Air Gapping Critical Process Control Networks

Uploaded on 2016-07-13 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-IT & Telecoms, BUSINESS-Production-Energy

While many manufacturers are scrambling to add data access and control from anywhere in the world, the cybersecurity approach at Chevron might surprise you. The company opts to air gap critical systems to disconnect them from the Internet as much as possible (though no system is 100 percent isolated).

Byron K. Wallace, Chevron’s cybersecurity process control network vulnerability assessor acknowledged that this style might not suit every company. “We go to a bit of an extreme,” he said. “It’s not a one-for-all model… The core functions are the same, but the application is different industry to industry.”

Regardless of your connectivity strategy, Wallace shared advice on cyber-securing for industrial companies:

Learn from others’ mistakes by researching what happened to companies that have been hacked. A lot of this information is kept private, but network vulnerability assessment companies can provide that information if you work with them.

Train all of your employees on security policies and breaches so it’s not just system administrators watching, but everyone.

Change passwords frequently. It might seem obvious, but Wallace said many entities still have default passwords on their devices, including one major metropolitan city’s IP cameras.

Get involved by asking your vendors about their security policies and what the updates will do to your equipment. “You may trust [your supplier], but you have to protect your own assets,” he said. If your vendor can access your process control system, ensure you add layers of security.

Beyond collecting intrusion detection and protection system (IDS/IPS) data logs, analyze them for patterns or anomalies.

Perform “fire drills.” Once you have policies in place, simulate breaches to test staff readiness. For example, send a phishing email to see who in your company clicks. Include executive management in the test—they could be the worst offenders.

The process of securing assets might sound daunting, but Wallace said companies can start by identifying the most critical systems. “Start small, putting safeguards around those systems, and then keep moving forward,” he said. 

AutomationWorld

« Your Server Has Been Hacked… What Next?
Infrastructure Security in the Age of Ransomware »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

FT Cyber Resilience Summit: Europe

FT Cyber Resilience Summit: Europe

27 November 2024 | In-Person & Digital | 22 Bishopsgate, London. Business leaders, Innovators & Experts address evolving cybersecurity risks.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Telos

Telos

Telos offers cybersecurity solutions and services that empower and protect the world’s most security-conscious enterprises.

Identillect Technologies

Identillect Technologies

Identillect Technologies provide a user-friendly secure email solution to protect critical information, with an emphasis on simplicity.

Woz U

Woz U

Woz U provides best-in-class technology training for Learners, Higher-Ed and Corporations. We focus on the most in-demand occupations such as Software Development, Data Science and Cyber Security.

NITA Uganda (NITA-U)

NITA Uganda (NITA-U)

NITA-U has put in place the Information security framework to provide Uganda with the necessary process, policies, standards and guideline to help in Information Assurance.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Trail of Bits

Trail of Bits

Trail of Bits combine high-end security research with a real-world attacker mentality to reduce risk and fortify code.

HighPoint

HighPoint

HighPoint is a leading technology infrastructure solutions provider offering consultancy, solutions and managed services for network infrastructure and cybersecurity.

BreachQuest

BreachQuest

BreachQuest brings together cybersecurity experts with decades of experience identifying security flaws, penetrating networks, and responding to incidents.

Silicon Labs

Silicon Labs

Silicon Labs are a leader in secure, intelligent wireless technology for a more connected world. We provide award-winning hardware and software security to help safeguard connected devices.

National Institute for Research & Development in Informatics (ICI Bucharest)

National Institute for Research & Development in Informatics (ICI Bucharest)

ICI Bucharest is the most important institute in the field of research, development and innovation in information and communication technology (ICT) in Romania.

MDSec

MDSec

MDSec is a consultancy with a passion for information security. Our consultants specialise in application, mobile and hardware security and targeted red team attacks.

VC3

VC3

VC3 provides a full range of Information Technology Solutions and Services to hundreds of municipalities and organizations throughout the USA.

Abacus Group

Abacus Group

Abacus Group is a global IT services firm for alternative investment firms, providing an enterprise technology platform specifically designed to meet the unique needs of financial services.

Tech Data

Tech Data

Tech Data, a TD Synnex company, is a leading global distributor and solutions aggregator for the IT ecosystem.

DYOPATH

DYOPATH

At DYOPATH we work with the single purpose of helping our clients combat the ongoing increase of cyber threats, the growth in more complex IT environments, and ever-increasing human capital shortages.

Sphinx

Sphinx

Sphinx provide advanced security consulting services and cyber solutions to federal and private industry.