Defense In Depth
N-Sentinel Monitoring Is Your Defense Against Cyber Attacks
The variety and sophistication of cybersecurity threats has been steadily increasing. The common email-based viruses and worms of previous years that primarily exploited individual machines remain, but these are now accompanied by sophisticated network attacks, ransomware attacks, SCADA attacks launched from behind the firewall, phishing, and many others. Thousands of these attacks occur every day and their varied nature means that no single defensive technology is able to protect IT and OT networks.
Utility professionals now must be proactive in their commitment to prevent cyber criminals from taking their network infrastructure hostage.
The Business Case For Cybersecurity Monitoring: Four Stage Strategy
Defense in depth is based on a time-tested military strategy built upon multiple layers of defense, so that if one layer is compromised there are additional layers of protection. There are four stages to developing a defense-in-depth strategy for cyber security:
- 1. Define your assets
- 2. Define the threats to these assets
- 3. Place your highest priority asset(s) at the innermost layer of protection
- 4. Protect your assets with overlapping and complementary layers of prevention, detection, and mitigation so if one layer of protection is successfully bypassed, the next layer can catch it.
Five Key Elements
There are five elements that work together to create a defense-in-depth security posture:
- Perimeter Protection
- Interior Security
Historically perimeter protection (usually in the form of firewalls) has been the focus for security. Perimeter protection is required but it in itself is not an adequate form of protection for a critical infrastructure operator. Stuxnet, the most advanced form of malware developed to date, attacked control systems on an isolated network, and was not blocked or impeded by firewalls. Perimeter protection aligns to the NERC CIP-005 Electronic Security Perimeter(s) standard.
Interior security is fast becoming a very critical element in the defense-in-depth model. Interior security is focused on identifying and blocking security breaches from personnel with authorized access to the systems and from internal system to system applications. With advanced forms of malware personnel can propagate and / or launch malware unknowingly. Interior security aligns to the NERC CIP-007 System Security Management standard.
Security is a process, and as such measurement in the form of monitoring provides data and information for better management of the security process. It is critical to monitor assets and their environment to determine the overall cyber health. Monitoring is prevalent throughout the NERC CIP standards.
Management in the defense-in-depth model refers to the inclusion of cyber-security as a management priority. Effective cyber security is championed actively by the Senior Management team and should be included in the governance process. This element is included in the NERC CIP standards including the NERC CIP-003 Security Management Controls standard.
Processes and procedures are an important element of the defense-in-depth model. Effective processes include well defined roles and responsibilities, process mapping, and back-up plans. Processes are prevalent throughout the NERC CIP standards.
N-Dimension’s solutions create a comprehensive defense-in-depth security posture for critical infrastructure operators.