Security By Trust

In physical world, we trust this glass roof is safe and secure to walk on because there are underlying processes to sustain its safety: Regular inspection and maintenance Regulatory requirement for license issue and renewal 3rd party insurance etc. In addition in building this infrastructure, the design will cater for the intended loading with safety margin, wind speed, anchor points stability plus build it per engineering standard to ascertain the quality. We will therefore have no doubt and trust these arrangements are in place and safely step on it. In cyber world, things are different. There might be cybersecurity standards as foundation but the design and build will require competent practitioners. Even there is comprehensive verification tests before commissioning, there are always new cyber threats requiring recurring effort to sustain the protection effectiveness. Deception to lurk victim into malicious web site to compromise the device or application will further complicate the situation. Then, how do we stay secure in the cyber world? It's a very...
Read More

Infected

A leaft in a plant is infected. Saving the plant should contain and neutralize the infected from spreading to other peers. Similarly if a computer in a Plant system is compromised, the recovery is to contain, neutralize and rectify it to avoid affecting the neighouring nodes. On a strategic approach, if the ingress/egress points with external systems including removable media are tightly controlled and the O&M activities are strictly following the administrative controls, the likelihood of being compromised if rare to none; even security patching is not in regular fashion. This is the common practice in industrial automation control systems. However, certain cybersecurity practitioners always believe the same maintenance practice including technical controls as if in IT should be adopted. This will definitely consume unnecessary resource and likely break things causing severe damage to the plant. ...
Read More

We are all just prisoners here, of our own device …

The lyrics from "Hotel California": the song was recorded in 1976 and the prediction is so true Disruptive technologies and their rapid advancement have changed the way we live. With proliferation of Internet hotspot (mostly free) & powerful mobile device (smaller size, powerful processor, larger storage), now everyone is able to get connected from casual reading email, browsing the web, sharing status in social media, chatting via instant message to checking flight status, exchange rates, performing critical decision like confirming high value transactions. With so much convenience, we rely heavily on this tiny device to keep our memories (contact info, photos, reminders), credentials (digital wallet, second factor authenticator) and get connected. We can't afford to lose it nor have it malfunctioned. Otherwise, we shall be handicapped in the physical world. We are now the prisoner of our device … ...
Read More

Recovery

We heard a lot to have frequent backup as mitigation measure to recover system from attack, most likely from ransomware. While periodic backup is important, the hard part is when do we know if the recovered system still carried the malicious codes that threat actor has planted? That said, the backup has already included the persistent threat. This is complex and situation specific. Some thoughts can be considered: Have digital forensic expert to examine the infected system, understand the attack path and the trigger for malicious codes, revalidate these behaviors after complete system recovery before back to businessSegregate contents from codes; so that a clean system can be built. The challenges are the configuration and data connector; whether persistent threat is stored as data (usually in external supplied content like readers' comment) There is no bullet proof solution but to maintain a hygiene information processing environment in reducing the likelihood: Adopt SecDevOps to address weakness during development and subsequent operationsConduct periodic holistic cybersecurity assessment...
Read More

Dormant

Malware nowadays is getting sophisticated - has small footprint, evade sandbox & detection, determine platform to inject the applicable payload, some even change account password, disable all network interfaces to completely lock you out. Backup is one of the mitigation means for recovery of the pre-victim state at cost of losing certain application data. The challenge is that malware might have already existed in the previous state in dormant form and the backup carries it. What should best be done? In extreme case, no Internet and even standalone with communication, no removable media and all I/O ports sealed, zero-trust of any users with all system privileges locked down, application white-listed, use kiosk mode. Imagine you are working in an organization like this. You won't be working long as the business will soon cease in such environment. And after all, who should be appointed to maintain the system that this inevitably requires root privileges. This is a risk taking consideration....
Read More

Automation

Everyday, we rely so much on automation ... be seen or behind the scene: rice cooker, temperature control of air conditioner, TV program recorder, garage entry, escalator, fire alarm system, traffic light, public lighting, vehicle, train, vessel, cargo terminal, electric grid, etc. Are we ready to bear with the failure in any of these automation?  Or how long we can tolerate with degraded service? These are the basis to derive the alternate processing model to resume service though it might not be up to the expected service quality.  Shortening the unplanned outage time or increasing service quality during outage will be materialized into substantial monetary terms. Cybersecurity practitioner can only facilitate the thought process but the ultimate decision is from business - risk taking between optimal or optional investment to meet the business target....
Read More

Resilience

How much resilience is sufficient: single, dual, triple, quadruple or more? You need to understand what is the consequence of system component failure to the committed service per agreement. It is the kind of balancing risk for optimal investment.  Even if there is penalty clause for breaching the committed service level, the amount paid out might be much less than the TCO (Total Cost of Ownership) of investing a robust infrastructure and the recurring running cost. Nevertheless, intangible loss like brand name or reputation damage need to be considered....
Read More

Operation Risk

Unlike IT application, ICS (Industrial Control System) involves direct physical process that will affect human safety and impose environment impacts. When we conduct ICS risk assessment, we must not just limited thoughts to cyber risks.  Cyber risk is just one of the causes that affect the stability, manageability and operability of the ICS. For impacts caused by cyber issues, are these due to general equipment fault rather than cyber attack?  What about other physical damages like communication lines fails due to natural disaster, or machinery break down from wear and tear?  The counter-measures shall then also address non-cyber issues for a comprehensive business continuity arrangement....
Read More

Backup & Recovery

Service availability expectation is high nowadays.  Customers expect everything is always up and running any time for usability. Backup for recovery becomes challenging: platform & applications, system configuration and application data are changing at different frequencies.  It is necessary to formulate the backup strategy at design stage or be part of the major change to meet the recovery time objective by deploying viable technologies. GFS (Grandfather, Father, Son), or 3 generations, is still considered as the minimum set for full backup to recover the entire system at certain point in time.  It's how frequent this is done and what are other business continuity activities to complement the "outdated" information....
Read More