Protect: Difference between revisions

Protection Overview

Protection Summary

Key protection topics include:

• Security Architectures and Segmentation
• Vulnerability Management
• Hardening
• Secure Remote Access
• Transient Cyber Assets and Removable Media
• Identity and Access Management

Segmentation and Security Architectures

Vulnerability and Patch Management

Vulnerability Management is an ongoing process of identifying, assessing and addressing security vulnerabilities. It involves the systematic discovery, assessment and remediation of vulnerabilities to reduce the risk of cyber attacks and data breaches.

Challenges with vulnerability and patch management in power generation facilities include:

• Many rely on a manual process of identifying, prioritizing and remediating vulnerabilities is time-consuming and error-prone.
• Implementation of automated vulnerability scanning tools and threat intelligence feeds – prioritizing vulnerabilities based on their potential impact on operations.
• Dependencies on third party can introduce delay in the process of vulnerability remediation. Vendors validating the patches before the release can leave systems exposed for longer durations. To overcome this, a streamlined process should be established for validating and deploying the patches in a timely manner.
• Advisories inaccurate – In 2022, 34% of advisories contained errors (Source: Dragos)
• Adversaries interested in attacking old and unpatched vulnerabilities – The most exploited vulnerability of 2022 (Product - FortiOS and FortiProxy) was discovered in 2018

Current vulnerability and patch management key practices include continuous monitoring, automated patch deployment, and vendor patch support and outsourcing:

• Continuous Monitoring. Deploying automated tools to assess and monitor. Proper configuration and management of data should be done to avoid a significant backlog of data and alerts.
• Automated Patch Deployment. Cautiously deploy automated tools using test environments, change management and rollback plans to avoid accidentally disrupting operations.
• Vendor Support. Collaborate with vendors/suppliers to test and deploy patches in a timely manner.

Relevant EPRI Resources

• Risk-Informed Vulnerability and Patch Management Guide: Generation Cyber Security
• Advanced Vulnerability Grading Tool (AVGT) v 1.1
• Distributed Control Systems, Automation Technologies, and Embedded Security: Generation Cybersecurity
• Control System Protocols and Security Scanning: Guideline on Cyber Security Scanning for Generation Plant Control Systems
• Cyber Security Technical Assessment Methodology: Risk Informed Exploit Sequence Identification and Mitigation, Revision 1
• Patch Management Guideline CBT Transfer Module, version 1.0
• Patch Management Guidelines

Hardening

Secure Remote Access

Transient Cyber Assets and Removeable Media

Identity and Access Management