Actions and/or Recommendations
Mangan Cybersecurity ICSbD recognizes those activities specified by CISA and methods for recognizing the activity. DMZ firewalls and other OT logging capable equipment should undergo regular log and event reviews to determine any circumstance of unauthorized access. Alarm logs and operator maintenance requests where an OT device is down or inaccessible for more than 12 hours should be considered both in the context of maintenance for repair but also in the context of a Denial of Service (DOS) cybersecurity attack requiring scrutiny for the cause of failure. Regularly inspecting anti-virus, anti-malware scans, baseline record of Windows Registry settings, PLC hashes and other device configurations may identify malicious code drops. Examinations of failed log-in attempts should be followed-up for attempted threat actor activity. Inspecting the network communications for out-of-band activities as well as installing security appliances can identify malicious attempts to scan the OT network to understand the architecture and use.
About REAL Matters and Mangan Inc.
REAL Matters advisories are published to communicate cybersecurity threats and risks within the Operational Technology (OT) environment and where Critical Infrastructure vulnerabilities are identified. The purpose of this newsletter is to inform, propose suggested approaches to mitigate the risk as well as provide feedback on how Mangan Cybersecurity is approaching the issue(s) addressed.
Mangan Inc. is a nationally-recognized Specialty Engineering, Automation, and Integration company, providing a full-range of services to the Oil & Gas, Refining, Pipeline, Chemicals, and Life Sciences Industries. Established in Long Beach, California in 1990, Mangan’s multiple office locations include sites in California, Georgia, New Hampshire, North Carolina, Texas, and Louisiana. Mangan’s 350+ employee-owners bring expertise, innovation, and safety as their core mission to some of the largest companies in the world.