Cybersecurity considerations for electrical distribution systems
Securing the Network Management Module – 209
general IT components, while the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) publishes advisories
specific to control systems.
A regular patch deployment schedule should be established for each component in the environment. Depending on the component,
this could range from a monthly schedule to an as-needed deployment, depending on the historical frequency of patch or
vulnerability related issues for the component or the vendor. Additionally, out-of-band or emergency patch management needs to
be
considered and qualifications need to be defined.
Vulnerability information and advisories should be reviewed regularly and assessments should be performed to determine the
relative severity and urgency of issues.
Elements of the process should also include the preparation, scheduling, and change controls; testing and rollback procedures;
and pre-deployment notification to stakeholders that includes scope, expectations, and reporting. Testing is a significant element,
as
the effect of the patch application needs to be clearly understood; unintended or unexpected impacts to a control system
component influence the decision to deploy a patch. In the event that it isdetermined that a patch cannot be safely deployed but
the severity of the issue represents a significant concern, compensating controls should be investigated.
5.1.8 Conclusion
To protect important assets, all organizations must take cybersecurity threats seriously and meet them proactively with a system-
wide defensive approach specific to organizational needs.
There is no protection method that is completely secure. A defense mechanism that is effective today may not be effective
tomorrow– the ways and means of cyber-attacks constantly change. It is critical ICS administrators remain aware of changes in
cybersecurity and continue to work to prevent any potential vulnerabilities in the systems they manage.
5.1.9 Terms and definitions
DMZ A demilitarized zone is a logical or physical sub network that interfaces an organization’s external
services to a larger, untrusted network and providing an additional layer of security.
Encryption The process of transforming plain or clear text using analgorithm to make it unreadable to anyone
except those possessing special knowledge.
ICS A device or set of device that manage, command, direct, or regulate the behavior of other devices
or systems.
Protocol A set of standard rules for data representation, signaling, authentication, and error detection
required to send information over a communications channel
5.1.10 Acronyms
COTS Commercially Off-the-Shelf
DMZ Demilitarized Zone
DOS Denial of Service
FTP File Transfer Protocol
HMI Human Machine Interface
ICS Industrial Control Systems
ICS-CERT Industrial Control Systems - Cyber Emergency Response Team
IDPS Intrusion Detection and Prevention Systems
IDS Intrusion Detection Systems
To Next Page
Loading...
Need help?
General
