By Steve Hunter, senior director, systems engineering, Asia Pacific and Japan, Forescout
External threats from cybercriminals are a huge risk to organisations, which is why so many energy industry professionals seek to prioritise strengthening their exterior-facing protection rather than internal security measures. This constant watch on the business’s surroundings can decrease intrusions from external actors. However, at least 52 per cent of security incidents in the industrial control systems (ICS) and operational technology (OT) networks are caused by accidental errors by employees.
To minimise cybersecurity impact from human error in ICS networks, energy organisations can adopt the following five recommendations.
1. Increase cybersecurity education and training
Untrained employees are more prone to simple mistakes than those with comprehensive training and experience. Businesses need to invest in cybersecurity education and training, especially for employees who have access to critical ICS networks. On the bright side, more organisations are seeing this knowledge gap and raising it as a priority, with around 30 per cent of organisations stating that investment in cybersecurity awareness and training for IT and OT personnel was in their top business initiatives for this year. Regardless of the level employees are at within an organisation, there should be continuous training and refresher programs available on cybersecurity and training should be included in all onboarding modules.
2. Keep access as a privilege, not a right
The more people are allowed access to information, the more chance there is for mistakes to be made. Organisations should ensure that only employees whose job functions depend on accessing an ICS network should be allowed access to it. While this may lead to awkward conversations with those who believe they should have access, it’s important to remember that access is not a right but a privilege, and should be used responsibly. Implementing the proper network access controls, including monitoring for and logging all access attempts, can help provide visibility into who is logging into the network, where they are, and when they’re doing it.
3. Proper network configuration is key
Network misconfigurations accounted for 34 per cent of ICS network vulnerabilities in the last year. Internal security measures can be hard to improve given the convergence of IT and OT networks, expansion in wireless connectivity through IoT devices, complex architectures with new devices, and combining new systems with legacy systems. However, for organisations to cover all bases and minimise the cybersecurity impact from human error, they must review internal structures and configurations.
Proper network configuration and segmentation is particularly crucial for a company’s OT infrastructure, since many important business and safety processes are controlled by these systems. Any operational failure from an employee’s accidental misconfiguration of a device on an ICS network could have severe consequences, if not now, then later on down the track.
4. Continuous monitoring with a properly trained security team
Organisations should also continuously monitor their ICS network for indicators of misconfigurations and network access attempts, which can help prevent possible incidents caused by human error and strengthen the overall ICS cybersecurity posture. By having dedicated, trained teams that know what to look for in the system and how to properly respond to threats, organisations can act quickly and reduce the damage incurred.
Related article: Energy Networks: Transmission update and new downloadable content
5. Deploy an ICS network monitoring tool
Lastly, organisations should consider deploying an ICS network monitoring tool. Having an effective internal monitoring system, combined with a properly trained security team analysing the data from that system, can effectively help reduce the impact of human error on an ICS network. An ICS network monitoring tool can provide network visibility of all the devices on the network, and asset management and configurations to ensure that all patches are up to date. A network monitoring tool can also help with network segmentation and intrusion detection.
Organisations should strive to continuously monitor both their internal- and external-facing systems to fully minimise cybersecurity impacts. Both internal and external sides contain critical information that organisations need to be aware of, however, in most cases, internal-facing threats are not given the high priority they deserve. Making cybersecurity training available to all staff, limiting access to control systems, ensuring the right configurations and software versions are in use, and continuously monitoring the network with an ICS-aware monitoring tool can help ease the burden and risk of internal cybersecurity threats.