident
Center (ISAC) information sharing programs, know your Sector response, and management center that is a national nexus of
Specific Agency (SSA), and visit https://ics-cert.us-cert.gov. cyber and communications integration for the Federal Govern-
ment, intelligence community, and law enforcement.
NCCIC Resources and Assistance
http://www.dhs.gov/national-cybersecurity-communica-
NCCIC operates within the National Cybersecurity and
tions-integration-center
Communications Integration Center (NCCIC), a division
of the DHS Office of Cybersecurity and Communications

You might also like