U.S. critical infrastructure must guard against malicious cyberattacks by implementing encryption and authentication at all access points for connected OT assets or continue to face an increased level of cyber risk.
Russian hackers are attempting to broadly penetrate Ukrainian infrastructure to disrupt critical services such as electricity, transportation, finance, and telecommunications.
Watch this video and learn simple methodologies for building a zero-trust architecture to protect against such cyberattacks, including:
- Ensure all communication from IT/Internet to OT network is encrypted
- Ensure there is no data-in-transit for any user sessions not associated with a multi-factor authenticated session
- Isolate all data communication protocols to OT network
- Ensure all user access session data to critical OT systems are logged and recorded
- Ensure plant-level controls for allowing remote access through “software lockbox” and “virtual wait lobby,” including visual and audible alarms
- Monitor all non-read-only user access sessions
- Verify acceptable risk level for access to critical assets through asset monitoring, threat (IOC) feeds, and vulnerability detection tools.
Mark Weatherford is the (virtual) Chief Information Security Officer at AlertEnterprise, the Chief Strategy Officer (and a Board member) at the National Cybersecurity Center, and the Founding Partner of Aspen Chartered Consulting, where he provides cybersecurity consulting and advisory services to public and private sector organizations around the world.
Mark has held a variety of executive level cybersecurity roles including Global Information Security Strategist at Booking Holdings, Chief Cybersecurity Strategist at vArmour, a Principal at The Chertoff Group, Chief Security Officer at the North American Electric Reliability Corporation, and Chief Information Security Officer for the state of Colorado. In 2008 he was appointed by Governor Arnold Schwarzenegger to serve as California’s first Chief Information Security Officer and in 2011 he was appointed by the Obama Administration as the Deputy Under Secretary for Cybersecurity at the U.S. Department of Homeland Security.
Bill Moore is the CEO and Founder of XONA, providers of a unique zero-trust user access control and analytics platform for critical infrastructure. Currently focused on helping global power, oil and gas, and manufacturing customers reduce their remote operations costs and cyber risks, Bill has 20+ years of experience in security and the high-tech industries, including positions in sales, marketing, engineering and operations.