How the Energy Sector Can Power-Up Portable Media Security
Originally published on February 21, 2022.
The energy sector frequently reports some of the highest rates of cyber incidents because of its critical nature, with portable media presenting security challenges on multiple fronts. From Operational Technology (OT) and Information Technology (IT) isolation to compliance regulations, the energy sector needs to effectively address these challenges and the subsequent threats, or consequently face the risk of a cyberattack that could incapacitate every other industry.
A Divergence of Technology
Most of the energy sector is in the process of undertaking IT/OT convergence projects. Industrial control systems (ICS), SCADA systems, and programmable logic controllers (PLCs) all incorporate elements of IT. And that means that they need to be managed and protected just like an IT asset. Most OT environments are deployed on air-gapped networks or demilitarized zones (DMZ) to harden the security of ICS, but this approach introduces its own challenges. Organizations may struggle to update anti-virus engines, patch systems, monitor and log system events, and otherwise manage isolated systems and devices – challenges that can be solved by portable media, such as USB and external drives.
Internal and External Threats
External threats range from nation states to financially motivated cybercrime, and both look increasingly similar. Other threats may emerge as insider attacks, a careless employee may become an unforeseen source of risk, or a vulnerable software update may enter through the supply chain. Whether internal or external, removable media can serve as an attack vector and contain malicious hardware/firmware, malware in hidden partitions, as well as infected files.
Compliance Regulations
The North American Electric Reliability Corporation (NERC) requires all bulk electric systems (BES) to comply with its Critical Infrastructure Protection (CIP) framework. NERC CIP spans a dozen standards, from NERC CIP 003-7 that discusses transient cyber assets and removable media, to NERC CIP 010-4 that provides regulations for managing, authorizing, and mitigating the risk of transient cyber assets and preventing the propagation of malware into operational systems.
How OPSWAT Can Help
The use of portable and removable media has increased data mobility and overall productivity within IT, OT, and SCADA infrastructures worldwide. OPSWAT MetaDefender Kiosk is easy to set up, manage, and use and enables secure, audited, authorized, authenticated, and controlled use of media within your most critical infrastructure and scans for malware, vulnerabilities, and sensitive data. Check out our whitepaper to learn more about how OPSWAT can enable secure portable media use within the energy sector.
For more information, please contact one of our cybersecurity experts.
How the Energy Sector Can Power-Up its Portable Media Security
Download the Whitepaper
- ファイルアップロードの保護 – 10 のベストプラクティスで サイバー攻撃を防御
- MetaDefenderによる世界で最も危険なマルウェアEmotetの防御
- OPSWAT Expands Global Availability of Critical Infrastructure Protection
- OPSWAT Announces Expansion of Cybersecurity Training Program
- Avoiding storage data leaks and PII regulation noncompliance
- How OPSWAT Can Help Detect and Prevent the VMware WorkSpace ONE Access exploit (CVE-2020-4006)
- Protecting Critical Infrastructure from Advanced Cyberattacks
- MetaDefender Cloud Hash Reputation Database Now Exceeds 40 Billion
- OPSWAT Continues to Expand OESIS Framework with New Partners
- 6 Potential Security Gaps in File Transfer Process for Critical Infrastructure