1 / 17

Cyber Security Best Practices

Cyber Security Best Practices. Eric Weston Senior Auditor Cyber Security WECC Reliability and Security Workshop San Diego CA – October 23-24, 2018. “One of the main cyber-risks is to think they don’t exist. The other is to try to treat all potential risks.

georgen
Download Presentation

Cyber Security Best Practices

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Cyber Security Best Practices Eric Weston Senior Auditor Cyber Security WECC Reliability and Security Workshop San Diego CA – October 23-24, 2018 Western Electricity Coordinating Council

  2. “One of the main cyber-risks is to think they don’t exist. The other is to try to treat all potential risks. Fix the basics, protect first what matters for your business and be ready to react properly to pertinent threats.” Stephane Nappo: GCISO Société Générale Cyber Risks Western Electricity Coordinating Council

  3. Prevent What You Can Detect What You Can’t Prevent Be Prepared to Recover Agenda Western Electricity Coordinating Council

  4. What are your risks and challenges • What is important with different systems • Confidentiality • Integrity • Availability Putting Things in Perspective Western Electricity Coordinating Council

  5. Jess Smith, Nathan Kipp, Dennis Gammel, Tim Watkins: EEA Conference June 2016

  6. Tightening down perimeter protections • Perform regular reviews of firewall configurations • Remove/Disable outdated and unneeded rules and objects • Be cautions with “maintenance” rules • Review rules which generate few if any hits • Ensure all rules have detailed descriptions • Rules should be as specific as possible • Commit to continual improvements • Review access rules holistically Preventative Measures Western Electricity Coordinating Council

  7. Reviewing Access Rules Holistically access-list esp_in extended permit tcp ems dmzwks2 eqssh access-list esp_in extended permit ip host1 host2 range 0 512 access-list esp_in extended permit tcp ems subwks1 eq 2000 access-list esp_in extended permit ip host1 host2 range 513 25000 access-list esp_in extended permit udp 10.0.1.1 172.36.5.1 eq 2355 access-list esp_in extended permit ip host1 host2 range 25001 65535 access-list esp_in extended permit ip 10.0.1.1 172.36.5.1 eqdns access-list esp_in extended permit ip host1 host2 eqany Preventative Measures Western Electricity Coordinating Council

  8. Utilize the tools you have • Host based firewalls/iptables • System hardening • Windows Security Templates • Vendor Specific Recommendations • Don’t reinvent the wheel • Other methods, tools, etc. Preventative Measures Western Electricity Coordinating Council

  9. Active Defense • Passive Defense • Firewalls • Traditional Anti-Virus Systems • Other measures • Active Defense2 • Threat and Environment Manipulation • Threat Intelligence Consumption • Network Security Monitoring • Incident Response 2https://digital-forensics.sans.org/media/Poster_DFIR_Threat-Intel_2017.pdf Prevention/Detection Western Electricity Coordinating Council

  10. Leveraging your environment The glass is half full Operational technology (OT) environments change infrequently Users and systems should only be performing specific tasks on OT networks Traffic should be relatively predictable Detecting Abnormalities Western Electricity Coordinating Council

  11. Establishing normal • Identifying Assets and Communications Paths • Physical Inspection • Router/Firewall configurations • Network Traffic Analysis • Identifying and Validating Network Traffic • Network Traffic Analysis • Firewall/Router Logs Detecting Abnormalities Western Electricity Coordinating Council

  12. Becoming more situationally aware Are monitoring systems tailored to your environment? Detecting Abnormalities Western Electricity Coordinating Council

  13. Be Prepared for the When Western Electricity Coordinating Council

  14. 2018 Atlanta SamSam Ransomware Attack One third of the cities 424 software programs affected Potential Cost of $9.5 Million Some data will never be recovered https://www.reuters.com/article/us-usa-cyber-atlanta-budget/atlanta-officials-reveal-worsening-effects-of-cyber-attack-idUSKCN1J231M?feedType=RSS&feedName=technologyNews Recovery Western Electricity Coordinating Council

  15. Regularly back up data and verify the integrity of those backups Secure backups Ensure backups are not connected to the computers and networks they are backing up https://www.ic3.gov/media/2016/160915.aspx Recovery Western Electricity Coordinating Council

  16. Practice, Practice, Practice During an event is not the first time a recovery processes should be performed Be creative during recovery exercises Ensure everyone knows their part and has the needed tools and knowledge Continually learn and improve processes Recovery Western Electricity Coordinating Council

  17. Cybersecurity is a shared responsibility, and it boils down to this: In Cybersecurity, the more systems we secure, the more secure we all are. Jeh Johnson: Secretary of Homeland Security Western Electricity Coordinating Council

More Related