In late May, ICS-CERT published a security guide for organizations responsible for maintaining the nation’s critical infrastructure. The guide focuses on intrusion detection and mitigation strategies, but on Thursday it was updated to include additional information.
For the most part, the guide hasn’t changed. However, for organizations that used it to plan incident response, or outline any sort of security plan, the update should be given proper consideration. As before, the guide itself covers the “what” and “why” in decent detail, leaving the actual implementation of the recommendations up to the individual organization.
To recap, the original ICS-CERT guidance covered the preservation of forensic data and logging, as well as network segmenting and role-based access control. The key point being, the more information that can be made available to the incident response teams, the better. In the updated version, ICS-CERT has added a section on credential management, noting that it is an important consideration when defending against lateral movements made by an intruder. The section includes advice on proper permission management, network and system design and policy considerations, and the use of multi-factor authentication.
“The impacts of a cyber intrusion will likely be different for every organization depending on the nature of the compromise and the organization’s capabilities to respond. Each organization must assess its particular situation, identify the criticality of the impacted devices, and develop a prioritized course of action,” the guide explains.
“Unfortunately, a simple and prescriptive remedy that can be applied uniformly to every organization does not exist. However, basic principles and recommendations exist that are essential to maintaining a sound network security posture and that will provide the necessary capabilities to respond to an incident.”
The updated version is available here.
Related Reading: Addressing SCADA Endpoint Protection Concerns
Related Reading: A New Cyber Security Model for SCADA
Related Reading: Putting SCADA Protection on the Radar