Loading ...
Loading ...
Loading ...
Cybersecurity considerations for electrical distribution systems
Securing the Network Management Module – 162
general IT components, while the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) publishes advisories
specific to control systems.
A regular patch deployment schedule should be established for each component in the environment. Depending on the component,
this could range from a monthly schedule to an as-needed deployment, depending on the historical frequency of patch or
vulnerability related issues for the component or the vendor. Additionally, out-of-band or emergency patch management needs to
be
considered and qualifications need to be defined.
Vulnerability information and advisories should be reviewed regularly and assessments should be performed to determine the
relative severity and urgency of issues.
Elements of the process should also include the preparation, scheduling, and change controls; testing and rollback procedures;
and pre-deployment notification to stakeholders that includes scope, expectations, and reporting. Testing is a significant element,
as
the effect of the patch application needs to be clearly understood; unintended or unexpected impacts to a control system
component influence the decision to deploy a patch. In the event that it isdetermined that a patch cannot be safely deployed but
the severity of the issue represents a significant concern, compensating controls should be investigated.
5.1.8 Conclusion
To protect important assets, all organizations must take cybersecurity threats seriously and meet them proactively with a system-
wide defensive approach specific to organizational needs.
There is no protection method that is completely secure. A defense mechanism that is effective today may not be effective
tomorrow– the ways and means of cyber-attacks constantly change. It is critical ICS administrators remain aware of changes in
cybersecurity and continue to work to prevent any potential vulnerabilities in the systems they manage.
5.1.9 Terms and definitions
DMZA demilitarized zone is a logical or physical sub network that interfaces an organization’s external
services to a larger, untrusted network and providing an additional layer of security.
EncryptionThe process of transforming plain or clear text using analgorithm to make it unreadable to anyone
except those possessing special knowledge.
ICSA device or set of device that manage, command, direct, or regulate the behavior of other devices
or systems.
ProtocolA set of standard rules for data representation, signaling, authentication, and error detection
required to send information over a communications channel
5.1.10 Acronyms
COTSCommercially Off-the-Shelf
DMZDemilitarized Zone
DOSDenial of Service
FTPFile Transfer Protocol
HMIHuman Machine Interface
ICSIndustrial Control Systems
ICS-CERTIndustrial Control Systems - Cyber Emergency Response Team
IDPSIntrusion Detection and Prevention Systems
IDSIntrusion Detection Systems
Loading ...
Loading ...
Loading ...