By Robin Berthier, CEO & Co-Founder at Network Perception
February 9, 2022
We hosted a (CS)²AI Online™ symposium on January 19, 2022 that focused on Cyber Security for Energy: Part 2 - Electric Sector.
Here is a bit about the event:
Part 2 of the Symposium on Control System Cyber Security for Energy will provide tangible recommendations and best practices for electric utilities to address current and upcoming compliance and cybersecurity challenges. First, attendees will gain a detailed understanding of the latest government regulations that have been pushed by recent changes in the threat landscape. Second, industry practitioners will share their experience on technology solutions and process improvements to mitigate risk faster and build a strong culture of cyber resiliency. The symposium will provide ample opportunities throughout the event to interact, ask questions, and leverage the shared expertise of the (CS)²AI community.
Speakers:
• Melissa Hathaway (President, Hathaway Global Strategies) - Keynote
• Marc Rogers (VP of Cybersecurity at Okta): Hands-on experience on exploit
• Ben Sooter (Principal Project Manager EPRI: Responding to High Impact Cyber Security events in Operations
• Branko Terzic (Former FERC Commissioner): Challenges for electric utilities
• Philip Huff (Univ. of Arkansas): Vulnerability Management for electric utilities
• Todd Chwialkowski (EDF-RE): Implementing Electronic Security Controls
• Saman Zonouz, Threats to Programmable Logic Controllers (PLCs)
• Robin Berthier (Network Perception): NERC CIP Firewall Change Review Workflow
As always, we encourage our audience to participate throughout the event by contributing feedback and questions for our speakers. We weren't able to answer all of your questions, so we have asked some of our speakers to answer a few of them. Below, are some answers to a few questions posed during the event.
Do you want to have access to more content like this? Register for our next (CS)²AI Online™ seminar or symposium here, or consider becoming a member of (CS)²AI to access our entire library of recorded sessions.
******************************
QUESTION:
Haven't we learned our lesson about companies claiming they're 100% hack-proof?
ANSWER:
Exactly, it is now well-established that 100% security is unrealistic. This is why organizations have to invest in cyber resiliency: designing systems, processes, and training to be able to keep operating despite being under attack.
QUESTION:
How are firewalls and DMZ’s validated for built-in backdoors?
ANSWER:
Through a combination of configuration verification and network traffic monitoring. Independent verification of firewall and router configuration files enables security team to validate that no backdoor access has been inserted. Network traffic monitoring enables security team to ensure that no process is subverting the access control implemented.
QUESTION:
Is this NP approach IT first, then proceeding to OT? not many firewalls in OT that need to be constantly tweaked or tuned.
ANSWER:
This depends on organizations. Some have many firewalls in their OT environments. Even if network changes are less frequent in OT compared to IT, we recommend starting with OT verification since that's where the most critical cyber assets are located, and then expanded into IT.
QUESTION:
What are the most electric companies getting incorrect witht their configurations?
ANSWER:
1. Lack of egress access control
2. Lack of documentation
3. Overly permissive rules
4. Insecure services
5. Access list complexity
QUESTION:
Would all the pieces of the firewall analysis and monitoring done from inside the ESP, cloud, corporate side?
ANSWER:
We recommend to deploy the firewall analysis platform in the DMZ next to the ESP with unidirectional data retrieval.
QUESTION:
What is the major differences between traditional firewall system and your suggested firewall system that we can consider?
ANSWER:
Traditional systems rely on a single firewall management solution. We recommend to separate monitoring from management. Monitoring should be done independently from the management platform so it can be done read-only and reduce the risk of human error.
QUESTION:
What is best security way during OT connectivity with IT ? data diode or firewall
ANSWER:
Misconfigured data-diodes can be less secure than correctly configured firewalls, so the key to best security isn't one or the other, but the correctness and continuous verification of the device configurations.