Critical infrastructure describes the vital physical and cyber systems and assets for which incapacity or destruction would have a debilitating impact on physical or economic security or public health or safety.
As stated by CISA: “There are 16 critical infrastructure sectors whose assets, systems, and networks, whether physical or virtual, are considered so vital to the United States that their incapacitation or destruction would have a debilitating effect on security, national economic security, national public health or safety, or any combination thereof.”
The threat to critical infrastructure
Critical infrastructure can be affected by natural disasters, pandemic, sabotage or cyber attack. These events can cause conditions that require a temporary shift to a remote workforce. A remote workforce changes the way business and operations are conducted and can pose challenges that can threaten an entity’s business continuity.
The most impacting challenge arising from a shift to remote workers is maintaining the safety, reliability and integrity of operations. To achieve this, an entity must maintain and possibly augment their cybersecurity and physical security controls. Natural disasters and pandemics can force a reduction in the specialized workforce performing operations, maintenance or monitoring functions.
A shift to a remote workforce also leaves facilities and assets unattended and open to physical intrusion, moves workers and assets outside of the security envelope and elevates risk. When a large population of the workforce moves to a remote model for an extended period of time, security risks can stack up and new risks can surface.
- An unattended laptop logged into critical assets in a home office can cause an unscheduled outage if a cat were to jump on the keyboard or a small child were to gain access to it.
- Hackers exploit disasters and crisis situations with increased phishing campaigns.
- Timely patching of assets is at risk due to most workers being remote.
- Unpatched remote workstations connected to insecure networks increase the risk of compromise.
- VPN vulnerabilities raise the risk of exploitation and intrusion.
- Depending on the entity’s configuration, endpoint protection and threat detection could be ineffective.
How can you reduce risks?
The following is a series of actions that should be taken in consideration to reduce risks, increase security posture and maintain operational integrity when shifting to a remote worker environment. This list serves as a starting point and is not meant to be all inclusive.
Existing policies, specifically acceptable use and remote work policies should be revised to address the new challenges presented by a dramatic increase in remote employees. Policies should address acceptable browsing behaviors, data protection and clear remote connectivity requirements and procedures.
Security awareness program
Leverage a cybersecurity awareness program to inform employees of changes to the corporate policies, in addition to reinforcing safe and secure remote worker behaviors and data confidentiality requirements. Provide remote worker aids that can be used as quick reference guides.
Endpoint security controls
Enhance security controls on endpoints to help offset the loss of network security controls resulting from moving assets to the outside of the security perimeter. Ensure that endpoints are receiving virus signature updates and critical patches, and that other endpoint security controls such as whitelisting, firewall, intrusion detection and web filtering are enabled and optimized to minimize threat vectors.
If confidentiality of data is a concern, ensure that removable storage and local printing are disabled, disk encryption is enabled and that the data is protected in transit. Perform a device posture check prior to allowing assets to connect to the network. This will help ensure that a minimum security baseline is present, thus reducing the risk of intrusion or compromise.
Shorten inactivity timeouts to decrease the amount of time a connection stays idle and/or screensaver timeouts to reduce the risk of unauthorized access through an unattended workstation.
Ensure that detective controls such as intrusion detection are optimized and positioned to have visibility and inspect traffic at every ingress point. Tune and automate detective controls to accommodate the new conditions and to minimize alert fatigue.
Implement and optimize access controls to critical process/infrastructure networks. Establish a process to ensure that no remote worker, contractor or vendor can connect directly to critical assets.
Implement secure remote access controls, such as multi-factor authentication, to ensure that only authorized users can gain access to assets. Intermediary hosts or jump boxes can help to standardize requirements for access to critical assets, enforce security controls and compensate for unpatched remote assets.
Monitor all critical processes and/or control networks to increase awareness of conditions, especially if operating with limited personnel or if any assets (facilities, systems, etc.) are unattended.
Industrial Control System specific tools can help not only in detecting unauthorized connectivity, communications, anomalies, threats and vulnerabilities, but also operational insights that can be instrumental in monitoring processes and determining the root cause of emerging conditions.
Implement a predictive maintenance system and program to compensate for the reduced workforce and better allocate resources. A predictive maintenance program shifts maintenance schedules from a periodic, preventative model to a condition-based model. This will help in the prioritization of resources and reduce the personnel requirements should personnel be limited.
Whether it is a natural disaster, pandemic, public unrest or business as usual, business continuity of critical infrastructure is vital. The implementation of the controls described in this article will help to reduce the risks and threat vectors that threaten critical assets while ensuring their continued safe and reliable operation.
WWT can help you analyze existing controls, determine gaps, prioritize and implement the strategy, controls and technologies necessary to ensure your critical assets are protected in any situation.
Find out more about how WWT Security Services can assist you in securing critical assets.