The Importance of Cybersecurity in Protecting Critical Infrastructure
The Need to Protect Critical Infrastructure
The recent collaboration between the Cybersecurity Infrastructure Security Agency (CISA) and the National Security Agency (NSA) in producing the document “Identity and Access Management: Recommended Best Practices for Administrators” highlights the urgency to secure critical infrastructure from cyberattacks. Critical infrastructure and services are prime targets for malicious actors seeking to cause mass disruption to public life and safety. Recent examples such as the Colonial Pipeline supply chain attack, the attempt to hack into a Florida city’s water supply, and the targeting of the power grid in Ukraine demonstrate the need to protect not only sensitive information, processes, and systems but also the digital lives of millions of people around the world.
The Role of the Enduring Security Framework (ESF)
The “Identity and Access Management: Recommended Best Practices for Administrators” document is part of the Enduring Security Framework (ESF), which aims to provide cybersecurity guidance based on NIST standards. The document specifically targets the private sector, and its adoption is expected to influence the wider regulatory industry. By standardizing and normalizing IAM best practices, the guidance seeks to level the playing field in terms of cybersecurity and educate organizations on current threats and important terms.
Key Takeaways from the ESF Guidance
1. Protecting Operational Technology (OT)
While the ESF guidance receives praise for standardizing IAM best practices across the IT industry, it needs further clarification in areas critical to organizations focused on operational technology (OT) such as energy and manufacturing. The document mentions network segmentation, multifactor authentication (MFA), and identity life-cycle management but focuses primarily on the IT infrastructure perspective. It is crucial to revise these areas through the lens of the OT space, with specific detail addressing the unique needs and challenges of protecting OT systems from threats.
2. Emphasizing OT Network Segmentation
Although network segmentation is mentioned in the document, it is presented only as a cursory checklist item. Future versions should expand on the topic, emphasizing the inclusion of network design, one-way traffic flows, true network isolation, and the utilization of echoed syslog and telemetry reporting as key controls for the OT space. These OT-specific design considerations are often overlooked by larger IT practices, and highlighting them is essential for hardening critical infrastructure.
3. Strengthening Identity Life-Cycle Management Programs
Identity life-cycle management, also known as “joiners, movers, and leavers,” is another area that requires further expansion and guidance. As tools mature, organizations can assign more granular access, enabling true attribute-based access controls, especially with the adoption of zero-trust practices. Mature identity management practices, including user directories, are necessary to maintain and deliver metadata efficiently. Shared accounts with elevated credentials often hinder access management controls in the OT space, but strong life-cycle programs can be established by implementing phishing-resistant authentication methods, such as recommended by CISA. This includes leveraging MFA technologies that allow strong identification methods and shared account vaulting with checkout capability.
4. The Role of Multifactor Authentication (MFA)
Multifactor authentication (MFA) plays a critical role in any successful cybersecurity program. The ESF guidance dedicates eight pages to this topic alone, emphasizing the importance of utilizing modern phishing-resistant MFA solutions such as passkeys, security keys, and smart cards. These solutions leverage secure authentication based on public/private key cryptography, providing protection at the gates and certainty when reviewing behaviors via logs. By implementing phishing-resistant MFA methods, organizations can protect against common attacks that allow attackers to gain a foothold in both IT and OT networks.
What This Guidance Means for Organizations
Investing in Modern Cybersecurity Practices
The release of new cybersecurity guidance can be overwhelming for organizations. However, it is crucial to recognize that modern cyber threats necessitate modern cybersecurity practices. Safeguarding critical infrastructure, data, systems, and supply chains should be a priority. Although managing legacy infrastructure while modernizing cybersecurity may pose challenges, strategic investments in solutions that meet organizations where they are and bolster their security posture are essential in the long run.
Staying Ahead of Cyber Threats
Organizations must proactively address cybersecurity risks and ensure they have comprehensive policies, procedures, and technologies in place to mitigate these threats. Regular training and awareness programs for employees can help educate them about the importance of cybersecurity and their role in protecting critical infrastructure. Collaboration between industry, government, and cybersecurity agencies is necessary to stay ahead of evolving cyber threats and maintain a resilient cybersecurity posture. By staying vigilant and adopting best practices, organizations can protect themselves and their stakeholders from cyberattacks.
This report highlights the collaboration between the Cybersecurity Infrastructure Security Agency (CISA) and the National Security Agency (NSA) in producing the “Identity and Access Management: Recommended Best Practices for Administrators” document. It emphasizes the importance of protecting critical infrastructure from cyberattacks and discusses the key takeaways from the guidance, focusing on the need to address operational technology (OT), strengthen identity life-cycle management programs, and utilize multifactor authentication (MFA). The report also provides guidance to organizations on how to apply the ESF recommendations, emphasizing the significance of investing in modern cybersecurity practices and staying ahead of cyber threats.
<< photo by Mati Mango >>
The image is for illustrative purposes only and does not depict the actual situation.
You might want to read !
- Securing Your macOS: Unveiling Security Reports, Exposing Keyboard Spying and Unmasking VPN Vulnerabilities
- Mobb Takes the Crown: Black Hat Startup Spotlight Competition’s Victorious New Champion
- Exploring the Top Announcements and Innovations Unveiled at Black Hat USA 2023
- “Unveiling a Decade-Long Cyber Intrigue: Espionage Targeting Foreign Embassies in Belarus”
- In Other News: Assessing the Landscape of macOS Security, Keyboards, and VPNs
- Quantum-Resistant Encryption: Google Bolsters TLS Security in Chrome 116
- The Next Frontier: Unveiling the Key Announcements from Black Hat USA 2023
- “The Vulnerability Within: Microsoft’s Revelation of Critical Codesys Flaws Posing Threats to Industrial Operations and Surveillance”
- The Troubling Consequences of CISA: A Backdoor Threatens Barracuda ESG Security
- Securing Critical Infrastructure: Siemens Addresses Vulnerabilities in Ruggedcom Products
- Mission Secure and Idaho National Laboratory Collaborate to Safeguard Critical Infrastructure
- Vulnerability Trends in Critical Infrastructure Sector: Insights by SynSaber and ICS Advisory Project
- Google Takes a Quantum Leap in TLS Security: Introducing Quantum-Resistant Encryption in Chrome 116
