Ports and Facilities

10/19/2016: Building cyber resiliency

Editor’s note: October is nationally recognized as National Cybersecurity Awareness Month. Throughout the month, Maritime Commons will feature a series of posts detailing cyber risk management in the maritime domain, focusing on governance, resiliency and defending critical infrastructure.

 

During last week’s cybersecurity awareness discussion, we addressed the importance of instilling a cyber security governance framework within your organization to better identify and mitigate cyber risk. We stated a cornerstone of the cyber security governance is building resilience. Considering the increased trend of cyber breaches and attacks, it is no surprise that companies are heavily focused on enhancing their resiliency posture.

Cyber security resiliency is the ability for an organization to identify, prevent, detect and respond to a process or technology failure, minimizing harm, reputational damage, and financial loss. No amount of planning or investment can make an organization’s cyber defenses completely secure, but developing a vigorous resiliency plan may prevent outages of critical systems and functions by cyber incidents or unexpected failures of IT/OT systems. New threats and unanticipated vulnerabilities emerge daily, and resiliency strategies must be addressed often as conditions and risks change. Organizations should concentrate on the following elements to bolster their resilience:

 

  • Business Continuity: The ability to restore a system via backup data or software is an important element in recovery planning. System backups should be updated and tested often in the event restoration is necessary to carry out core business functions. These redundancy measures prove valuable not only in the event of a breach or cyber incident but also during the recovery phase of a non-cyber safety or security event.

 

  • Incident Response Plan: The implementation of an incident response plan facilitates effective actions in case of a cyber incident. Enterprise knowledge around how to engage efficiently will reduce any duplication of work during an incident. The plan should include updated contact information, structured lines of communication and organized roles and responsibilities. The plan should be tested regularly to ensure its effectiveness.

 

  • Train and Empower the Employee: This and the next listed item were stated last week in introducing the topic of cyber security governance, but each are critical and play a large part in establishing cyber resilience. User awareness is woven tightly is a key aspect in building resilience. Cyber resilience demands a focus on people as incident response plans often require employees to assume roles outside the scope of their daily duties. Further, if employees understand the risk and how they potentially contribute to it; they will help avoid vulnerabilities as a result of human error. Empowered employees are one of the best resources to build resiliency.

 

  • Asset Inventory: Until an organization can perform a complete inventory of critical IT/OT systems, it cannot perform an adequate risk evaluation. A complete inventory of systems is critical to understanding what equipment and systems require certain patches, security protections and restoration precedence. Further, an accurate inventory allows critical cyber-dependent systems and services to be prioritized, establishing tolerance thresholds and anticipated timelines for any recovery and restoral efforts. Crucial systems that cannot tolerate extended outages may garner additional resiliency measures such as “mirrored” or redundant systems or “hot-standby” equipment. These resiliency efforts also provide senior management the visibility needed in order to make informed and consistent decisions about its overall cyber security posture.

 

Good cyber security resiliency must be a cornerstone of your governance structure. You must identify the “diamonds” in your inventory to ensure your business operations can reconstitute quickly, minimizing downtime and losses. The incident response plan should be exercised regularly to identify weaknesses or changes to your plan. Incident response and recovery is a team effort; ensure key personnel are included in the plan to assist—this is an “all hands on deck” evolution. Lastly, empower and train the employees often about new threats that target their daily work processes. Proper education and awareness can minimize or prevent a significant cyber incident.

Next week, we will discuss the importance of implementing cyber defense strategies to protect critical infrastructure. We will highlight common attack vectors used on SCADA and ICS systems, and mitigation actions that can be implemented to prevent outages or downtime caused by a cyber incident.

Have input or ideas on this topic? Join the discussion by leaving your comments or questions in the section below or by using #MaritimeCyber on Twitter.

This blog is not a replacement or substitute for the formal posting of regulations and updates or existing processes for receiving formal feedback of the same. Links provided on this blog will direct the reader to official source documents, such as the Federal Register, Homeport and the Code of Federal Regulations. These documents remain the official source for regulatory information published by the Coast Guard.

Categories: Ports and Facilities

Tagged as: ,