Punch List for Cybersecurity

How to Improve Cybersecurity in Existing Process Applications?

By Jim Montague

To establish and improve cybersecurity in existing process applications and facilities, there's a series of basic tasks users must perform. Many are recommended by Symantec Security Response.

  • Switch on virus-protection software, and install patches and updates regularly.
  • Employ complicated passwords that include lower- and upper-case characters and numerals, and alter them every few months.
  • Implement firewalls, check them routinely, and determine who's accessing the network and what software they're using. In general, all incoming connections should be denied, and users should only allow services they're certain they want to offer externally.
  • Close down all unnecessary ports and components, and only allow devices and applications that users need to do their jobs.
  • Make sure that people and programs have only the lowest-level privileges needed to do their work.
  • Restrict software and computers used as much as possible. For example, an HMI should only run its required SCADA programs, and only interact with required components. Delete programs that PCs shouldn't be using. When prompted for a root or UAC password, ensure that the program asking for administration-level access is a legitimate application.
  • Turn off AutoPlay to stop automatic executable file launching, and disconnect the drives when not required. If write access isn't required, enable read-only mode, if available.
  • Disable file sharing when unneeded. If file sharing is required, use ACLs and password protection to limit access. Turn off unnamed access to shared folders. Grant access only to user accounts with strong passwords to folders that must be shared.
  • Disable and remove unnecessary services, such as non-critical auxiliary services, which can be attack vectors.
  • When an intrusion of attacks exploits a network service, disable or block access to it until a patch is applied.
  • Keep patch levels updated-to-date, particularly on any public-service-hosting PCs that are accessible through the firewall, such as HTTP, FTP, mail, and DNS services.

• Set up e-mail servers to block or remove messages with file attachments that are often used to spread threats, such as .vbs, .bat, .exe, .pif and .scr files.
• Quarantine compromised computers fast to stop threats from spreading. Conduct a forensic analysis, and restore the PCs with trusted media.
• Train and retrain staff to follow security policies, and not work around them.
• Disable Bluetooth if it's not required for mobile devices. If it's needed, make sure the device's visibility is set on "hidden," so it can't be scanned by other Bluetooth devices. If device pairing must be used, make sure they're all set to "unauthorized," and require authorization for each connection request.

Show Comments
Hide Comments

Join the discussion

We welcome your thoughtful comments.
All comments will display your user name.

Want to participate in the discussion?

Register for free

Log in for complete access.


No one has commented on this page yet.

RSS feed for comments on this page | RSS feed for all comments