Real-time Security Event Discovery
Critical Infrastructure security is of paramount importance in protecting assets and services that are essential to society and the economy. The real-world, high profile consequences of a cyber-attack could include service disruption, environmental damage and personal injury on a large scale. Alongside this, there is the often mammoth task of managing a large number of customers, and handling data relating to usage, payments and connection status.
If you work in one of these sectors you know that your operations must be high performing, resilient and secure. A strong cyber security posture is fundamental to your operation.
Legislation and Governments recommendations
There is considerable pressure on critical infrastructure, from advisory groups and national governments – for example through Centre for Protection of National Infrastructure (CPNI) in the UK, the Australian Government’s Critical Infrastructure Centre (CIC) and via the North American Electric Reliability Corporation (NERC) in the US.
NIS Directive (EU) 2016/1148
New legislation includes EU Directive 2016/1148 on the security of network and information systems (NIS) which took effect across Europe and in the UK on 10 May 2018. This Directive places requirements on providers of essential services in a number of critical national infrastructure sectors and aims to enhance the security and resilience of networks and IT systems across the EU.
UK Government – High Level Security Principles
The 14 high level security principles proposed by the UK government to meet the security requirements of the NIS Directive include an effective security monitoring strategy and proactive security event discovery. Operators of essential services in the UK are currently encouraged to start analysing their systems and existing security measures to identify control gaps and plan any necessary remediation.
North America – Cybersecurity Capability Maturity Model (C2M2)
The C2M2 is a voluntary public-private partnership program, the development of which is not associated with any compliance requirements. The C2M2 model was identified, organised, and documented by US energy sector subject matter experts from both public and private organisations. The C2M2 is designed to measure both the sophistication and sustainability of a cyber security program.
How to protect your critical infrastructure
The UK Government’s National Cyber Security Centre guidance contains additional detail on the two cyber security principles of Security Monitoring and Proactive Security Event Discovery. Whether your organisation is a UK, Australian or American operator of Critical Infrastructure, these principles are absolutely critical in defending your enterprise:
C.1 Security Monitoring
The organisation monitors the security status of the networks and systems supporting the delivery of essential services in order to detect potential security problems and to track the on-going effectiveness of protective security measures.
C.2 Proactive Security Event Discovery
The organisation detects, within networks and information systems, malicious activity affecting, or with the potential to affect, the delivery of essential services when the activity evades standard signature based security prevent/detect solutions (or when standard solutions are not deployed).
Within the networks and systems supporting the delivery of your essential services there are some key areas to consider:
- Industrial Control Systems
- Building Management Systems
- Networks & IT Systems
Industrial Control Systems
Industrial Control Systems (ICS) are widely used in the Industrial and Power sectors such as Energy, Water, Manufacturing and Pharmaceuticals. They include:
- Programmable Logic Controller (PLC)
- Systems Control and Data Acquisition (SCADA)
- Distributed Control Systems (DCS)
There are particular challenges to securing these control systems and the networks on which they are hosted due to significant differences in their purpose and operation. Tackling these challenges effectively requires high level visibility of the control system’s infrastructure. Having current, relevant information about the status of the infrastructure system and its operation, allows risks to be properly identified and effectively managed. SCADA monitoring solutions provide the required level of monitoring.
Building Management Systems
Building Management Systems (BMS), also known as Building Automation Systems, are a type of Control System used to control and monitor the mechanical and electrical equipment in most modern buildings such as ventilation, lighting, power, fire and security systems. They are common to all business sectors, however they are particularly crucial in an industrial production environment; a continuous supply of these services is essential to business continuity and the health and safety of staff.
Network and IT Services
The security and resilience of your networks and IT systems is important. There will be occasions when networks and IT systems are affected by factors relating to personnel and physical security. Protecting personal and sensitive customer information has never been more important, as strict regulations such as the EU GDPR demonstrate.
The importance of anomaly detection
Proactive security event discovery involves identifying insiders who may, knowingly or unknowingly, misuse legitimate access to commit a malicious act or damage their employer. It also includes being alert to patterns of network activity, system behaviour or the presence of systems, flows or applications that are not part of the normal operating model.
According to Verizon’s 2018 Data Breach Investigation Report, 28% of data breaches involve internal actors. Enterprise wide security monitoring capabilities to identify insider precursors and behaviour anomalies is essential.
How Next Gen SIEM can improve cyber resilience
Huntsman Security’s Next Gen SIEM is proven in meeting the high security, real-time visibility and assurance requirements of critical infrastructure. Protective security monitoring and proactive security event discovery is what we do.
Our customers manage complex network structures, deal with extremely high data volumes and monitor a wide variety of data types and sources. Next Gen SIEM’s suitability for these highly critical environments is proven and acknowledged in The Forrester Wave™ 2018 for Security Analytics platforms. Huntsman Security’s Next Gen SIEM provides:
- Volume and Speed: Effective, real-time collection from a range of standard and bespoke data sources – including specific systems that support ICS, SCADA and other related technologies;
- Anomaly Detection: Visibility of anomalous activity within the network, operating system and application layers;
- Visibility: Business and technical dashboards to deliver ‘at a glance’ security and compliance status for operators, technicians as well as senior management;
- Management of multiple environments: Data separation capabilities allow different security domains or operational environments to co-exist within the same monitoring solution;
- Inbuilt compliance standards support: to track how you are performing against major government, national and international standards e.g. Australia’s ACSC Essential 8, EU GDPR, PCI-DSS, ISO 27001.