Friday, December 27, 2019

A Report On The Cyber Security Triad - 1133 Words

Look at your nightly news: nearly every week another major business and sector are targeted- and breached- by cyber attackers that are intent on economic theft and/or operational disruption. Just a few years ago, industrial control system (ICS) operators could never have imagined the malicious attacks cyber adversaries are executing DAILY. The New Reality is clear: technical sophistication of attacks can only be offset by a sound defense-in-depth approach. ICS systems thrive on availability more than confidentiality and integrity (the â€Å"Cyber Security Triad†) which enables the accurate and efficient control of power system assets. Attacks can be directed at either specific electrical systems or common systems owned by multiple asset†¦show more content†¦By concentrating on our infrastructure and the associated vulnerabilities, then we can mitigate threats using Best Practices to correct exploitable vulnerabilities. However, a new breed of threat has emerged: the Advanced Persistent Threat (APT). While future versions of CIP Standards are beginning to address APTs, many entities are not waiting for their defense to be â€Å"mandated† by law. Many entities are preparing by improving their ability to detect threat patterns and designing improved threat response and mitigation. The investment in prevention, detection and correction of cyber threats has emerged as a major governance goal of most power generation and transmission entities. A Defense-in-Depth approach is a multi-layered strategy and tactical assault on the threat vectors facing both the Information Technology (IT) side of the business and the Operational Technology (OT) side. This approach must be coordinated and aligned to achieve significant vulnerability reduction. To begin with, facilities must implement an achievable process that will enlist the support of every team member from the CEO to the operators. This starts with a Cyber Security Plan. Step One- Asset Management: Identification of Data, Devices and Systems It is crucial to understand your cyber environment: hardware, software, operating systems, storage, etc. Attackers frequently take advantage of system hardware that has been

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.