Enhancing Cyber Hygiene
The Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) hosted a webinar to share cyber threat and resilience information. Several of the cyber hygiene recommendations offered during the web event may be helpful as you work with water systems to enhance their ability to provide safe drinking water.
One particular aspect of the webinar focused on trends that NCCIC analysts are seeing in the field related to cyber hygiene. Practical corrective actions and recommended next steps were also discussed. The trends fall into five major areas:
- Continued use of End of Life (EOL) network devices – those that are no longer supported by vendor patches and devices that are not being replaced during update/tech refresh cycles.
- Default/weak security configurations – use of default or weak credentials, devices put onto networks with “out of the box” configurations, or no implementation of vendor/government device hardened guidance
- Use of unsecure/unencrypted remote access protocols – administrator access directly over the internet or external use of FTP/TFTP.
- Poor security monitoring – lack of visibility for administrator access, device logging not implemented, or lack of visibility of configuration changes to network devices.
- Continued reliance on the old “network operations” mentality – network device security monitoring is secondary to the operations tasks.
The discussions surrounding the above categories were not directed specifically toward water utilities; however, most would easily apply to any utility with a SCADA system. The presentations also included information about the NCCIC and its role within DHS, broad discussions of cyber threats and exposures, and a separate section on the Federal response. The complete powerpoint presentation is available at this link. You are encouraged to share these materials with your colleagues in the water community.