Once defined, the tactics, techniques, and procedures that are used by such organizations are areas that need to be guarded. But it doesn’t stop there. Even after the most likely adversary is identified, the process should be to utilize best practices to eliminate the threat posed by any threat actor.
Resilience and good cyber hygiene can protect our values, industries, and services. Here are some tips that can be used by both those who work in critical infrastructure and the public.
Energy SectorThis sector is an underlying operational requirement for most other critical infrastructure. The energy industry carries specific risks and controls must be put into place in order to build resilience to a cyber-attack. One of the most important pieces is to approach cybersecurity training with an emphasis on understanding.
Tip: Make sure that you apply the rules to your everyday work practice and not another “training” that you already know. Speak up if you have ideas or recommendations on making training more accessible or aligned to your work stream.
Chemical SectorManufacturers and private owners should be applying cybersecurity best practices to their information systems and industrial control systems. Awareness of the threat and the interdependency of the supply chain of critical services that are supporting other critical services is key.
Tip: “See something, say something.” If something seems out of place or suspicious, use caution and good judgment.
Commercial Facilities SectorThis critical infrastructure component has eight subsections and ranges from most hotels to retail to media. Media includes music, movies, and other forms of electronic content. Do not engage in piracy or attain IP that is not purchased through reputable retailers. Downloading from nefarious websites is a major vector for infecting your systems as well as contributing to illegal activity.
Tip: Be aware of potential threats on point of sale systems. Card readers implanted on legitimate devices can compromise credit card information. Make sure that the card reader is sturdy and nothing is stuck over the top. In some cases, entire units are placed on top of ATMs, retail card readers, and gas pumps to help keep them safe.
Communications SectorWired, wireless, and satellite communications are more than just an underpinning of modern life. They are the “enabling function” across most other sectors. Use access to the internet judiciously.
Tip: Keep your machine “clean” with current patches and updated anti-malware software. Making your machine secure helps make sure nefarious programs are not utilizing this resource to exhaustion.
Critical Manufacturing SectorThis sector is reliant on many others including transportation, energy, and information technology. The underlying risk is that any one disruption will have ripple effects across other infrastructure areas. Make sure that you only use corporate assets for corporate business. Plugging unknown devices into a company machine can have severe consequences across corporate and third-party networks that are connected to that infrastructure.
Tip: Easily stop malware infection by forbidding use of personal USBs plugged into corporate assets.
Dams SectorThe private and public infrastructure of U.S. dams have obvious ties to energy and water infrastructures. Remember, systems are interconnected. Use each system for the specific purpose in which it is intended. For example, make sure that passwords and access to government portals and underlying subsystem control interfaces are protected.
Tip: Don’t utilize the same password across your personal and business accounts. If you do, and the password is compromised from a public portal, it can be used to access a private business portal. The attacker could gain access to more than just your email account. Based on your role within the organization, the hacker could have have compromised the methods to affect the dam, its controls, and the safeguards of those who could be at potential risk.
Defense Industrial Base SectorBy nature of this sector, the level of control and security protocols should prohibit any public influence. However, we can take a conservative, pessimistic mindset in terms of how we use technology.
Tip: Think about ways in which you can be a good cyber citizen. Opening an email that looks enticing can have detrimental consequences. Vigilance is required from all who utilize internet connected technologies.
Emergency Service SectorSociety is shifting to use social media as a method for emergency communications. Social media can be used for updates, alerts, and emergency warnings. The public responsibility is to utilize these technologies and updates judiciously. Remember, if it is on the internet, it is public. You have to guard your level of privacy.
Tip: Although what to share online is a personal decision, be cautious. When we overshare we may be putting ourselves or others in jeopardy. Think before you post. “How can this information be used for harm?”