With this being National Cybersecurity Month every DHS entity on TWITTER® is tweeting tips for cybersecurity. Some are good and others not so, but they are mainly targeted at IT cybersecurity. Take for example this one from StopThinkConnect:
“A comprehensive #cybersecurity plan focuses on 3 key areas: prevention, resolution & restitution. More info: http://bit.ly/U6Hm3H #ChatSTC”
A number of other people have tweeted in with their suggestions for additions and substitutions, but all of the ones that I have seen still seem to concentrate on information security. It would be nice if someone would come up with something targeted at the ICS community. Well how about me? Okay here goes my 3 key areas for chemical facility cybersecurity:
Prevent – Stop most attacks before they can happen. Ensure that all systems are adequately isolated from the internet and corporate enterprise network. Ensure that all appropriate patches and updates are properly vetted, checked and installed. Ensure that access to the ICS system is limited to those with a verifiable need and at the lowest possible authorization level commensurate with that need.
Detect – Unauthorized network intrusions are detected at the earliest possible instant with a combination of in-depth tools that are capable of detecting and documenting the progress of the intrusion.
Safe Shut Down – Standalone chemical cyber-safety systems are capable of putting the process/storage/movement of chemicals into an inherently safe mode in the event that any cyber or physical intrusion or incident puts the process into an unstable configuration.
Remember, you can’t possibly prevent all attacks. There will always be some new hole that someone can find that would allow a determined enough attacker to get through. Also you are not going to be able to detect every attack soon enough to prevent it from catastrophically affecting your system. The main goal has always got to be to have the tools in place to safely shut down the system in the event of any mishap, intentional or otherwise, cyber or physical. Good luck, we all need it.