In the past year (CISA) Cybersecurity and Infrastructure Security Agency performed a red team case study over a large organization supporting critical infrastructure on multiple geographically separated sites. The assessment was performed on an organization considered “mature”, regarding their cybersecurity posture. Despite being mature, CISA still uncovered these common cybersecurity vulnerabilities:
- Insufficient Network and Host Monitoring
- Excessive Permissions Levels to Standard Users
- Use of “Default” Device Configurations
- Unrestricted outbound server traffic to the internet
- Extra & Unwanted Programs Installed
Insufficient monitoring allowed the red team to travel through the organizations’ network and execute high risk tactics to collect data and breach its systems in this exercise, with little to no detection.
The lack of proper network monitoring and an understood baseline network traffic profile makes an OT/ICS Network unnecessarily vulnerable. Does your organization have network monitoring in place, and a baseline reading of both current and expected network traffic over your OT/ICS network? If “no”, this increases potential attack surfaces for bad actors with the goal of exploiting and compromising your operations network.
Actions and/or Recommendations
- Monitor and establish a network traffic baseline and tune network security appliances to detect network traffic that deviates from the expected baseline profile.
- Remedy excessive permission levels to standard users, change default device credentials, restrict outbound server traffic to the open internet, and enforce approved software and installation ruleset.
- Enforce Phishing Resistant Multi-Factor Authentication
About REAL Matters and Mangan Inc.
REAL Matters advisories are published to communicate cybersecurity threats and risks within the Operational Technology (OT) environment and where Critical Infrastructure vulnerabilities are identified. The purpose of this newsletter is to inform, propose suggested approaches to mitigate the risk as well as provide feedback on how Mangan Cybersecurity is approaching the issue(s) addressed.
Mangan Inc. is a nationally-recognized Specialty Engineering, Automation, and Integration company, providing a full-range of services to the Oil & Gas, Refining, Pipeline, Chemicals, and Life Sciences Industries. Established in Long Beach, California in 1990, Mangan’s multiple office locations include sites in California, Georgia, New Hampshire, North Carolina, Texas, and Louisiana. Mangan’s 350+ employee-owners bring expertise, innovation, and safety as their core mission to some of the largest companies in the world.