Protect: Difference between revisions

From CyberWiki
Jump to navigation Jump to search
Line 16: Line 16:


'''Challenges''' with vulnerability and patch management in power generation facilities include:
'''Challenges''' with vulnerability and patch management in power generation facilities include:
*Many rely on a manual process of identifying, prioritizing and remediating vulnerabilities is time-consuming and error-prone.  
*Many companies utilize a manual process of identifying, prioritizing, and remediating vulnerabilities in OT systems.  This process is time-consuming and error-prone.  
*Implementation of automated vulnerability scanning tools and threat intelligence feeds – prioritizing vulnerabilities based on their potential impact on operations.
*Companies implement automated vulnerability scanning tools and threat intelligence feeds – prioritizing vulnerabilities based on their potential impact on operations.  These tools typically require manual effort to review and disposition OT impact.
*Dependencies on third party can introduce delay in the process of vulnerability remediation. Vendors validating the patches before the release can leave systems exposed for longer durations. To overcome this, a streamlined process should be established for validating and deploying the patches in a timely manner.
*Dependencies on third parties can introduce delays in the process of vulnerability remediation. Vendors validating the patches before the release can leave systems exposed for longer durations. To overcome this, a streamlined process should be established for validating and deploying the patches promptly.
*Advisories inaccurate – In 2022, 34% of advisories contained errors (Source: Dragos)  
*Vulnerability advisories are not entirely accurate.  In 2022 approximately 34% of vulnerabilities were found to be inaccurate. (Source: Dragos)  
*Adversaries interested in attacking old and unpatched vulnerabilities – The most exploited vulnerability of 2022 (Product - FortiOS and FortiProxy) was discovered in 2018  
*Adversaries interested in attacking old and unpatched vulnerabilities – The most exploited vulnerability of 2022 (Product - FortiOS and FortiProxy) was discovered in 2018  


Line 25: Line 25:


*Continuous Monitoring. Deploying automated tools to assess and monitor. Proper configuration and management of data should be done to avoid a significant backlog of data and alerts.
*Continuous Monitoring. Deploying automated tools to assess and monitor. Proper configuration and management of data should be done to avoid a significant backlog of data and alerts.
*Automated Patch Deployment. Cautiously deploy automated tools using test environments, change management and rollback plans to avoid accidentally disrupting operations.
*Automated Patch Deployment. Cautiously deploy automated tools using test environments, change management, and rollback plans to avoid accidentally disrupting operations.
*Vendor Support. Collaborate with vendors/suppliers to test and deploy patches in a timely manner.
*Vendor Support. Collaborate with vendors/suppliers to test and deploy patches promptly.


'''Relevant EPRI Resources'''
'''Relevant EPRI Resources'''

Revision as of 19:08, 25 September 2024

Protection Overview

Protection Summary

Key protection topics include:

  • Security Architectures and Segmentation
  • Vulnerability Management
  • Hardening
  • Secure Remote Access
  • Transient Cyber Assets and Removable Media
  • Identity and Access Management

Segmentation and Security Architectures

Vulnerability and Patch Management

Vulnerability Management is an ongoing process of identifying, assessing and addressing security vulnerabilities. It involves the systematic discovery, assessment and remediation of vulnerabilities to reduce the risk of cyber attacks and data breaches.

Challenges with vulnerability and patch management in power generation facilities include:

  • Many companies utilize a manual process of identifying, prioritizing, and remediating vulnerabilities in OT systems. This process is time-consuming and error-prone.
  • Companies implement automated vulnerability scanning tools and threat intelligence feeds – prioritizing vulnerabilities based on their potential impact on operations. These tools typically require manual effort to review and disposition OT impact.
  • Dependencies on third parties can introduce delays in the process of vulnerability remediation. Vendors validating the patches before the release can leave systems exposed for longer durations. To overcome this, a streamlined process should be established for validating and deploying the patches promptly.
  • Vulnerability advisories are not entirely accurate. In 2022 approximately 34% of vulnerabilities were found to be inaccurate. (Source: Dragos)
  • Adversaries interested in attacking old and unpatched vulnerabilities – The most exploited vulnerability of 2022 (Product - FortiOS and FortiProxy) was discovered in 2018

Current vulnerability and patch management key practices include continuous monitoring, automated patch deployment, and vendor patch support and outsourcing:

  • Continuous Monitoring. Deploying automated tools to assess and monitor. Proper configuration and management of data should be done to avoid a significant backlog of data and alerts.
  • Automated Patch Deployment. Cautiously deploy automated tools using test environments, change management, and rollback plans to avoid accidentally disrupting operations.
  • Vendor Support. Collaborate with vendors/suppliers to test and deploy patches promptly.

Relevant EPRI Resources

Hardening

Secure Remote Access

Transient Cyber Assets and Removeable Media

Identity and Access Management

Retrieved from "https://cyberwiki.epri.com/index.php?title=Protect&oldid=55"