Water & Wastewater Treatment Magazine
Issue link: https://fhpublishing.uberflip.com/i/877922
36 | october 2017 | WWt | www.wwtonline.co.uk attempt and understand the potential impact their actions could have on the organisation. there are many solutions available now that allow you to simulate phishing campaigns by sending out suspect emails, monitoring employee behaviour and provide engaging training to staff who require it. It only takes one person to compromise your entire network; providing regular training to keep security top of mind must be a priority. 3 Think like an attacker one of the biggest problems facing the security of ICS networks is that we are all too busy with our daily duties to stay on top of the constantly changing profile of our networks. Change o en happens with little regard for security. by taking a step back and looking at the network from the eyes of an attacker you can sometimes spot very obvious flaws in your security. An exercise as simple as standing outside a site and using a free app on your phone could show wireless devices in range that could be targeted by attackers. ICS hardware, which wasn't designed with network security in mind, connected to a network. In some cases, even the slightest level of network discovery probing by an IDS device could take critical plant offline. Knowledge of the ICS environment is critical for a successful deployment. Done right, an IDS can give an excellent tool for managing the entire network. Suspicious activity may not necessarily be a sign of an attack; in some cases it can actually be a good indicator of plant failure. Detecting a threat early helps minimise the disruption caused. 5 Be aware threats are constantly changing. Not only do we need to keep abreast of current threats facing the ICS sector, but also the IT sector, as most of the same problems still apply. to keep up to date in the UK there are many great platforms freely available. CISP (Cyber Security Information Sharing Partnership), run by the NCSC (National Cyber Security Centre) is an example of one such platform. CISP is like a social network for security: it is not exclusive to carrying out deceptions on staff to get hold of information (social engineering) is also a commonly exploited route used in an attack, and is relatively easy to test. You can have professional ICS penetration tests conducted to build a better picture of how your site could be exploited by an attacker. With their experience, they will have expert knowledge on the tools commonly used by attackers, which actors pose the greatest threat and guide you on where to focus your security efforts. Not only will penetration testing allow you to harden your site against an attack, it will also allow you to assess the possible outcomes of an attack taking place. this allows planning on how to get the plant up and running quickly in the event of an incident. 4 Deploy an Intrusion Detection System there are many products on the market now that monitor your network for suspicious activity. An ICS network will have different types of traffic and activity that you won't find on a normal IT network. It's commonplace to find critical The Knowledge: cyber security security professionals and all UK businesses can avail of the service. If there is a cyber security threat affecting the UK, you will find it mentioned in CISP. The platform provides easy access to security experts from various business sectors and should be closely monitored. other sources worth keeping an eye on are cVe databases (common Vulnerabilities and Exposures). these sites are setup to inform you about what known vulnerabilities exist and should be used as reference point when selecting new kit. As a word of caution, it's worth remembering that just because a particular product has no known vulnerabilities, doesn't mean that it's safer than other products or immune to attack. More commonly used products tend to have more vulnerabilities listed as there is a bigger draw for an attacker to target them. It may be that a product you are considering isn't widely used and may never be scrutinised to the same level as the bigger names. To find out more visit: www. tesgroup.com/cybersafe Summary Cyber security is the protection of IT and industrial control systems from attack by hostile individuals or groups. Cyber attackers can be motivated by the , or disruption of service with the aim of extortion, but they can also be linked to terrorism, industrial espionage or hostile state action. Critical National Infrastructure (CNI), such as the water industry, is becoming a more attrac- tive prospect for hackers to attack. It is therefore crucial that organisations put measures in place, such as those outlined in this article, to combat this threat.