Cyber Security Awareness Month Series Part 1: The Basics of Cyber Risk Management for Critical Infrastructure Executives and Board Directors

In appreciation for Cyber Security Awareness Month during October, we are excited to provide a three-part article series on Cyber Security Risk Management for Critical Infrastructure Executives and Board Directors. This series will cover the following topics:

  1. The Increasingly Threatening Cyber Threat Landscape for Critical Infrastructure Operators 
  2. Guidelines on How to Build an Effective Cyber Security Risk Management Programs
  3. Proven Techniques on How to Implement Effective Cyber Security Governance Practices for Your Program 

Cyber Security is not an IT issue – it is a risk management and governance concern that executives and Boards must tightly oversee, manage, and support. This includes physical security due to the association of physical breaches of key facilities and assets. Cyber security management should not be a standalone initiative; rather, it must be integrated into your overall enterprise risk management program.

Read more Cyber Security Awareness Month Series Part 1: The Basics of Cyber Risk Management for Critical Infrastructure Executives and Board Directors

Agencies Warn of Cyber Threats Targeting ICS/SCADA Devices

The Department of Energy (DOE), the Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), and the Federal Bureau of Investigation (FBI) release a joint Cybersecurity Advisory (CSA) to warn that certain advanced persistent threat (APT) actors have exhibited the capability to gain full system access to multiple industrial control system (ICS)/supervisory control and data acquisition (SCADA) devices, including:

  • Schneider Electric programmable logic controllers (PLCs),
  • OMRON Sysmac NEX PLCs, and
  • Open Platform Communications Unified Architecture (OPC UA) servers.

Read more Agencies Warn of Cyber Threats Targeting ICS/SCADA Devices

Supply Chain/Third Party Breaches – Your New #1 Highest Cyber Risk

For years the security community has viewed internal resources as presenting the greatest cyber risk to an entity. In 2021, shortly on the heels of the much-publicized SolarWinds breach, as well as many other supply chain/third party cyber breaches, it can be argued that supply chain/third parties now represent a greater cyber risk than insiders. This poses an extremely difficult problem to address given the number of third parties providing technology services to critical infrastructure entities and the nature of the services provided by the third parties. Even a mid-sized electric distribution utility can have more than 30 vendors that provide critical technology services and/or have access to the utility’s key systems – greatly increasing the entity’s attack surface, and the number of potential attack vectors, which can lead to a damaging breach. Read more Supply Chain/Third Party Breaches – Your New #1 Highest Cyber Risk