Oil & Gas IQ Infographic interpretation continued - Fox-IT

advertisement
Oil & Gas IQ Infographic interpretation continued
1 If you have segregated your network, what was the main reason for doing this?
Fox Interpretation: Proper and well implemented network segregation is the foundation of a
resilient infrastructure. In reality, Fox-IT often encounters infrastructures designed with poor or
non-existent segregation strategies that are usually a contributing factor to the severity of an
incident, once it occurs. Segregation activities are complex, long term and fairly costly projects,
which is why they often fail to end up high on the priority list. Still, companies that acknowledge
the importance and are willing to invest in proper segregation strategies will, in the long run,
enjoy the benefits of an infrastructure that is cleaner, easier to maintain, and better to defend.
2 From within your IT network, what kind of data, if any, do you need to push to your OT
network?
Fox Interpretation: A dilemma that needs to be addressed: from our experience we know that a
majority of the traffic between an IT/OT environment consists of the OT sending historian data
to the IT department. Allowing them to do invoicing, analysis etc.
At the same time we acknowledge the need for IT to send data over to the OT environment.
65% or the survey respondents indicate sending software updates to OT. In order to ensure that
this process can continue in a more secure environment, Our advice is that together we need to
carefully ascertain (per situation) where the right place within the network would be to
implement a one-way network solution such as a Data Diode, as there are unique requirements
and specifications imaginable for each OT/IT setup. Fox-IT has products that can be used in
different scenarios and if needed we can provide a very secure 2 way solution using protocol
breaking combined with filtering and sanitizing.
3 If you gave one or more reasons in the previous question: what controls do you have in
place to prevent malicious commands or data being sent to OT from your IT network?
Fox Interpretation: A dedicated selection of workstation allocation is not a very secure way of
isolation if not combined with network isolation, as otherwise this security policy is easily
compromised. However having only a select amount of personnel being able to access OT
infrastructure is actually a must have! Even when using the one-way solution.
A one-way solution can only be effective if this security measure is combined with other
measures such as restricted access, physical security zones etc.
4 How visible is what is going on your network to your organization?
Fox Interpretation: Insight into what actually happens on your infrastructure depends on proper
use of tools, procedures and expertise. Tools are important, but practically useless without
skilled people to man them. In addition, each incident will provide your organization with
valuable lessons that you could use to improve prevention as well as detection strategies.
Procedures to capture these lessons and learn from them will help your organization mature.
5 If you are watching your network, what do you watch? (tick all that apply)
Fox Interpretation: The response indicates that the majority does indeed monitor their network.
What remains to be seen is if they are able to interpret and take action if and when an anomaly
or intrusion occurs. It can be reassuring to know that up-to date knowledge and capacity of on
the spot action can be activated immediately with the proven ProtACT Managed Security
Monitoring solution.
6 How is the current balance between the employees you need to perform (Cyber)
security tasks and your actual need?
Fox Interpretation: The survey indicates that the majority is short on (experienced) staff. We can
all relate to the enormous performance pressure that IT-departments are under to optimize
productivity at minimum increase in headcount. At the same time – experience tells us – that
there is also a growing lack of (up-to-date) IT-Security (threat) knowledge in the field. This is
where Fox-IT Academy can play an important role. Fox-IT has > 5 years’ experience in delivering
a wide variety of turn-key IT-Security training programs for IT-(security) employees, ranging
from novice to expert experience levels. Fox-IT Academy offers classroom style training and
customized-training on location anywhere in the world.
7 Does your organization have a CERT (Computer Emergency Response Team) team or
CERT provider?
Fox Interpretation: Every organization needs a response capability, regardless of whether this is
formally classified as a CERT. This becomes more important as your detection capability matures
and produces more potential incidents to investigate. The size of an incident response capability
will depend on the size and type of your organization. For smaller organizations, a (virtual) team
of 4 to 6 people may suffice, while larger organizations will require more resources to handle
(and at a minimum: triage) all potential incidents. In addition, every organization is almost
certain to face situations of emergency at some point that require instantaneous additional
response resources. For these situations, an external CERT provider is a necessity.
8 If you have a CERT team/provider, is your CERT team/provider able to handle (tick all
that apply):
Fox Interpretation: In our view, a CERT provider should not be viewed as a technical resource
alone, but should be viewed as a partner providing ad hoc, instantaneous response resources,
including technical expertise as well as crisis management, communication and risk
management skills and most of all: experience. Cyber-emergencies or crises are exceptional
situations that most organizations (luckily) don’t experience often: which is why you’ll need to
bring in the experience immediately when you need it. Ddos attacks are very visible, require
2
extensive cooperation with multiple stakeholders but usually needs focus primarily on technical
resources and external communication. Real compromises by serious actors (such as criminal
gangs or state actors) usually require more prolonged effort, occasionally over the course of
multiple months, involving many additional stakeholders. These attacks are usually, in addition
to potential technical sophistication, complex situations to deal with. Your CERT provider’s
experience in handling these sensitive projects will make the difference.
9 Is your organization using a Managed Security Service Provider (MSSP) to monitor your
network? Fox Interpretation: The Majority have indicated that monitoring the network falls
under their own IT departments’ responsibility. It would be an interesting exercise to find out
how much time and effort is spent monitoring the IT/OT networks by the security team.
Experience tells us that it is more time and cost effective to involve cyber and security threat
experts.
10 Are you confident that your employees and or MSSP (if applicable) are up-to-date on
the latest Cyber threats and methods?
Fox Interpretation: It is clear that realization is growing that cyber treats and terrorism are
increasing in numbers and intelligence, and that arming against such forces requires constant
vigilance. Increase the knowledge and security of your organization and make sure to tap into
the expert resources at your disposal. They will take responsibility and keep you up to date,
warn and react 24x7. We are a member of your team.
3
Download
Related flashcards

System administration

65 cards

Management

61 cards

Corporate governance

32 cards

Create Flashcards