Infrastructure Security Month 2019

dhs_cisa_cisr_hero_FINAL (1)_0-infrastructure-security-month.jpg

October was Cyber Security Awareness month, established across the European Union, USA and in other nations with various events and initiatives to promote general cyber security best practices. If you participated in an event, we hope you enjoyed it and feel free to let us know your experiences.

November, this month, is Infrastructure Security month, and this was established in the USA by the Department of Homeland Security (DHS) - although its goals are certainly honourable enough to be recognised internationally. Let us know if you will be participating in some way, and how.

The goal of Infrastructure Security Month 2019 is to “enhance resilience through preparedness and exercises and promote smart, secure investment in resilient national infrastructure.”

Let’s try to explain that goal in ways that we can understand:

  • Enhance resilience in this context, means that infrastructures are reliable and strengthened, but if you/they receive some incident then you/they will be prepared to go through incident response processes

  • Preparedness means that organisations will need to know exactly what is on systems, that everything is patched and protected, and there is an incident response plan in place

  • Exercises are for the people side - do employees know what to do, what to approach, how to respond? There might be external players involved to audit against standards, to perform penetration tests or to bring in outside expertise during “table top” exercises. All this should be mapped out in case of emergency

  • Promote smart, secure investment - means:

    1. Ensuring that cyber is on the agenda at board-level, and a consideration in the Operational Technology engineering teams

    2. Promoting those organisations which follow not only regulation but good-practice standards such as ISO27001 and the NCSC Cyber Assessment Framework (CAF)

    3. Spending cyber security budget in the right places. First make sure that the risk profile is fully understood, then improve the cyber security resilience, and then consider what the best approaches will be. Be practical, be pragmatic

  • National infrastructure includes a variety of sectors (defined in different ways in different countries): electricity, oil & gas, water, transportation, chemicals, communications, defence, dams, food & agriculture, financial sector, healthcare & pharmaceuticals, critical manufacturing, government and emergency services

Thankfully at Awen we were founded specifically to address all the points above:

  • Profile ensures that critical national infrastructure is not only are aware of compliance levels to particular cyber security regulation in industrial organisations, but also ensures that improvements are being made - even with tight budgets in mind

  • Dot provides much needed clarity over the assets and vulnerabilities in the Operational Technology (OT) systems found on the factory floor and in building automation & control systems. It gives much finer granularity of detail within a risk profile, so that budget can be spent wisely in order to improve cyber security and general resilience

If this sounds of interest, and you would like to have a chat do just contact us by sending over an email to hello@awencollective.com and we would be happy to schedule a call or meet face-to-face. We never “hard sell”.