 |
|
|
|
|
|
|
|
|
|
|
|
March 1, 2011
Top 10 Cyber Security Questions for Public Power Utilities
| For More Information |
Tim Blodgett
Hometown Connections
303-526-4515
tblodgett@hometownconnections.com
|
By Doug Westlund and Chan Park
With industry events moving at a frantic pace, the amount of information regarding cyber security threats, regulations, and best practices can be overwhelming. To help synthesize these challenges, N-Dimension Solutions has created a list of the 10 key questions that serve as a starting point for every public power utility of any size, in order to create an effective cyber security protection program. The answers to these questions will go a long way to determining how vulnerable you are, and what steps should be taken to protect your utility.
1. Do you have policies and procedures addressing cyber security for operational systems?
Policies and procedures are critical to safety—the same applies to cyber security. Good cyber security policies and procedures can help employees better understand roles and responsibilities and thereby protect the organization’s assets.
2. Do you perform annual cyber security assessments?
Cyber security assessments help organizations to understand their cyber security risks and vulnerabilities and better secure their systems. Annual assessments help ensure that changes to systems or new systems do not introduce new vulnerabilities, and that new security risks are identified.
3. Do your employees receive cyber security awareness and training?
Cyber security awareness and training can help employees understand not-so-obvious cyber security risks and potential consequences of their actions. People are always the weakest link of any defense, but education can help employees understand how to avoid unintentional actions that can compromise security.
4. Do you have operational systems (SCADA, AMI, OMS, etc.) that are directly connected to or reachable from the corporate network?
When operational systems are directly connected to or reachable from the corporate network, every corporate desktop becomes a potential stepping stone for malware or attackers to directly target critical operational systems. Strong separation of operational systems from the corporate network via defense-in-depth with a DMZ architecture (as outlined in NIST’s SP800-82) can protect operational systems even in the face of corporate network compromise, while securely providing the connectivity needed for essential business functions.
5. Do any third parties have access to your networks or operational systems? (e.g. vendors, service providers, power provider)
What protection do you have in place against intentional or unintentional threats from third party connections? Do you authenticate and log third party access so you can tell who was in your system when? What do you know about the cyber security posture of third parties who connect to your network?
6. Do you allow access to the Internet from operational networks?
Allowing direct Internet access from operational systems and networks exposes those systems to a wide variety of risks, and allows malware “phone home” to command and control servers. Web browsing, email, and other normal desktop activities should be blocked from operational systems. Patches and updates should be downloaded via patch servers in the DMZ that authenticate the source and scan for viruses.
7. Do you patch systems in your operational network regularly?
Regular and frequent patching is essential to protect against malware and targeted attacks which exploit known vulnerabilities. This includes not only operating system components and applications on servers, but also network device firmware, operational applications such as SCADA and AMI, and control system devices such as IED, RTU, PLC, relay, and meter firmware.
8. Do you monitor operational systems and networks for anomalous activity and potential attacks?
Cyber security monitoring for anomalous activity is essential to detect potential attacks against operational systems. With appropriate monitoring, attacks can often be detected during the early stages of reconnaissance and prevented before they succeed. Monitoring can also detect stealthy attacks that seek only to install a Trojan for remote activation at a later date. No monitoring system can detect 100% of all attacks, but without monitoring, you have no idea who or what is in your network and systems.
9. Do you use Wi-Fi? Is it properly secured? Do you scan for unauthorized wireless access points?
Wi-Fi is a valuable and increasingly essential productivity tool. Properly secured, it can be used safely to access your corporate network or provide guest access, but should not be used for direct access to operational systems. Because of its potential for use as a backdoor, all organizations should perform periodic scans for unauthorized Wi-Fi.
10. Does any of your operational traffic travel over utility-owned fiber or radio links, or third party networks (e.g. private WAN, MPLS, Frame, ISDN, etc.)?
Private fiber, licensed radio spectrum, and private leased WANs frequently have many interconnection points in physically insecure locations, such as curb-side pedestals, underground junction boxes, municipal facilities such as schools and libraries, etc. These interconnection points can provide easy access for an attacker. For leased networks, including good old copper twisted pair, administrators of the service provider must be considered insiders on your network. Encrypting communications over such networks is the only way to ensure that control commands and responses sent to and from remote equipment are legitimate.
About the Authors
Doug Westlund is Chief Executive Officer and Chan Park is Senior Security Architect of N-Dimension Solutions Inc., provider of cyber security solutions in affiliation with Hometown Connections. N-Dimension is currently assisting U.S. Department of Energy Smart Grid Investment Grant and Smart Grid Demonstration Grant winners with their cyber security assessments and planning, and providing the technical solutions for cyber security protection. The firm is working with standards groups and NIST's Cyber Security Coordination Task Group in developing the future cyber security standards for the Smart Grid.
See these links for more information
• N-Dimension Solutions
• Hometown Connections
|
|
|
|
|
|
|
|
|
|
|
|
|
