Critical Infrastructure Best Practices for Cyber Resilience

Cyber resilience is the ability of an organization to prepare for, respond to, and recover from cyberattacks while continuing to operate and deliver goods and services. Going beyond traditional cybersecurity, cyber resilience acknowledges that incidents will occur. Therefore, it emphasizes the importance of maintaining business continuity and minimizing the impact of cyber incidents. Ensuring cyber resilience in critical infrastructure is crucial to safeguarding the systems and services that are essential for the functioning of a society.

Critical Infrastructure Challenges

Critical infrastructure organizations face a unique set of challenges that other organizations don’t. Understanding these differences is crucial for security professionals to develop appropriate strategies for creating cyber resilience. 

Stricter Regulation

While most organizations are subject to regulations, critical infrastructure is typically subject to more stringent regulations due to its crucial role in maintaining national security, public safety, and economic stability. 

Legacy Technology

Critical infrastructure often relies on operational technology (OT) and legacy systems. These systems are designed to control and monitor physical processes. In many cases, these systems were not designed with cybersecurity in mind, making them more susceptible to cybersecurity threats. 

Resource Allocation

Despite its vital importance, critical infrastructure may be under-resourced due to various reasons, such as budget constraints, competing priorities, and the complexity of maintaining and upgrading critical systems.

Human Safety Impact

Failures in critical infrastructure can have a direct impact on human safety. For example, a cybersecurity breach in a power grid could lead to widespread power outages, affecting healthcare facilities, transportation systems, and other essential services.

Interconnectedness

Critical infrastructure is often highly interconnected, meaning that a failure in one system can have cascading effects on others. This interconnectedness can amplify the impact of a disruption. The connected nature of the network also complicates the process of bringing it back up, as assets may need to be brought back online in a certain order in order for the process to be successful. 

Cyber Resilience Best Practices

These best practices have been grouped into four areas: understand your infrastructure; build a secure environment; maintain security and manage risk; and ongoing improvements, monitoring, and testing.

Understand Your Environment

Identify Critical Functions and Create an Asset Inventory

The United States Cybersecurity and Infrastructure Security Agency (CISA) recommends Cyber Resiliency Reviews for all critical infrastructure companies and organizations, including government agencies. The model outlines critical functions and assets and defines the practices needed to manage resilience. 

Critical functions are the core activities that keep your critical infrastructure running. Understanding which functions are critical allows you to focus your resources and efforts on protecting these areas. Creating a list of all the functions and processes within your organization and then prioritizing them based on their criticality is the first step to building a cyber-resilient organization.

An asset inventory is a comprehensive list of all hardware, software, network devices, and other technology assets within an organization, whether they are based in the cloud, in containers, or on-premises. However, the method recommended by CISA is highly manual and based on detailed questionnaires that are only as accurate as the knowledge of the people filling them out. 

A modern technique used to identify critical functions and compile an asset inventory is to place sensors in your network that capture communications data and then leverage data science and AI-driven analysis to create a map of your corporate infrastructure. This gives you complete visibility into the true extent of your interconnected IT asset infrastructure, including which assets are interrelated or interdependent. This modern technique ensures that you have a comprehensive and up-to-date asset inventory that will facilitate your cyber resilience planning.

Build a Secure Infrastructure

Secure Configuration and Architecture

Implement secure configurations for hardware and software components, following industry best practices and guidelines. Your IT asset inventory will help you prioritize which systems are most critical, so you can focus your efforts where they will have the most impact. Design and maintain a secure network architecture that minimizes attack surfaces and isolates critical systems.

Redundancy and Resilience Measures

Implement redundancy and resilience measures for critical systems connected to your critical functions to ensure continued operation during cyber incidents or disruptions. Regularly test backup and recovery procedures to verify their effectiveness.

Data Protection and Encryption

Implement strong, post-quantum encryption mechanisms to protect sensitive data both in transit and at rest. Regularly review and update data protection policies to address evolving threats and compliance requirements.

Supply Chain Security

Make sure you have an accurate list of third-party suppliers and know what kind of access they have to your network. Monitor outside connections to your network and investigate connections from unknown sources. Assess and monitor the cybersecurity posture of third-party suppliers and vendors. Establish security requirements for vendors, including contractual obligations for cybersecurity standards.

Regulatory Compliance

Ensure compliance with relevant cybersecurity regulations and standards applicable to critical infrastructure sectors. Stay informed about changes in regulations and adjust cybersecurity practices accordingly.

Maintain Security and Manage Risk

Risk Assessment and Management

Conduct regular risk assessments to identify and assess cyber threats and vulnerabilities. Prioritize risks based on their potential impact on critical infrastructure assets and functions. Develop a risk management strategy that includes the mitigation, transfer, and acceptance of risks.

Employee Training and Awareness

Provide regular training to employees on cybersecurity best practices and the potential threats to critical infrastructure. Foster a culture of cybersecurity awareness and responsibility among all personnel.

Cyber Hygiene

Enforce strong cybersecurity hygiene practices, such as regular software updates, patch management, and vulnerability assessments. Implement a zero trust security model with robust access controls, least privilege principles, and user authentication reviews.

Collaboration and Information Sharing

Collaborate with other organizations, government agencies, and industry partners to share threat intelligence and best practices. Participate in information-sharing forums and initiatives to stay informed about emerging threats.

Security Awareness for Leadership

Ensure that leadership at all levels understands the importance of cybersecurity and supports cyber resilience. Establish a cybersecurity governance framework that includes executive oversight and accountability.

Ongoing Improvements, Monitoring, and Testing

Incident Response Planning

Develop and regularly update an incident response plan that outlines the steps to take in the event of a cyber incident. Use your understanding of the structure of your IT environment to take into account which assets are connected, and therefore could be a secondary target. Conduct regular tabletop exercises and simulations to test the effectiveness of the incident response plan.

Continuous Monitoring

Implement continuous monitoring solutions to detect and respond to security incidents in real time. Utilize intrusion detection systems, security information and event management (SIEM) tools, and other monitoring mechanisms.

Testing and Simulation

Conduct regular penetration testing to identify and remediate potential weaknesses. Simulate cyber incidents to assess your organization's response capabilities.

Adaptive Security Measures

Implement adaptive security measures that can adjust to changing threat landscapes and evolving attack techniques. Use threat intelligence to inform security policies and update defenses accordingly. Use IT asset data to identify newly revealed weak points in your environment to improve security. 

Continuous Improvement

Establish a culture of continuous improvement by regularly reviewing and updating cybersecurity policies, procedures, and technologies. Learn from security incidents and apply lessons learned to enhance cyber resilience strategies.

Implementing these best practices requires a comprehensive and collaborative effort involving multiple stakeholders, including IT and security teams, management, government agencies, and industry partners. Cyber resilience is an ongoing process that evolves to address emerging threats and changes in the cybersecurity landscape. Regular assessments, testing, and updates are essential components of a robust critical infrastructure cyber resilience strategy.

A New Approach to Cyber Resilience

Tackling cyber resilience requires a comprehensive strategy. It requires an AI engine capable of not only giving you complete visibility into your connected infrastructure but also mapping how those assets connect to each other and to your critical business functions. 

It requires the Redjack platform.

The Redjack solution approach has a significant impact on the effectiveness of both IT and business, making cyber resilience a valuable asset. This system has been successfully implemented in some of the world's largest corporations and government agencies for over five years.

Contact us to discover how Redjack has helped these organizations achieve genuine cyber resilience.

Justine Bone

Justine is the Chief Product Officer at Redjack.

https://www.linkedin.com/in/justinebone/
Previous
Previous

Case Study: Improving BCDR Planning & Compliance

Next
Next

The Changing Role of the CISO: From Cybersecurity IT to Cyber Risk Manager