We live in a world of insecurity where malicious actors have for too long enjoyed an advantage over defenders charged with protecting their organization’s networks from cyberattacks. Nowhere is that more evident than with critical infrastructure providers who are facing a constant barrage of attacks from motivated cybercriminals and well-funded state-sponsored actors.
Today, many of the networks controlling critical infrastructure are outdated and insatiable, adversaries continue to test the resiliency of those systems. It is likely that it is only a matter of time before a serious attack succeeds in putting a nation in the dark, undermining our water supply or has a detrimental effect on other critical infrastructure systems.
A New Action Plan for the U.S. Power Grid
In light of the threats discussed above, the Biden Administration’s new digital security action plan for electric organizations couldn’t come sooner. Bloomberg reported that the plan will provide incentives for electric utilities to install new monitoring equipment for detecting digital attacks and to share information about potential vulnerabilities more widely with the U.S. government and their peers.
The initial White House plan is not mandatory, but it does provide significant incentives that the Biden Administration hopes will get power companies to participate, and those incentives include allocating government funds to support smaller utilities by covering some of the costs of new security equipment and software procurement.
Additionally, the action plan will expand the role of a Department of Energy program called Cyber Testing for Resilient Industrial Control Systems (CyTRICS) which scans the North American power grid for vulnerabilities that attackers could use to wreak havoc.
The plan, which will reportedly begin with a 100-day sprint, marks the first step in a larger effort to strengthen digital safeguards not only at electric organizations, but also at municipal water utilities, natural gas pipeline operations and more.
Two individuals familiar with the plan told Bloomberg that the Biden Administration chose to work with power companies first because they have a history of collaborating with the federal government on threats to their digital security. One of Bloomberg’s sources said that a final version of the plan could be released before the end of April, 2021.
What This Means for Critical Infrastructure Organizations
The news of a reported 100-day rapid response plan from the Biden administration to shore up critical infrastructure defenses is welcome news. Even so, it will only be successful if companies take advantage of the proposed incentives to upgrade their systems and install modern cyber defense technologies that will more readily detect and stop threats. Unfortunately, replacing outdated software and upgrading systems will likely take years to complete.
In both the short and long term, it is important for critical infrastructure operators to utilize the following best practices to help minimize risks to their networks:
• Establish cyber incident response tools and procedures across both IT and OT networks with the goal to minimize mean time to respond. Minimizing damage and preventing an ICS network from being taken offline is essentially the cat-and-mouse game being played by attackers and defenders. To keep attacker groups at bay, organizations need to minimize the time it takes to detect and respond to a threat. This can be achieved by deploying threat hunting services around the clock.
• Establish a unified Security Operations Center and workflows across both IT and OT environments. Operating a unified security operations center (SOC) provides visibility into the IT and OT environments because attackers are looking to use IT environments as gateways into OT environments. Some companies may already have a network operations center monitoring the OT environment, but a combined SOC lets operators see all operations as they move through the network.
• Plan and operate with resiliency in mind. Resilience in security can no longer be an afterthought. As new critical infrastructure systems are built and installed, legacy networks will be retired and taken offline. It is very important for next-generation systems to be built with resiliency and security in mind. The design and ongoing operation of the system must take into consideration what security threats will become commonplace in the months and years ahead.
• Partner with experts. Be sure to partner with experts with vast knowledge of industrial control system (ICS) threats. The public and private sector need to work together closely to protect this industry. Partner with a security company that can stay ahead of new threats and help operators address issues in real time.
• Test, test, and test again. It is critical that regular testing be a focal point in this sector. Tabletop exercises that enable a red and blue team to role play different catastrophic scenarios along with their responses is critical when having to actually have to deal with a threat in real time. Never underestimate the value of tabletop exercises in shoring up weakened defenses and helping executives to understand the importance of security.
Additionally, these organizations need to make sure they have capabilities that allow them to gain visibility over Indicators of Behavior (IOBs) so that they can visualize the attack chain. At the core of the Cybereason technology is a highly advanced data analytics platform called the Cross Machine Correlation Engine, which analyzes a massive amount of data and quickly distills all the actionable intelligence about complex, multi-faceted attacks into a single comprehensive view.
This advanced and automatic analysis increases analyst speed and accuracy by reducing the noise of alerts with a focused deconstruction of the overall operation. Cybereason is dedicated to teaming with defenders to end cyberattacks from endpoints to the enterprise to everywhere.
Talk to a Cybereason Defender to learn more about our innovative solutions, or schedule a demo today to learn how your organization can benefit from an operation-centric approach to security.
