As the air-gap becomes a thing of the past (many say it is already gone), how should industrial organizations, including utilities and other critical infrastructure facilities, maintain control and security of OT environments? While there are several fundamental cybersecurity controls that protect our networks, one program must be tackled before all others can be duly implemented – asset inventory. If it seems cybersecurity advice keeps harping on the need to perform an accurate, comprehensive, and current asset inventory, there is good reason – you cannot protect what you do not know. Tripwire confirms what WaterISAC recently published in its 15 Cybersecurity Fundamentals for Water and Wastewater Utilities, once an accurate asset inventory is complete, you can begin to understand and manage all data flows (communication patterns) in and out of your control networks. Furthermore, once assets and data flows are understood, it is now possible to minimize control system exposure through network segmentation and monitor for abnormal traffic flows that could indicate a compromise. If the shrinking air-gap is challenging you, start with inventorying and understanding your assets sooner, rather than later. Read the article at Tripwire
H2Oex: In Person 1 day event/exercise. Thurs Dec 5th. Washington DC. Join us!