Your Solution for SMART Response Plans

Cyber-Security Framework Aids in Business Continuity Planning

Posted on Thu, Jul 30, 2015

Company operations are increasingly intertwined with critical technology. A company’s business continuity plan (BCP) should include processes related to critical technologies that may be lost during an incident. A BCP is a vital tool that companies can use to plan for the restoration of normal operations after a business disrupting incident. In order to minimize the risk of technology-related continuity incidents, company-wide computer security best practices are essential.

Computer and cyber security mitigation measures, along with BCP reviews, can safeguard necessary integrated technologies, prevent hacking, and ensure business continuity. A breach in computer security can create a temporary or permanent loss of operations, software, and/or vital records.

In 2014, the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) received and responded to 245 incidents reported by asset owners and industry partners. The Energy Sector reported the most reported incidents, followed by critical manufacturing. It is essential that companies share cyber security breach information, review lessons learned, and protect technologies in order to minimize the threat to critical infrastructure.

Reported Cyber-Security Incidents by Industry Sector

cyber_security__FY_2014_incidents_reported_by_sector

Source: ICS-CERT  245 incidents reported by sector (FY2014)

According to ICS-CERT, the graph represent only reported incidents. Many more incidents occur in critical infrastructure that go unreported. The Energy Sector Cybersecurity Framework Implementation Guidance manual states, “ICS-CERT continues to encourage asset owners to report malicious activity impacting their environment even if assistance is not needed or requested.” As incidents are reported, ICS-CERT can provide situational awareness to critical infrastructure industries about similar or related incidents, as well as share data regarding potential hacking and evasive techniques and tactics.

Identifying the procedural details of computer backups, data restoration methods, and minimum software requirements are crucial to re-establish technology-related critical business processes and business continuity planning. In early 2015, the Energy Department released guidance to help the energy sector establish or align existing cybersecurity risk management programs to meet the objectives of the Cybersecurity Framework released by the National Institutes of Standards and Technology (NIST). In an effort to maintain business continuity, a cyber-security program framework should be implemented.

Cyber-Security Program Framework

The cyber-security program framework consists of a continuous seven-step approach that enables organizations to address the steadily evolving risk environment. In order to secure business continuity efforts, companies should evaluate the framework against their current cyber-security efforts.

Cybresecurity_Framework_Implementation_ApproachSTEP 1: Prioritize and Scope

  • Address how to frame, assess, respond to, and monitor risk.
  • Evaluate industry specific critical infrastructure protection objectives and priorities

STEP 2: Orient

  • Focus on critical systems and assets
  • As resources permit, expand focus to include less critical systems and assets
  • Determine evaluation approach used to identify current cyber security and risk management environment (ex: self-evaluations, third-party evaluations)
STEP 3: Create a Current Profile
  • Evaluate and determine status of current systems and security protocols
  • Identify existing cyber security risk management practices and measure them against best practices and proven frameworks. “It is important to understand that the purpose of identifying a Current Profile is not simply to create a map between organizational practices and Category and Subcategory outcomes, but also to understand the degree to which those practices achieve the outcomes outlined by the Framework.”  (Energy Sector Cybersecurity Framework Implementation Guidance, page 10)

STEP 4: Conduct a Risk Assessment

  • Perform cybersecurity risk assessments to identify and evaluate cyber security risks, and determine which are outside of current tolerances.

STEP 5: Target Outcomes

  • Identify the desired outcomes and associated cyber security and risk management standards, tools, methods, and guidelines that will mitigate cyber security risks, commensurate with the risk to organizational and critical infrastructure security.
  • When creating a Target Profile, the organization should consider:
    • current risk management practices
    • current risk environment
    • legal and regulatory requirements
    • business and mission objectives
    • organizational constraints

STEP 6: Determine, Analyze, and Prioritize Gaps

  • Identify gaps between current profile and targeted outcomes.
    ● Mitigation priority levels should be assigned to all identified gaps. Prioritization of gaps should include consideration of current:
    • risk management practices
    • risk environment
    • legal and regulatory requirements
    • business and mission objectives
    • any applicable organizational constraints
  • Develop a plan of prioritized mitigation actions to advance to “Targeted Outcome” based on available resources, business needs, and current risk environment.

STEP 7: Implement Action Plan

  • Execute the implementation plan
  • Track progress and completion
  • Evaluate to ensure gaps are closed and risks are monitored

 

Receive TRP's Example Response Procedures Flowchart:

New Call-to-Action

Tags: Business Continuity key points, Cyber-Security, Business Continuity Plan

Concepts of Secured and Redundant Response Plan Accessibility

Posted on Thu, Apr 24, 2014

In preparedness and emergency management, the concept of risk and hazard identification is fundamental. However, the potential inability to access important documents, particularly during an emergency scenario, is often overlooked. If you experienced a catastrophic loss and could not access response plan documents, would you be able to conduct an effective response?

Companies must mitigate the risk that an incident may incapacitate access to response plansIn order to manage risks and build resilience, Traditional risk-management tools must be incorporated with new technology-based concepts. With more people owning multiple computing devices such as laptops, tablets and smart phones, the idea of data being restricted to a single desktop computer or binder without adequate redundancies is antiquated. Cloud and web-based technology offer enterprise-wide, up-to-date redundancies that traditional record keeping methods cannot provide.

Response Team and Stakehold Accessibilty

To counteract potential incidents, fallout vulnerabilities, and regulatory noncompliance, response plans should be securely shared with and accessible to regulators, auditors, inspectors, and responders. Having up-to-date information readily available to trained responders has been proven to limit the duration of the emergency.  The faster responders can locate, assess, access, and mitigate the emergency, the sooner an incident can be contained. However, in order to minimize additional vulnerabilities, applicable data and confidential information must be secured.

A recent survey conducted by IT industry association CompTIA, found that more than 90% of companies use or have transitioned to some form of cloud technology in order to increase flexibility and reduce costs. However, the report revealed that only 48% of those surveyed utilize cloud-based methodology for business continuity/disaster recovery processes. When authorized users can access response plans information from any location, response expertise can be maximized and maintenance efforts can be shared.

Response_Plan_Accessibility.jpg

In the event of an emergency, up-to-date paper plans may not be available from other locations. Although some companies post electronic plans to their intranet that can be accessed remotely, the process of updating these plans is time-consuming and inefficient. In addition, if a catastrophic event occurs, there is the possibility that the main data source or server will be inaccessible.

When an incident is isolated to a particular location, cloud or web-based response plans can enable response measures on a company-wide scale. Cloud or web-based plans can also provide hyperlinks, forms libraries, simplified interfaces, and other tools designed to improve functionality for plan users.

Cyber-Security and Response Plan Redundancy

But with any data system cyber-security and back up efforts are essential. In the event Internet connectivity is terminated or inaccessible, emergency managers must have alternative means to access plans. Redundant data centers, scheduled download, and security measures must be a part of any web or cloud based emergency management program

When first responders can exercise approved response processes and procedures, responses can become second nature. Plan accessibility allows appointed responders to clarify critical contact information and responses to altered site circumstances, operations, or materials. Inaccessible response plan can facilitate confusion, inconsistency, and potentially accelerate impacts and financial loss.

As technology dependencies become more ingrained in company operations and emergency management programs, it is essential to institute company-wide best practices for computer security, downloads, and backups in order to secure necessary technologies and communications networks.

Cyber exercises allow stakeholders to simulate real-world situations, to improve communications and coordination, and to increase the effectiveness of broad-based critical infrastructure protection capabilities without the consequences of real cyber event.  These specific exercises educate employees on technological policies and provide a means to evaluate cyber incident preparedness, mitigation, response, and recovery capabilities.

Be prepared for your next incident! Click the image below to receive your free guide.

Preparedness and Emergency Management - TRP Corp

Tags: Data Recovery, Response Plans, Redundant Systems, Training and Exercises, Cyber-Security, Data Backup

Cyber-Security for ICS Necessary in Business Continuity Planning

Posted on Thu, Nov 21, 2013

The 2013 Global Risk Report ranks cyber-attacks in the “Top Five” of highly probability occurring incidents within the next ten years. According to the report, cyber-attacks and critical system failures are considerable technological risks to companies and organizations across the globe.

As technology dependencies become more ingrained in company operations, it is essential to institute company-wide best practices for risk analysis, computer security, downloads, and backups in order to secure necessary integrated technologies. A recent report by The European Union Agency for Network and Information Security (ENISA) highlighted security concerns over Industrial Control Systems (ICS), including the widely utilized Supervisory Control and Data Acquisition (SCADA) systems, distributed control systems (DSC), and programmable logic controllers (PLC). These concerns are echoed in recent publications by the Department of Homeland Security’s Industrial Control System Cyber Emergency Response Team (ICS-CERT).

ICS are often used to control industrial processes, such as manufacturing, product handling, production, and distribution, and is a necessary element to promote business continuity. The main concern expressed by ENISA and ICS-CERT is that prevalent industrial control systems are riddled with varying outdated and un-patched software, leaving them exposed and vulnerable to hackers and cyber-attacks. Mitigating this high risk is critical for maintaining continuity of operations.

Recent SCADA and ICS security incidents greatly emphasize the importance of vigilant observation, analysis, and control of SCADA infrastructures. The ICS-CERT quarterly newsletter entitled Monitor, stated that the response team responded to 198 incidents across all critical infrastructures in 2012. That number was surpassed by May 2013 with energy infrastructures comprising 53 percent of the targeted attacks.  That percentage was up from 41 percent in 2012.

Cyber-Security-response-planning.jpg

ICS-CERT urges operators to embrace coordination by sharing attack data, specifically indicators of system compromises, and established a secure portal to allow companies to actively engage in protecting critical infrastructure. Through the portal, ICS-CERT was able to identify 10 IP addresses that participated in a recent attack against a gas compressor station. The alert prompted other station owners to investigate their own networks and they eventually reported another 39 IP addresses associated with attacks.

According to ENISA, critical infrastructure companies should employ continual risk-based assessments of cyber security policies to prioritize and tailor recommended guidelines and solutions to fit specific security, business, and operational requirements. ICS-CERT offers recommended practices, vetted by subject-matter experts, to bolster technology security. In addition to these recommended practices, identifying procedural details of computer backups, data restoration methods, and minimum software requirements are crucial to re-establishing technology and business continuity of critical business processes, in the event of an attack.  

There must be a mutual understanding between IT personnel and crisis managers regarding their respective roles, available resources, security efforts, and response measure during cyber disruption events.  The ability to respond to critical incidents and identify root causes are key aspects in the ability to mitigate potential threats. With technology-based incidents, analyzing the deficiencies that led to IT downtime enables countermeasures to be implemented. ENISA offers four key areas that promote investigative capabilities that allow mitigated efforts: These key areas include:

  1. Facilitate integration with existing structures
    • Determine source of evidence of security breach
    • Clarify data retention impact on systems
    • Streamline operational and IT interfaces
  2. Safeguard systems and configurations
    • Deploy security controls
    • Ensure logging controls
  3. Review key roles and responsibilities
  4. Embrace partnership coordination and cooperation

 

Free resources from TRP Corp: Receive the Example Response Procedures Flow Chart

New Call-to-Action

Tags: ICS, Security plans, Department of Homeland Security, Data Loss, Cyber-Security, Data Backup

Spike in Cyber Attacks Requires Specific Business Continuity Efforts

Posted on Mon, Jun 03, 2013

“According to recent estimates, this global network of networks encompasses more than two billion people with at least 12 billion computers and devices, including global positioning systems, mobile phones, satellites, data routers, ordinary desktop computers, and industrial control computers that run power plants, water systems, and more. While this increased connectivity has led to significant transformations and advances across our country – and around the world – it also has increased complexity of our shared risk.” - Department of Homeland Security

Based on statistics from the Department of Homeland Security (DHS), it is critical for companies to establish business continuity plans associated with technology, and related applications. As technology dependencies become more ingrained in company operations, it is essential to institute company-wide best practices for computer security, downloads, and backups in order to secure necessary technologies and communications networks.

A company’s business continuity plan (BCP) should include processes related to critical technologies that may be lost or suspended due to an incident or cyber attack. A BCP is a vital tool that companies can use to plan for the restoration of normal operations after a business-disrupting incident. Incidents can create a temporary or permanent loss of infrastructure, critical staff, software, and/or vital records. According to the DHS, the increasing number of cyber attacks elevates the potential for critical data lapses or loss. Recent cyber statistics include:

  • 68% increase in cyber incidents between 2009 and 2011 (Subcommittee on Cyber Security, Infrastructure Protection, and Security Technologies)
  • Confirmation of cyber intrusion campaign targeting oil and pipeline companies (Janet Napolitano, DHS Secretary)
  • Confirmation that the majority of companies in the energy sector had experienced cyber attacks, and approximately 55% of those attacks targeted control systems (Charles Edwards, DHS Deputy Inspector General)
  • In 2012, DHS responded to 177 cyber control systems incidents, up from 9 in 2012

To counteract the increasing threat on critical technology infrastructure, DHS has developed CSET, Cyber Security Evaluation Tool. “CSET is a desktop software tool that guides users through a step-by-step process to assess their control system and information technology network security practices against recognized industry standards.” After a thorough evaluation, CSET then produces a prioritized list of recommendations for improving the cyber security and industrial control cyber systems. Each recommendation is linked to a set of actions that can be applied to enhance cyber security controls.

In 2012, over 1,000 companies utilized CSET to evaluate cyber security measures. Sectors with the highest number of self-assessments include: water and water treatment, energy, transportation, commercial and government facilities, and public health or health care. By leveraging the CSET application and Control System Security Program onsite consultation opportunities, companies can mitigate cyber security issues and increase the potential for business continuity. Some key business continuity benefits of the programs include:

  • Highlighting vulnerabilities in a company’s system(s) and providing recommendations of mitigation efforts
  • Identifying areas of strength and recommended practices being followed in the organization
  • Providing a method to systematically compare and monitor cyber systems improvement
  • Informing a risk management and decision-making process
  • Raising awareness and facilitating discussion on cyber-security within the organization.

According to the Business Continuity Institute online survey conducted in December 2011, the top identified threat from conducting a thorough risk assessment was an unplanned IT or telecommunication outage. However, the top three identified threats were all related to the viability of technology, highlighting the need for technology-associated business continuity efforts.

Here are the top three threats from Business Continuity Insight survey:

1. 74% - Unplanned IT and telecommunications outages
  • Departments or business units should define workaround procedures, or alternate processes, to support critical process recovery until key systems and applications have been restored.
  • Ensure all business documentation, records, and files necessary for resumption and recovery purposes are backed up and stored/located safely away from the primary office facility to minimize data loss.
  • Identify alternate methods of communication: landlines, cell phones, satellite phones.

2. 68% - Data breach (i.e. loss or theft of confidential information):  Organizations need site specific data security solutions that can detect, prevent, and continually audit interactions with sensitive data. Through continual monitoring of file and application access, organizations can minimize theft of confidential information.

3. 65% - Cyber attack (e.g. malware, denial of service): Companies should follow security best practices and implement practical and effective safeguards to mitigate internal and external attacks.

Each department should be responsible for assessing computer and software needs when developing critical process recovery strategies, and obtaining the review and input of the IT Department in support of any identified computer and software recovery time objectives.

TRP Corp - Emergency Response Planning Crisis Management

Tags: Data Recovery, Computer Security, Data Loss, Cyber-Security, Data Backup, Business Continuity Plan, Terrorism Threat Management

Applying FEMA's Core Capabilites to Corporate EHS Programs: Part 2

Posted on Mon, May 13, 2013

FEMA has identified 31 core capabilities that should be incorporated into emergency management programs. Although the concepts are aimed at the public sector and governmental jurisdictions, companies can evaluate these elements for site specific applicability and implement appropriate elements to actualize corporate strategic and tactical environmental, health, and safety (EHS) goals.

In Part 2 of this series on core capabilities, we will explore the concepts relating to FEMA’s mission areas of prevention and protection, and the core concepts that fall under these areas.

PREVENTION

Preventionincludes those capabilities necessary to avoid, prevent, or stop a threatened or actual act of terrorism. It is focused on ensuring we are optimally prepared to prevent an imminent terrorist attack within the United States.”

Forensics and Attribution: “Conduct forensic analysis and attribute terrorist acts (including the means and methods of terrorism) to their source, to include forensic analysis as well as attribution for an attack and for the preparation for an attack in an effort to prevent initial or follow-on acts and/or swiftly develop counter-options.”

Companies must remain vigilant in preventing  terrorism. By prioritizing the analysis of on-site sources, such as chemical, biological, radiological, nuclear, and explosive material, companies can help to prevent initial or follow-on terrorist acts. Site-specific awareness training can broaden the scope of prevention by identifying potential sources and/or attributes associated with a terrorist attack.

PROTECTION

The following capabilities protect individual and critical corporate assets, systems, and networks against threats. EHS programs must institute these critical protective measures to promote business continuity. The ability to identify, quantify, and secure critical business processes that, when not functional, may damage a company’s reputation or ability to operate, is a critical stage in the business continuity planning process.

Access Control and Identity Verification: “Apply a broad range of physical, technological, and cyber measures to control admittance to critical locations and systems, limiting access to authorized individuals to carry out legitimate activities.”

Cybersecurity: “Protect against damage to, the unauthorized use of, and/or the exploitation of (and, if needed, the restoration of) electronic communications systems and services (and the information contained therein).”

Physical Protective Measures: “Reduce or mitigate risks, including actions targeted at threats, vulnerabilities, and/or consequences, by controlling movement and protecting borders, critical infrastructure, and the homeland.”

Risk Management for Protection Programs and Activities: “Identify, assess, and prioritize risks to inform Protection activities and investments.”

Supply Chain Integrity and Security: “Strengthen the security and resilience of the supply chain.”

PREVENTION/PROTECTION

Intelligence and Information Sharing: “Provide timely, accurate, and actionable information resulting from the planning, direction, collection, exploitation, processing, analysis, production, dissemination, evaluation, and feedback of available information concerning threats to the United States, its people, property, or interests; the development, proliferation, or use of WMDs; or any other matter bearing on U.S. national or homeland security by Federal, state, local, and other stakeholders. Information sharing is the ability to exchange intelligence, information, data, or knowledge among Federal, state, local, or private sector entities, as appropriate.”

Intelligence and information sharing are important components of the Incident Command System. Capitalizing on lessons learned enables companies to improve methodology based on actual experiences. To advance an EHS program, managers should include cyclical plan reviews to allow lessons learned to be implemented into preparedness, training and exercises.

Interdiction and Disruption: “Delay, divert, intercept, halt, apprehend, or secure threats and/or hazards.”

Companies  must  establish consistent protocols and regulatory compliance measures to maintain safe operations and minimize exposures. This includes proper and secure handling and disposal of hazardous materials capable of bringing harm to individuals, assets, or the environment. The objective is to remain vigilant in order to prevent potential threats, including terrorism.

Screening, Search, and Detection: “Identify, discover, or locate threats and/or hazards through active and passive surveillance and search procedures. This may include the use of systematic examinations and assessments, sensor technologies, or physical investigation and intelligence.”

Companies must be keenly aware of any operations that can potentially targeted or used in a terroristic manner. Proper identifications of materials and individuals, as well as security protocols must be reviewed to guard against potential harm.

The next blog, Part 3 of the series, will address the core capabilities related to mitigation.  To begin reading Part 1 of this series, click here.

For an understanding of the necessary elements in creating an effective fire pre plan, download our Fire Pre Planning Guide.

TRP Fire Pre Plan Image

Tags: Resiliency, Security plans, Cyber-Security, Terrorism Threat Management, Safety, Political Instability, Insider Threat

Cyber Security is Essential for Business Continuity

Posted on Thu, Mar 21, 2013

Media organizations, multinational companies, and government agencies have all been victims of recent cyber attacks. February’s highly publicized 60-page Mandiant report entitled APT1: Exposing One of China's Cyber Espionage Units, revealed evidence of cyber data theft of nearly 141 organizations. It was “beyond a shadow of a doubt” that the Chinese government and military is behind growing cyber attacks against the United States, said House Intelligence Committee Chair Mike Roger.

The 2013 Global Risk Report ranks cyber attacks in the “Top Five” of highly probability occurring incidents within the next ten years. According to the report, cyber attacks and critical system failures are considerable technological risks to companies and organizations across the globe.

As technology dependencies become more ingrained in company operations, it is essential to institute company-wide best practices for computer security, downloads, and backups in order to secure necessary technologies and communications networks.  A company’s business continuity plan (BCP) should include processes related to critical technologies that may be lost or suspended during an incident. A BCP is a vital tool that companies can use to plan for the restoration of normal operations after a business-disrupting incident. Incidents can create a temporary or permanent loss of infrastructure, critical staff, software, and/or vital records.

Identifying the procedural details of computer backups, data restoration methods, and minimum software requirements are crucial to re-establish technology related critical business processes.  The Department of Homeland Security’s Cyber Exercise Program (CEP) can assist companies in developing protocols to evaluate their cyber incident preparation, mitigation, response, and recovery capabilities.

Companies should address the following DHS cyber security points to ensure business continuity:

  • Is cyber preparedness integrated with your current all hazards preparedness efforts?
  • Who are your cyber preparedness stakeholders (public, private, non-profit, other)?
  • Are cyber security risk-based policies established in your organization?
  • Does your organization ensure that service providers and vendors that have access to your systems are following appropriate personnel security procedures and/or practices?
  • Does your organization integrate cyber security into the life cycle system (i.e., design, procurement, installation, operation and disposal)?
  • Are audits conducted on cyber security systems?
  • Are cyber  security plan requirement in place and are they being adhered to?
  • Are all systems compliant to company and/or cyber  security plan requirements?
  • Does your organization have an asset inventory of all critical IT systems and a cohesive set of network/system architecture diagrams or other documentation (e.g. nodes, interfaces, and information flows)?
  • Upon being notified of a compromise/breach of security regarding an employee:
    • Who is notified?
    • What steps are followed to ensure this individual’s access to facility and/or equipment has been terminated?
    • What steps are followed?
    • Should legal representation be sought and at what point?
    • Who determines if the employee should be held criminally responsible?
  • Are there policies (formal and informal) pertaining to removable storage devices?
  • What is the priority of cyber preparedness, including cyber security, in your organization?
  • What level of funding and/or resources is devoted to cyber preparedness?
  • What are your estimated losses if a cyber attack were to terminate system functionality?
  • What are your critical business unit software requirements?
  • What are the procedures for backing up and restoring data?
  • How often are security patches updated?

Cyber exercises are an essential tool for organizations to evaluate their cyber incident preparation, mitigation, response, and recovery capabilities. The exercise environment allows stakeholders to simulate real-world situations, to improve communications and coordination, and to increase the effectiveness of broad-based critical infrastructure protection capabilities without the consequences of real cyber event. These types of exercises can also be used to educate employees on technological policies and procedures used to offset cyber attack strategies. DHS identifies two types of exercises that can aid in the advancement of cyber security. 

Discussion based exercises:

  • Familiarize participants with current agreements and procedures or assist in the development of new plans, agreements, and procedures
  • An effective method for bringing together key response team leaders common in mid- to large-scale cyber events
  • Easier to conduct, especially when multiple response team leaders participate using a variety of collaboration and video teleconferencing technologies

Operations based exercises:

  • Validate agreements and procedures, clarify roles and responsibilities, and identify resource gaps in an operational environment
  • May include the use of simulated network environments, “live-fire” events, and active adversary forces to produce realistic scenario inputs and effects
  • Generally involve mobilization and response as opposed to policies and procedures

By exercising key areas of conjunction between IT and other corporate response elements, company cyber security and incident response operations gaps and shortfalls can be identified. In order for business continuity, there must be a mutual understanding between IT personnel and crisis managers regarding their respective roles, available resources, and response measure during events caused by cyber disruption.

For tips and best practices on designing a crisis management program, download Tips for Effective Exercises.

Exercises - TRP Corp

Tags: Data Recovery, Computer Security, Business Continuity, Department of Homeland Security, Data Loss, Cyber-Security, Data Backup

Protect Critical Systems from Cyber Disaster for Business Continuity

Posted on Thu, Aug 23, 2012

In July, General Keith Alexander, head of the National Security Agency and U.S. Cyber Command chief warned that the changing nature of dangerous cyber attacks is taking a toll on American business. A Department of Homeland Security report on cyber security revealed 198 cyber attack incidents were reported to DHS in 2011. This is a sharp contrast to the nine incidents reported in 2009. The report noted that companies who control critical infrastructure reported higher numbers of attacks on their systems over the past three years.

With cyber threats to these computer systems on the rise, the U.S. Department of Homeland Security (DHS) is working to better protect control systems of critical infrastructure. DHS’s Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) provides operational capabilities for defense of control system environments against emerging cyber threats. ICS-CERTs were deployed to investigate and analyze threats in 17 of the 198 cases in 2011. By understanding the threats and effectively managing the risks, actions can be taken to reduce the occurrences and sustain critical systems. Specific company names were not released in order to maintain a level of confidentiality and encourage reporting of other cyber attack incidents. Alexander said that for every intrusion detected by the FBI, there are 100 others that remain undetected.

DHS admits that the number of incidents reported to DHS's ICS-CERT has increased partly due to this increased communication between ICS-CERT and the private sector. However, through proper mitigation and business continuity measures companies will be prepared to combat their current lapses in technology.

According to the EPA, “Technological emergencies include any interruption or loss of a utility service, power source, life support system, information system or equipment needed to keep the business in operation.”  Identifying all critical technology related operations is the first step in mitigating and combating threats. Possible critical technologies involved in business operations include, but are not limited to:

  • Utilities including electric power, gas, water, hydraulics, compressed air, municipal and internal sewer systems, wastewater treatment services
  • Security and alarm systems, elevators, lighting, life support systems, heating, ventilation and air conditioning systems, electrical distribution system.
  • Manufacturing equipment, pollution control equipment
  • Communication systems, both data and voice computer networks
  • Transportation systems including air, highway, railroad and waterway

Once technology systems are identified, the following planning considerations should be taken into account in order to safeguard critical systems and develop an effective business continuity plan:

  • Determine the impact of technology service disruptions.
  • Ensure that key safety and maintenance personnel are thoroughly familiar with all building systems, such as alarms, utility shutoffs, elevators, etc.
  • Establish company-wide computer security practices, such as password-protected information, in order to secure technologies. (See CSET Assessment to determine system vulnerabilities)
  • Establish procedures for restoring systems. Determine the need for backup systems.
  • Establish preventive maintenance schedules for all systems and equipment.

ICS-CERT encourages companies to report suspicious cyber activity, incidents and vulnerabilities affecting critical infrastructure control systems. Online reporting forms are available at https://forms.us-cert.gov/report/.

For a sample Emergency Response Checklist, download our helpful and informative guide.

Tags: Data Recovery, Cloud Computing, Data Loss, Cyber-Security, Business Continuity Plan, Business Disruption, Information Security