Cyber Security: Cyber Security Defense-in-Depth -- Mobile Media

Stephen Santee, consultant for Invensys Critical Infrastructure & Security Practice, discusses multiple defense mechanisms that can be implemented to prevent or detect cyber attacks.

 

Cyber security defense in-depth is a concept of protecting digital assets from cyber attacks by placing multiple defensive mechanisms in a series to prevent or detect a cyber attack. Common defense in-depth practices include using multiple brands of firewalls to protect network layers. This example deals with vulnerabilities within a certain brand or type of firewall. If the first firewall, brand X, has a vendor-specific vulnerability, then the second firewall, brand Y, should not contain the same vulnerability. But what if the attack originates on the inside of the network? What if a mobile media device such as a flash drive is used to launch an attack knowingly or unknowingly?

The Nuclear Regulatory Commission (NRC) recognizes the need for defense in-depth as it pertains to mobile media. Part of NRC Regulations Title 10, Code of Federal Regulations (CFR) 73.54 is to address mobile media. As this type of attack has become more prevalent in recent years with malware launching from flash drives behind defensive layers, multiple defensive mechanisms should be put in place to prevent or detect these types of attacks. Let us look at the multiple defense mechanisms that can be put place:

 

Policies and Procedures

Organizations should provide policies to their employees, vendors, and contractors that provide detailed information that governs the proper use of mobile media. In addition to use, policies and procedures should also direct procurement of mobile media.

 

Training

Job-specific training concerning the use of mobile media will bring awareness and understanding of the risks associated with mobile media use.

 

Scanning

Dedicated scanning workstations to scan and detect malware. These workstations should run malware software that is different from malware software in use on the business network or Distributed Control System (DCS) network.

 

Whitelisting

Whitelisting software is a last line of defense that prevents unauthorized software to execute on a workstation or server.

These types of defensive mechanisms can prevent or detect a cyber attack from a mobile media device, and it is important to implement both administrative and technical controls to have the most robust defense. However, even with multiple types of controls implemented, the most important part of these defensive mechanisms is user compliance. Without user compliance, most types of defensive mechanisms will fail.
 

Want to win a Dell Tablet? Read the rules below and take the survey for this post here. 

Dell Tablet Giveaway

We want to hear from you, so we're giving away a Dell tablet! Keep up to date with the Invensys cyber security team through a pre-loaded Android app and have easy access to The Cyber Advisor Newsletters as well as datasheets and service profiles about our solutions.

During the month of May, there will be 2 blog entries a week that contain a link to a survey related to that post. The rules are simple. To qualify, you must take the survey and leave a comment saying you completed the survey.  The more blogs you read, the more surveys you take, the greater your chances of winning. The winner will be announced on the blog May 31, so please remember to check back!