7 Ways to be More Cyber Secure

DC, UNITED STATES

09.01.2023

Courtesy Story

Headquarters Air Force, Office of the Director of Civil Engineers

✔ ✗ Subscribe

13

1) Ensure Regular Patching and Check for System Updates

- Regular patching and checking for updates to mitigate vulnerabilities and protect against known threats.

DAFGM Section: 3.7.2 Software

2) Use Proper Password Protocol

- Implementing strong passwords, regular password changes, and additional security measures like multi-factor authentication significantly can enhance the overall security posture of your OT systems. Following proper password protocols in OT cybersecurity helps prevent unauthorized access, protect sensitive information, mitigate credential-based attacks, counter insider threats, comply with regulations, mitigate password reuse risks, and maintain system and network integrity.

- Ensure all personnel are educated on their responsibility for password/account protection.

- Eliminate the use of default usernames and passwords. Additionally, all new passwords will follow requirements in DoDI 8520.03, Identity Authentication for Information Systems.

- Do not share passwords. (In the event of a compromised password, change the password immediately.

- Regularly review all user accounts and delete those accounts that are unused or no longer necessary.

- Apply the “principle of least privilege” to limit authorized users on an as-needed basis with permissions pertinent to the users’ role.

- Do not bypass the system’s authentication mechanisms and account “lock out” settings. Harden authentication mechanisms beyond default settings where possible.

DAFGM Section: 4.3 Authentication/User Account Management

3) Ensure Proper Physical Security of Operational Technology

- Physical security is crucial in OT cybersecurity as it helps prevent unauthorized access, protect against physical attacks, mitigate insider threats, safeguard against unauthorized device connection, protect physical backups and storage, comply with regulations, and enhance resilience against natural disasters. By implementing robust physical security measures, organizations can strengthen the overall security posture of their OT systems and mitigate potential physical risks and vulnerabilities.

- Store computers and interfaces that support control systems in a secure space, where physical access can be restricted to only those who require it.

- Abide by strict access control protocols to prevent unauthorized physical access to all components of control systems (particularly focusing on control nodes) and the unauthorized introduction of new hardware, infrastructure, and communications interfaces where feasible.

- Document who has control over control systems equipment locations (e.g., electrical, mechanical, communications rooms).

- Document and confirm the physical security of control systems and components in the inventory.

DAFGM Section: 4.4 Physical Access Control

4) Ensure Incident Response and Recovery Plans and Training

- Ensure response and recovery due to significant cyber incidents to control systems are incorporated into base-level Emergency Operations Center (EOC) processes and Crisis Action Team (CAT) checklists.

- Ensure response plans (Incident Response/Business Continuity), recovery plans (Incident Recovery/Disaster Recovery), and contingency plans are in place and managed per NIST Develop Response, Recovery, and Contingency plans if they do not currently exist.

- Plans shall contain specific tactics, techniques, and procedures for when adversarial activity is detected. Such a plan may include disconnecting all Internet connections, running a properly scoped search for malware, disabling affected user accounts, isolating suspect systems, and an immediate 100 percent password reset. The plan may also define escalation triggers and actions, including incident response, investigation, and public affairs activities.

- Ensure plans are tested, reviewed annually at a minimum and updated as necessary.

- Have a system recovery and contingency plans in place, including having recovery disk(s) and source configuration backups ready to restore systems to known good states.

- Ensure the ability to revert to manual operations in the instance connection is lost or if a system is “blacklisted.”

DAFGM Section: 4.6 Response, Recovery and Contingency Plans

5) Take Appropriate DAF Cybersecurity Coursework

- AF/A4C memorandums to the Civil Engineer Community dated, 27 September 2021 and 3 November 2021 address control system cybersecurity training requirements for enlisted and civilian CE personnel.

- These memorandums require personnel who fall under specific positions to take Civil Engineer School course number WENG 170 “Cybersecurity for Civil Engineers”.

Course Descriptions:

- WENG 170: This course was developed to familiarize Civil Engineer personnel on control systems cybersecurity, including threats and vulnerabilities as well as mitigation strategies in employing best practices to defend against cyberattacks.

- WENG 270: This course presents hands-on training for civil engineers to understand the impact of cyber-attacks against control systems. Students engage in a series of lab exercises utilizing the Mobile Industrial Control System Security Trainer (MIST). The curriculum introduces students to ladder logic, human machine interfaces and basic networking principles that emulate a real-world control system. These lesson objectives are applied during the capstone exercise that illustrates how malicious code can create a physical effect on control systems.

- WENG 370 Control Systems Cybersecurity for CE Leaders: This course was developed for civil engineers holding leadership positions to understand their role and responsibilities in protecting control systems against cyber-attacks. The course introduces the concepts of cybersecurity vs. cyber resiliency, highlights the evolution of cyber-attacks against control systems and outlines key responsibilities taken from recently published directives and policies. The material applies basic cybersecurity principal concepts from WENG 170 using real-world examples.

- Apply security techniques such as encryption and/or cryptographic hashes to control systems data storage and communications were determined appropriate by ISO.

- Frequently conduct, maintain, and properly store backups of control systems “gold copy” resources, such as firmware, software, ladder logic, service contracts, product licenses, product keys, and configuration information.

- Ensure that all “gold copy” resources are stored off-network and store at least one copy in a locked tamper-proof environment (e.g., locked safe) for business continuity and disaster recovery.

- When a control system is no longer required, the ISO shall take appropriate action to ensure the system and its data is properly disposed per established procedures detailed in NIST SP 800-53.

6) Ensure Proper Data Storage Procedures

- Apply security techniques such as encryption and/or cryptographic hashes to control systems data storage and communications were determined appropriate by ISO.

- Frequently conduct, maintain, and properly store backups of control systems “gold copy” resources, such as firmware, software, ladder logic, service contracts, product licenses, product keys, and configuration information.

- Ensure that all “gold copy” resources are stored off-network and store at least one copy in a locked tamper-proof environment (e.g., locked safe) for business continuity and disaster recovery.

- When a control system is no longer required, the ISO shall take appropriate action to ensure the system and its data is properly disposed per established procedures detailed in NIST SP 800-53.

DAFGM Section: 4.5 Data Storage and Disposal

7) Stay Up to Date on OT Security Trends, Vulnerabilities, And Best Practices

- Stay informed about the latest vulnerabilities and security patches related to the components and software used in your ICS.

DAFGM Section: 3.2.2 Identifying Vulnerabilities & Mitigations

Reference the DAFGM to learn about these best practices and more: https://static.e-publishing.af.mil/production/1/af_a4/publication/dafgm2023-32-01/dafgm2023-32-01.pdf