Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Wednesday, 1 February, 2023
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Protecting Critical Infrastructure from Threats

by The Gurus
June 5, 2015
in This Week's Gurus
Share on FacebookShare on Twitter

 Protecting Critical Infrastructure from Threats
Tony Berning, Senior Product Manager, OPSWAT
 According to Aegis London, “in the first half of the 2013 fiscal year, the US Department of Homeland Security’s Industrial Control Systems–Computer Emergency Readiness Team responded to more than 200 incidents, 53% of which were in the energy and utility sector”. Efforts to improve security of critical infrastructure systems have accelerated since the 2013 issuance of US Executive Order 13636, “Improving Critical Infrastructure Cybersecurity”.
As attacks become more sophisticated it is increasingly difficult to prevent threats from impacting the operation of critical infrastructure. With most critical infrastructure systems isolated from external networks portable media is a primary vector for cyber-attacks, making it important that extra attention is placed on securing devices that are brought in and out of secure facilities.
While imperative to the protection of critical infrastructure, securing portable media devices is not easily achieved, with most individual facilities requiring unique security policies.
When making decisions about security policies, the costs of implementing a stricter policy should be weighed against the potential results from the failure of a weaker policy. Increases in digital security rarely come without corresponding increases in operating costs, including physical infrastructure. Following deployment there will be ongoing costs, including managing the solution and keeping it up-to-date. Employees must also be trained on the new security policy and procedures.
That said, expenditures must be weighed against the costs of a potential security breach. Facilities may be forced to suspend operations, the monetary impact of which is difficult to calculate. There are also remediation costs and the cost of removing any malware, coupled with a significant loss of productivity.
Impact to an operator’s reputation and criminal liability are other costs that may result, with loss of classified or sensitive information also a possibility, the financial impact of is hard to quantify. Finally, as operators of critical infrastructure provide services to the public, disruptions will have significant negative impacts on many outside individuals too.
Defining a portable media strategy is key to secure data workflow policies. When developing a secure data workflow policy, organisations should define the acceptable types of portable media and how they can be used. In secure facilities, standard policy is to restrict the types of media to only those necessary. Administrators may also choose to limit and filter the file types that are allowed based on their properties.
A secure data workflow policy within a critical infrastructure facility should attempt the highest level of precaution achievable. The best security policies have multiple layers of protection, to guard against both known and unknown threats, minimising the risk of any one threat bypassing all security layers. A secure data workflow should leverage threat protection methods including:
User authentication and source verification: Prevent unauthorised users or sources from bringing in data
File type analysis and filtering: Prevent risky file types from entering the facility
Multiple anti-malware engine scanning: Detect threats that are known by the many commercial anti-malware engines as well as zero-day attacks.
Document sanitization: Further protect against unknown threats through sanitization methods rid documents and images of potential threats.
The most efficient way to protect against threats is a difficult one to establish with many aspects impacting how a secure data workflow is defined and implemented. Each should be weighted to define a secure data workflow policy, allowing an organization to operate in the most secure and productive way possible.
A critical infrastructure facility should err on the side of caution and develop secure data policies that are as restrictive as possible, while flexible enough to evolve with an organization’s shifting needs. The best policy will be one that takes a facility’s specific business and technology needs into account and is designed accordingly.

FacebookTweetLinkedIn
ShareTweetShare
Previous Post

This year’s Infosec – what did you take away?

Next Post

IT Security Guru News – US Government breached! (05-06-15)

Recent News

JD Sports admits data breach

JD Sports admits data breach

January 31, 2023
Acronis seals cyber protection partnership with Fulham FC

Acronis seals cyber protection partnership with Fulham FC

January 30, 2023
Data Privacy Day: Securing your data with a password manager

Data Privacy Day: Securing your data with a password manager

January 27, 2023
#MIWIC2022: Carole Embling, Metro Bank

#MIWIC2022: Carole Embling, Metro Bank

January 26, 2023

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information