Mike Holcomb’s Post

Not necessarily in priority order

It's common when we look at implementing #cybersecurity measures, #MSPs are focused on #IT (Information Technology), but what about #OT (Operational Technology)? We hear more about IT incidents and breaches in the media but OT incidents can be even more impactful and risky to an organisation like manufacturing when their whole business is reliant on the product they make. While there are common elements as OT systems rely on IT systems, there are different #Risk and considerations when looking to secure those environments. Many OT environments rely on legacy systems which are typically more vulnerable as Patching can sometimes break the processes if the manufacturing software is not properly updated. This article presents the differences, challenges and common practices that should be considered when securing OT environments. Lots to think about but consider the business outcomes and objectives you're trying to achieve when planning out your strategy.

"Controls include, but are not limited to security of the staging area, people, asset lists, access controls, secure configuration, vulnerability and patch management, and incident management." https://lnkd.in/gYQbjyMh #cybersecurity #industrialcontrolsystems #otsecurity #riskmanagement #industrialcyber #icssecurity #ics

"Controls include, but are not limited to security of the staging area, people, asset lists, access controls, secure configuration, vulnerability and patch management, and incident management." https://lnkd.in/dJ54Hd7g #cybersecurity #industrialcontrolsystems #otsecurity #riskmanagement #industrialcyber #icssecurity #ics

Cisco IOS XE Zero-Day: Unveiling Potential Risks and the Need for Comprehensive Security Strategies The recent disclosure of a critical zero-day vulnerability (CVE-2023-20198) in Cisco's IOS XE software sheds light on potential risk management blind spots in modern IT infrastructure. This flaw allows unauthorized attackers remote, full-privilege access to affected devices, emphasizing the limitations of an agent-based cybersecurity approach. While agent-based tools are valuable for monitoring and detecting threats on installed devices, they may not provide a complete risk assessment, especially for network devices like routers and switches that often don't support agents. The article highlights the necessity of a multi-faceted vulnerability management strategy, combining agent-based and agent-less methods to address endpoint restrictions, infrastructure complexity, cloud environments, configuration checks, and external exposures. The incident underscores the importance of a unified security approach that integrates diverse methods and advanced threat intelligence for proactive cybersecurity measures. Check out the article ➡️ https://lnkd.in/gRBgVjds #Cisco #ZeroDayVulnerability #CyberSecurity #RiskManagement #ITInfrastructure #CyberThreats

The Top Ten ICS/OT Cyber Security Controls Here's my prioritized list for cyber security controls in ICS/OT networks. Prioritized based on: -> Using budget wisely -> Reducing risk the most -> Increasing value to the organization I have always been a big fan of the Critical Security Controls in the IT cyber security space. Written simply. Easy to understand. Prioritized list of where to start. For example, if I only could do one thing in ICS/OT: -> It would be filtering network traffic between the IT/OT networks -> Not allowing IT to originate connection into OT -> Only allow OT to send data to IT That falls under 'Secure Network Architecture'. I'm also a big fan of the SANS Top 5 created by Rob Lee and Tim Conway. You'll see a lot of cross over. The nice thing is each can be adjusted for each unique environment. Since very ICS/OT site has its different needs. Here's my Top 5 to start with... #1 - Secure Network Architecture -> Start with creating the IT-OT DMZ with two layers of physical firewalls -> Only allow OT to send to IT, not the other way around (where possible) -> Look at additional segmentation based on ISA/IEC 62443 zones and conduits #2 - Inventory and Control of Hardware/Software/Firmware Assets How can we protect what we don't know we have on the network? Asset registers are a core component of most ICS/OT networks. While they might not always be 100% accurate, it is a great place to start. If yours isn't up-to-date, or if it doesn't exist, make sure to get started! #3 - Incident Response Planning "It isn't a question of if, but a question of when." We need to be prepared to respond in an incident. -> Are people safe? -> Who do we call for assistance? -> Do we need to report to the authorities? -> Are we able to restore that PLCs functionality? -> How much money do we lose each hour we're down? -> How long would it take to get the facility back up and running? The list of questions goes on and on. Are you able to answer these today? #4 - Backup & Recovery Building off of Incident Response Planning above... -> Where are our backups? -> Do we have backups stored off-site? -> Do we have backups of all of our assets? -> How long will it take to restore that asset? -> Have we performed test restores of our backups? -> Do we have documented instructions on how to restore? Another step that requires a complete Asset Register to be thorough. #5 - Continuous Vulnerability Management Vulnerability management works very differently in ICS/OT than IT. And requires an asset register (#2) to be complete. See a theme here? -> What vulnerabilities do we have? -> How does the vendor classify the associated risk? -> What is the ACTUAL risk of that vulnerability in OUR environment? P.S. Would you change the order? What would you add? P.S.S. I've included by Top Ten controls below.