Cybersecurity staples bear repeating

This article is one in the 2021 cybersecurity update multi-part series. 

View the rest of the series here.

The basic steps in a successful cybersecurity program are often well-known and should be increasingly obvious, but frequent reminders make certain that essential tasks are performed, and that as many gaps as possible are closed, particularly as existing threats and potential attacks evolve and new ones emerge.

• Investigate, audit, risk assess and relearn process applications, equipment, settings and facilities, and identify security vulnerabilities. 

• Secure management and staff buy-in for cybersecurity program, and recruit system integrators, suppliers, clients and other partners to develop risk scenarios, responses and a united cybersecurity front.    

• Comply with common cybersecurity recommendations, such as the ISA/IEC 62443 series of standards and the National Institute of Standards and Technology's Guide to Industrial Control Systems  Security.

• Replace default passwords, and replace existing passwords every two or three months with longer versions (12-16  characters) that are harder to solve. Don't allow shared passwords, demand a unique authentication for each user, and employ two-factor authentication. 

• Limit internal and offsite access to authorized users only based on the data, processes and network areas that staff, contractors and suppliers need to complete their tasks. Don't allow guest accounts, which often use default passwords, and limit login attempts.

• Isolate production devices, operating processes and functionally defined sub-networks with Ethernet gateways employed as firewalls from higher-level, IT-based and enterprise networks. Configure firewalls with access-control lists that define rules for who is allowed access and what information they can release.

• Implement read-only functions in components, so equipment and processes can only deliver outgoing information, and prevent any inward bound requests or orders. MQTT or AMQP publish-subscribe protocols or data diode devices can perform these tasks;

• Install, maintain and refresh patching procedures from software vendors and other organizations, even if some isolation time is required before implementing them;

• Instruct in-house personnel and external contractors, clients and other partners how to practice good cybersecurity hygiene and follow common cybersecurity procedures. Foster an overall cybersecurity culture by also developing relationships and a common language between OT and IT personnel. 

• Set up routine network traffic examinations using a cloud-level service or similar IT-style software, which can find, stop and mitigate cyber-probes and attacks.

• Routinely reevaluate and revise existing cybersecurity procedures to address new vulnerabilities and counter evolving cyber-threats.