Protect: Difference between revisions

From CyberWiki
Jump to navigation Jump to search
No edit summary
Line 30: Line 30:


'''Relevant EPRI Resources'''
'''Relevant EPRI Resources'''
*[https://www.epri.com/research/products/000000003002024344 Risk-Informed Vulnerability and Patch Management Guide: Generation Cyber Security]
*[https://www.epri.com/research/programs/112046/results/3002011187 Patch Management Guidelines]
*Risk-Informed Vulnerability and Patch Management Guide: Generation Cyber Security CBT
*[https://www.epri.com/research/programs/112046/results/3002011188 Patch Management Guideline CBT Transfer Module, version 1.0]
*Advanced Vulnerability Grading Tool - avgt.epri.com
*[https://www.epri.com/research/programs/112046/results/3002012752 Cyber Security Technical Assessment Methodology: Risk Informed Exploit Sequence Identification and Mitigation, Revision 1]
*AVGT Training
*[https://www.epri.com/research/programs/112046/results/3002014369 Control System Protocols and Security Scanning: Guideline on Cyber Security Scanning for Generation Plant Control Systems]
*[https://www.epri.com/research/programs/112046/results/3002015258 Distributed Control Systems, Automation Technologies, and Embedded Security: Generation Cybersecurity]
*[https://www.epri.com/research/programs/112046/results/3002021170 Advanced Vulnerability Grading Tool (AVGT) v 1.1]
*[https://www.epri.com/research/programs/112046/results/3002024344 Risk-Informed Vulnerability and Patch Management Guide: Generation Cyber Security]


== Hardening ==
== Hardening ==

Revision as of 18:52, 25 September 2024

Protection Overview

Protection Summary

Key protection topics include:

  • Security Architectures and Segmentation
  • Vulnerability Management
  • Hardening
  • Secure Remote Access
  • Transient Cyber Assets and Removable Media
  • Identity and Access Management

Segmentation and Security Architectures

Vulnerability and Patch Management

Vulnerability Management is an ongoing process of identifying, assessing and addressing security vulnerabilities. It involves the systematic discovery, assessment and remediation of vulnerabilities to reduce the risk of cyber attacks and data breaches.

Challenges

Challenges with vulnerability and patch management in power generation facilities include:

  • Many rely on a manual process of identifying, prioritizing and remediating vulnerabilities is time-consuming and error-prone.
  • Implementation of automated vulnerability scanning tools and threat intelligence feeds – prioritizing vulnerabilities based on their potential impact on operations.
  • Dependencies on third party can introduce delay in the process of vulnerability remediation. Vendors validating the patches before the release can leave systems exposed for longer durations. To overcome this, a streamlined process should be established for validating and deploying the patches in a timely manner.
  • Advisories inaccurate – In 2022, 34% of advisories contained errors (Source: Dragos)
  • Adversaries interested in attacking old and unpatched vulnerabilities – The most exploited vulnerability of 2022 (Product - FortiOS and FortiProxy) was discovered in 2018

Current vulnerability and patch management key practices include continuous monitoring, automated patch deployment, and vendor patch support and outsourcing:

  • Continuous Monitoring. Deploying automated tools to assess and monitor. Proper configuration and management of data should be done to avoid a significant backlog of data and alerts.
  • Automated Patch Deployment. Cautiously deploy automated tools using test environments, change management and rollback plans to avoid accidentally disrupting operations.
  • Vendor Support. Collaborate with vendors/suppliers to test and deploy patches in a timely manner.

Relevant EPRI Resources

Hardening

Secure Remote Access

Transient Cyber Assets and Removeable Media

Identity and Access Management

Retrieved from "https://cyberwiki.epri.com/index.php?title=Protect&oldid=52"