Build a plan to isolate, protect, and operate your grid controls during a cyber attack.
Identifying key gaps across your organization
Utility executives cite cybersecurity of OT systems and devices as their number one concern. The ever-changing and expanding digital landscape leave networks vulnerable.
Even the most collaborative of utilities tend to have gaps in their ability to implement effective response actions to cybersecurity incidents. While each functional area within your organization may have a detailed understanding of the specific assets and flow of information within its boundaries, challenges arise when looking beyond those boundaries.
Developing an action plan
Utilities at varying levels of cybersecurity maturity must develop response actions that preserve the ability to monitor and control the entire grid while the cyber breach is mitigated. This includes:
- Map your network architecture—Map the network architecture across your enterprise to help clarify dependencies between networks, spot potential intrusion paths for external entities, and determine the best disconnection points from which to isolate critical operational assets and systems.
- Define critical assets, system functionality, and data flows—Determine the functionality or data you’d be unable to operate without to help establish the best response actions.
- Implement mitigation processes — Create processes that can be implemented to reduce the impact to your operations, regulatory compliance, and monitoring capabilities
- Maintain regulatory compliance throughout response activities—Identify compliance-related risks and impacts and develop mitigation procedures to deploy in parallel with your response activities.
Testing your plan in the production environment
Developing organizational processes and procedures to protect your OT during a cyber threat is a valuable experience in and of itself, but testing those plans through a live exercise on your production environment will give you an extra level of assurance that your organization is prepared to put them to use.
- Validate understanding of architecture— Testing technical procedures on the production environment will verify what functionality will be lost and retained during an actual event.
- Prepare resources—Response teams and staff have the opportunity to react to a cyber threat in a controlled environment and practice executing procedures and carrying out corresponding response actions.
- Identify gaps—Leverage the knowledge spread across different groups to identify shortfalls in resiliency to a real-life event.
Creating a culture of resiliency
A swift and coordinated response to a cyber incident is crucial to protect the organization from any threat to critical infrastructure reliability.