Critical Systems Security – Questions and Answers from SANS
The challenges of control systems security have been highlighted publically once again with the release of the NIST Cybersecurity Framework earlier this month. Further evidence of the need for improvements in how utilities and other critical infrastructure operators address cybersecurity was brought to light by ICS-CERT's Q4 2013 report on incident response activity.
According to its report:
ICS-CERT determined that:
- 79 organizations were either confirmed or suspected to be compromised
- 57 were determined to be 'not compromised,' and
- 120 were indeterminate or unknown.
For many of the incidents that were categorized as 'suspected' to be compromised, the detection capabilities and log records were inadequate to positively determine if threat actors were able to penetrate the network and maintain a presence. This underscores the importance of maintaining system and network logs, which are essential for ensuring detection and response capabilities, especially during the course of investigating an incident.
It is worth noting that ICS-CERT reporting is done on a voluntary basis. And no surprise, ICS-CERT believes many more incidents are occurring, but not being reported. In keeping with previously noted challenges, ICS-CERT suggests the gap in reporting is due to a lack of sufficient detection and or logging capabilities.
Shameless plug: The Tenable SecurityCenter Continuous View platform provides critical infrastructure operators with capabilities for continuous monitoring across their ICS/SCADA and enterprise IT networks. This is achieved through the combination of active and passive scanning, log aggregation and security analytics. We will be sharing information about continuous monitoring for ICS/SCADA networks at SANS ICS Security Summit, March 17-18, 2014 in Orlando.
To provide additional insight into the current state of ICS security, earlier this year, SANS Institute surveyed IT and security professionals from industries where control systems are prevalent. The results of the survey, which was co-sponsored by Tenable, will be shared with the public during a webcast hosted by SANS analysts Matthew Luallen and Derek Harp at 1PM ET on April 1, 2014. A report outlining the findings will be distributed to all those who register for the webcast. Tenable will also make the report available to interested parties following its official release.
The release of the survey results follows on heels of SANS' annual ICS Security Training Symposium and Summit. Tenable will be sponsoring the Security Summit, which takes place March 17-18, 2014 in Orlando. Tenable product evangelist, Paul Asadoorian will be on hand at the event, and will also be recording Paul's Security Weekly podcast while on-site. We look forward to seeing you at the event.
Related Articles
How A CNAPP Can Take You From Cloud Security Novice To Native In 10 Steps
May 23, 2024Context is critical in cloud security. In a recent RSA presentation, Tenable's Shai Morag offered ten tips for end-to-end cloud infrastructure security.
Logs of Our Fathers
September 22, 2009<p>At USENIX in Anaheim, back in 2005, George Dyson treated us to a fantastic keynote speech about the early history of computing. You can catch a videotaped reprise of it <a href="http://www.ted.com/talks/lang/eng/george_dyson_at_the_birth_of_the_computer.html" target="_blank">here, on the TED site</a>. I highly recommend it - there's lots of interesting and quirky stuff. I managed to talk him into giving me a copy of his powerpoint file, and subsequently tracked him down and am re-posting this material with his permission.</p> <h3>November, 1951 </h3> <p style="TEXT-ALIGN: center"><a href="http://www.ranum.com/security/computer_security/papers/ur-syslogs/first_syslog.jpg" target="_blank"><img border="0" height="375" src="http://www.ranum.com/security/computer_security/papers/ur-syslogs/t/first_syslog.jpg" width="500" /></a> <br /><strong>Machine Log #1</strong></p>
ShmooCon 2009 - Playing Poker for Charity
February 12, 2009Tenable sponsored a booth at this year's ShmooCon and ran a Texas Hold'em table to help raise money for the Hackers for Charity organization. We raised close to $400 from conference attendees ...
At Nearly $1 Billion Global Impact, the Best Cloud Security Couldn’t Stop This Hybrid Attack Path. Takeaway: Map and Close Viable Attack Paths Before Breaches Begin.
October 16, 2024Conventional wisdom suggests best-of-breed is the only way to secure your clouds. But what of hybrid attack paths that cross security domains — like those exploited in the SolarWinds and Capital One breaches? Exposing the gaps attackers exploit to move laterally requires visibility and context across security silos.
Oracle October 2024 Critical Patch Update Addresses 198 CVEs
October 15, 2024Oracle addresses 198 CVEs in its fourth quarterly update of 2024 with 334 patches, including 35 critical updates.
Harden Your Cloud Security Posture by Protecting Your Cloud Data and AI Resources
October 15, 2024Learn how data security posture management (DSPM) and AI security posture management (AI-SPM) can help you address key cloud security challenges.
- Conferences
- Events
- NIST
- Research Reports
- SANS
- SecurityCenter