Cyber-security – Metal & Things

MAT – MAKING SURE YOUR BUSINESS INFORMATION STAYS WHERE IT BELONGS

We specialize in planning, forming, managing and maintaining broad-based information security solutions for all types of organizations. Our work begins with the analysis and comprehensive risk assessment phase and continues through solution implementation and hardening of existing networks. Private or public, it is critical to protect your network.

Critical Infrastructure and Public Protection Strategies:

Chemical Sector

Manufacturers and private owners should be applying cybersecurity best practices to their information systems and industrial control systems. Awareness of the threat and the interdependency of the supply chain of critical services that are supporting other critical services is key.

Commercial Facilities Sector

This critical infrastructure component has eight subsections and ranges from most hotels to retail to media. Media includes music, movies, and other forms of electronic content. Do not engage in piracy or attain IP that is not purchased through reputable retailers. Downloading from nefarious websites is a major vector for infecting your systems as well as contributing to illegal activity.

Critical Manufacturing Sector

This sector is reliant on many others including transportation, energy, and information technology. The underlying risk is that anyone disruption will have ripple effects across other infrastructure areas. Make sure that you only use corporate assets for corporate business. Plugging unknown devices into a company machine can have severe consequences across corporate and third-party networks that are connected to that infrastructure.

Dams Sector

The private and public infrastructure of U.S. dams has obvious ties to energy and water infrastructures. Remember, systems are interconnected. Use each system for the specific purpose in which it is intended. For example, make sure that passwords and access to government portals and underlying subsystem control interfaces are protected.

Emergency Service Sector

Society is shifting to use social media as a method for emergency communications. Social media can be used for updates, alerts, and emergency warnings. The public responsibility is to utilize these technologies and updates judiciously. Remember, if it is on the internet, it is public. You have to guard your level of privacy.

Energy Sector

This sector is an underlying operational requirement for most other critical infrastructure. The energy industry carries specific risks and controls must be put into place in order to build resilience to a cyber-attack. One of the most important pieces is to approach cybersecurity training with an emphasis on understanding.

Financial Services Sector

Monetary infrastructure is a sector of extreme risk and volatility. It requires us to be cognizant of our own cyber practices. It is these practices that can lead us to divulge information to cyber criminals. This information can cause us to become victims to fraud like losing money or having false tax filing issued against us.

Food and Agriculture Sector

As a consumer-based sector, this becomes a risk when certain health claims are made and advertised online or through email. Due diligence is required in this space. This sector has huge risks in social engineering and consumable products. These risks are not in your best interest both from a cybersecurity perspective and also for your physical health.

Government Facilities Sector

The government property and facilities sector encompass an enormous number of physical assets. Schools, government buildings, and national monuments are part of this sector. Another major part is elections infrastructure, covered by the Elections Infrastructure Information Sharing and Analysis Center (EI-ISAC).

Healthcare and Public Health Sector

Access to Personal Health Information (PHI) is necessary for healthcare workers to provide quality care to patients. Access to this data must be controlled with specific regard to how it is shared. It must be considered highly confidential and any dissemination of it should be secure and appropriate.

Tip: Data should be shared on a “need to know” basis. When employees distribute healthcare information, they should ensure:
• that they have permission to send the information, and
• that the recipient is aware of their responsibility to ensure confidentiality is maintained once they receive this information.

Information Technology Sector

The critical sector that defines the 21st century is the internet. Internet access is a great tool, but it is important to remember that those with nefarious intent also have access. It is our responsibility to make sure that such activity is thwarted. Where possible, we should minimize threat surfaces by making systems more difficult for attackers to access.

Transportation Sector

Travel and transport are the concerns in this space. Be cautious not only of your surroundings but of the things you are physically carrying with you.

Water and Wastewater Systems Sector

The final critical infrastructure area touches water supply systems. There is specific criteria defined by the Environmental Protection Agency (EPA) and cybersecurity guidance provided for states.

This criteria defines initiating a program as the hardest part of minimizing risk and applying appropriate controls. One strong starting point would be the CIS Controls, a prioritized list of security steps that are essential to cyber resilience.

Tip: Personnel may believe they do not have the specialized skills to use cybersecurity controls effectively. This is not the case. Anyone can start with a risk-based approach that takes into account the targets an adversary is most likely to seek.

Securing our future

Although each critical infrastructure sector has its own unique risks and challenges, many of the technical vulnerabilities are shared. The CIS Benchmarks are configuration guidelines for securing servers, operating systems, software, and more. When applied to a system, the CIS Benchmarks can help reduce cybersecurity risks and protect against attacks.