Hackers also have a headache: the seven major artifacts protect industrial security

Hackers also have a headache: the seven major artifacts protect industrial security

Heavy industry is gradually becoming the target of cyber attacks. Financial institutions may also be under various pressures, but in terms of frequency or type, industrial networks are under more severe attacks. At present, it seems that the only purpose of these attacks is to detect vulnerabilities, but it is sufficient to harm the entire industrial network. To protect industrial control networks from cyberattacks, the U.S. Department of Homeland Security (DHS) recommends seven protection measures.

The Industrial Control System Emergency Response Team (ICS-CERT) of DHS recently released 7 Steps for effective defense of industrial control systems. ICS-CERT first pointed out that, according to its research, at least 295 intrusions related to industrial networks occurred in 2015, and more likely were unpublished or not detected intrusions. In addition, these events are becoming increasingly popular.

The ICS-CERT emphasizes that networks that simply enhance peripheral protection (such as firewalls) are no longer applicable.

To help mitigate the possibility of cyberattacks, ICS-CERT recommends that seven critical policies be built for industrial networks to improve their protection capabilities. The Agency claims that these seven major steps would allow FY to survive 2015 of the attacks reported in 98%.

Seven major artifacts protect industrial security

These seven key strategies are:

1. Build an application whitelist: only approved applications can be executed, so that the network can detect and prevent malicious software. This policy is particularly applicable to SCADA systems, human-machine interface (HMI) computers, and database systems.

2. Ensure correct configuration and management of the Supplemental Program: As the opponent continues to improve its capabilities, the actual security practices are gradually outdated. As a result, unsupplemented software is increasingly easy to target. The key is to implement the security Input Program and update the trustworthy software supplemental program.

3. Reduce the scope of attacks: Disable unused ports and unused services. Instant external connections are allowed only when absolutely necessary. Isolate your industrial network from untrusted external network. Another useful technique is to try to use an Optical Isolation solution () if only one-way communication (such as reporting materials) is required to prevent returning signals from entering.

4. Establish a defensive environment: the correct architecture helps limit the potential damage caused by peripheral intrusion. Like a castle with external walls and internal fortifications, the network is designed as a collection of systems that can restrict the communication between hosts to avoid affecting other systems due to damage to one of the systems.

5. authentication management: using stolen creden。 may prevent attackers from being detected by the system. Therefore, dual-factor authentication, access restriction of user permissions, different authentication for enterprises and control network access, and various protection mechanisms will help strengthen authentication.

6. secure Remote Access: if it is necessary to use remote access, more protection measures should be taken, such as using hardware rather than software) data performs read-only access, remote access within a limited time, requires operators to control access requests through remote access, and avoids the use of "dual standards" for different access paths for suppliers and employees ". At the same time, close any suspicious access objects, hidden backdoors, and so on. In particular, it is basically not safe to protect data machines.

7. Monitoring and Response Plan: network attacks are constantly maturing. Therefore, measures that are sufficient to cope with these attacks may become flaws of tomorrow. Continuously monitors the network to avoid signs of potential intrusion or other attacks, and develops a contingency plan for detecting attacks in advance. Swift action can limit the extent of damage and facilitate rapid recovery.