Attacks on critical infrastructure assets are on the rise. And now, national publics are concerned. A staggering 81% of U.S. residents are worried about how secure critical infrastructure may be, according to a recent MITRE and The Harris Poll.
What can be done? Read on to learn the strategies to protect critical infrastructure.
Protecting critical infrastructure assets as threat levels rise
Well, that same polling puts the burden on governments for critical infrastructure protection. Indeed, 78% believe the federal government bears full or partial responsibility. Meanwhile, 49% percent say it’s the responsibility of both public and private entities.
Fortunately, public agencies have intervened. In the U.K., the National Cyber Security Centre, for one, has issued guidance stipulating specific actions critical national infrastructure organizations should take when the cyber threat is heightened, as it is.
Actions to take when the cyber threat is heightened
Among rudimentary cyber controls, the National Cyber Security Centre recommends the following:
Incident plan
- Check your incident response plan is up to date.
- Confirm that escalation routes and contact details are all up to date.
- Ensure that the incident response plan contains clarity on who has the authority to make key decisions, especially out of normal office hours.
- Ensure your incident response plan and the communication mechanisms it uses will be available, even if your business systems are not.
Third-party access
- If third-party organizations have access to your IT networks or estate, make sure you have a comprehensive understanding of what level of privilege is extended into your systems, and to whom.
- Remove any access that is no longer required.
- Ensure you understand the security practices of your third parties.
Brief the wider organization
- Ensure that other teams understand the situation and the heightened threat. Getting buy-in from the rest of the business is crucial in being able to complete the actions described here.
- Ensure colleagues in other areas understand the possible impact on their teams’ workloads and tasking. Make sure everyone knows how to report suspected security events and why reporting during a period of heightened threat is so important.
Advanced strategies to protect critical infrastructure
Covering the fundamentals is a good first step. However, further action is likely to be needed in times of heightened risk, such as these.
More specifically, advanced actions should be taken in accordance with an organization’s resources.
What are some potential steps to take? Per guidance, critical infrastructure entities should consider the following:
- If your organization has plans in place to make cyber security improvements over time, you should review whether to accelerate the implementation of key mitigating measures.
- Take balanced and informed risk-based decisions. When the threat is heightened, organizations should revisit key risk-based decisions and validate whether the organization is willing to continue to tolerate those risks or whether it is better to invest in remediation or accept a capability reduction.
- Some system functions, such as rich data exchange from untrusted networks, may inherently bring a greater level of cyber risk. Large organizations should assess whether it is appropriate to accept a temporary reduction in functionality to reduce the threat exposure.
- When the threat is heightened, your organization may wish to take a more aggressive approach to patching security vulnerabilities, accepting that this may have a service impact itself.
- Consider delaying any significant system changes that are not security related.
- If you have an operational security team or Security Operations Centre (SOC), it may be helpful to consider arrangements for extended operational hours or to put in place contingency plans to scale up operations quickly if a cyber incident occurs.
- If you have systems in place that can take automated action or notifications based on threat intelligence, you might also consider procuring threat feeds that may give you information relevant to the period of heightened threat.
Finally, heightened threat levels mean national critical infrastructure organizations need to up their commitment to cyber resilience. Not sure how? Download our Introductory Guide to Cyber Resilience.