{"id":7629,"date":"2022-04-14T11:15:53","date_gmt":"2022-04-14T18:15:53","guid":{"rendered":"https:\/\/blogs.infoblox.com\/?p=7629"},"modified":"2022-04-04T12:25:28","modified_gmt":"2022-04-04T19:25:28","slug":"the-case-for-cybersecurity-modernization","status":"publish","type":"post","link":"https:\/\/www.infoblox.com\/blog\/security\/the-case-for-cybersecurity-modernization\/","title":{"rendered":"The Case for Cybersecurity Modernization"},"content":{"rendered":"

Government regulators have been recently taking an increased and active interest in cybersecurity defenses, especially with transportation and energy industries. Although the best practices proposed are basic measures that organizations should take, there are additional approaches that can boost an organization\u2019s security capabilities and responsiveness.<\/p>\n

Given the massive differences in cybersecurity levels in many companies both in energy and transportation, there is a pragmatic logic to providing a basic set of guidelines that most organizations can implement fairly easily and quickly. That said, given the extreme importance of cybersecurity in 2022 due in part to ransomware and state actor attacks, it might be prudent to ask what else companies can do.<\/p>\n

The U.S. Department of Homeland Security\u2019s Transportation Security Administration (TSA) issued two security directives issued in December 2021<\/a>. First, we should stress that all of these directives are not being published for the entire industry, so we can only discuss the few details they have announced.<\/p>\n

The TSA Security Directives announced today target higher-risk freight railroads, passenger rail, and rail transit, based on a determination that these requirements need to be issued immediately to protect transportation security.\u00a0 These Directives require owners and operators to:<\/em><\/p>\n

    \n
  1. designate a cybersecurity coordinator;\u00a0<\/em><\/li>\n
  2. report cybersecurity incidents to CISA within 24 hours;\u00a0<\/em><\/li>\n
  3. develop and implement a cybersecurity incident response plan to reduce the risk of an operational disruption; and,\u00a0\u00a0<\/em><\/li>\n
  4. complete a cybersecurity vulnerability assessment to identify potential gaps or vulnerabilities in their systems.<\/em><\/li>\n<\/ol>\n

    While many enterprises may already have been doing some of these for years if not decades, the conversation also needs to move towards resilient approaches that can increase their defenses.<\/p>\n

    The energy new rules\u2013specifically, for \u201ccritical pipeline owners and operators<\/a>\u201d–came out the summer of 2021. The second directive, which builds on top of a first directive back in May of 20201, requires pipeline owners and operators to \u201cimplement specific mitigation measures to protect against ransomware attacks and other known threats to IT and OT systems,\u00a0develop and implement a cybersecurity contingency\u00a0and recovery plan, and conduct a cybersecurity architecture design review.\u201d<\/p>\n

    What companies need to do today to boost cybersecurity is to not only boost security defenses, but to make sure they have modern mechanisms in place to use those security tools and get maximum value out of those tools.<\/p>\n

    The best example: Automation. The speed and intensity of attacks is such that enterprises need to come up with new ways to keep up. After all, the best way to slow down a meaningful defense is to hide\/obscure the attack for as long as possible. That typically means either an undifferentiated flood of simultaneous attacks\u2013to hide the actual attack\u2013or to stage one large focused attack, such as a DDOS, to take attention away from the real target, such as rerouting Payroll payments or downloading a half-petabyte of customer data. Otherwise, Security will waste lots of time chasing down bogus alerts\u2013which is precisely what the attackers want.<\/p>\n

    Automating incident response and investigation as much as possible, along with leveraging machine learning to allow the system to figure out what to do, is an ideal way to quickly identify the real attack so that the SOC team can minimize impact of the attack.<\/p>\n

    A big challenge for security today is that many enterprises have not sufficiently changed their security defenses over the last several years, despite the fact that the attack surface they are defending has dramatically changed. How so?<\/p>\n