Mitigating the Potential Impact of COVID-19-Related OT Security Risks

Mitigating the Potential Impact of COVID-19-Related OT Security Risks

As a cybersecurity practitioner, you may be wondering what you can do to prepare yourself and your organization for the potential impact of COVID-19, aka coronavirus?

As a long-time resident of Florida, I’m well-versed in preparing for natural disasters, including stockpiling and other preparations for the storm that might hit.  In other words, I’ve been trained in mitigating potential risks that often never materialize. Proactive risk management has become part of my everyday life, like buckling your seatbelt to protect yourself in a car accident, and locking your doors each night even though no burglers have attempted to break in.

What’s going on around the world right now is unprecedented, and it’s critical that we mitigate the risks to our families and friends. As cybersecurity practitioners, we can also take steps to prepare our organizations against the potential OT security impact of an outbreak of COVID-19.

Risk Mitigation in Personal and Professional Lives

From a 30,000-foot view, we see risks at global, national, regional, community and family levels. If we inventory those risks, we understand that we need to mitigate the risks of becoming ill and getting caught up in public panic responses. We can also plan for potential disruptions to workforces, services, supply chains, transportation, processes and procedures, finances, and so on.

As cybersecurity professionals, we’re trained and practiced in dealing with disruption. We now have the opportunity to use that training to become beacons for those who depend on us to remain calm, cool, and collected. Both at home and professionally, risk mitigation tactics are similar.

The biggest personal risk to deal with immediately is medical, so we need to get our own houses in order. Make sure you and your family are following government and healthcare guidelines on hygiene – such as frequent handwashing and social distancing. Make sure your home is well stocked with non-perishable food supplies and medicines, in case you’re not able to get out of the house for a couple of weeks. And most of all, don’t stress. Stress wreaks havoc on our immune systems.

Instead of stressing out, put your energy into mitigation. Other people are depending on us, so let’s do everything we can to ensure that everyone – our families, employees, customers, and the world in general – is better equipped for the potential fallout.

Managing Potential Risks to Businesses

It is very likely that we could see disruptions such as:

  • National-level quarantines with restricted travel among states/cities/zones
  • City or town-level quarantines resulting in restricted regional travel
  • Family-level quarantines where one ill family member may create the need for others to self-quarantine and stay away from their workplace, or be quarantined separately from their family
  • Companies banning non-employees or visitors from accessing their facilities
  • Cancellation of meetings, events, or projects involving groups of people
  • Companies splitting shifts and physically separating people as much as possible
  • Companies enacting partial or whole disaster recovery plans
  • Processes and procedures that are rushed, unclear, or contradictory, confusing people and organizations
Author Chris Grove’s late grandmother Grace Maynard participating in WWII efforts, circa 1945.
Author Chris Grove’s late grandmother Grace Maynard participating in WWII efforts, circa 1945.

What Can Your Organization Do Now to Prepare?

From a cybersecurity standpoint, here are some things to consider for mitigating the potential impact of the pandemic situation:

  • Be a Change Agent
  • Plan for remote access by employees to reduce their contact with others and allow them to work from the safety of their own homes
  • Ask your IT department to add new services such as conference calling, be prepared to increased capacity. Ask your cybersecurity teams to reconsider firewall restrictions to support remote staff access
  • Cross-train staff and identify the skeleton crews required to keep the business running – Tasks that used to be quick to accomplish may be slower to complete during emergency situations and with reduced staffing levels. For example, is there more than one person or team who can create a new account in Active Directory, deploy a Firewall change, run a cable run, or provide budget approvals? These activities may require participation from teams that are operating skeleton crews. Expect delays in everyday tasks.
  • Proactively manage supply chain interruptions – Don’t delay in ordering hardware for a project. It might not be as available later, or the price could increase as supply becomes limited.
  • Don’t lose sight of your mission as cybersecurity professionals – Unscrupulous hackers may take advantage of the situation. We’ve already seen instances of this happening:
  • Fake COVID-19 map websites that install malware when the webpage is visited
  • Reports of infected documents claiming to contain essential virus mitigation information being sent to companies
  • Attackers targeting the U.S. Department of Health and Human Services (HHS), the group responsible for visas mitigation
  • Remind your staff about cybersecurity best practices by sending an anti-Phishing email that includes pointers for staying cyber-healthy
  • Be flexible and open minded as the situation evolves. Maybe this isn’t the time to enforce a particular best practice or regulation, or maybe it is. Emerging information is fluid, and tough choices will have to be made.
  • Add extra capacity where needed – Additional licenses may be necessary for things like VPN, remote access, terminal servers, team messaging, group meetings, and other technologies.
  • Evaluate multiple remote meeting technologies – you may find one service works better than another as demand increases. Be prepared with a fallback technology in case your primary one becomes unavailable.
  • Keep communication open – Create and/or check your Employee and/or Crisis Communications Plans. Be sure you know how to reach the Security Operations Center, leadership team, individual team members, and other critical organizational staff.
  • Reach out to the cybersecurity community and partners – Learn from others and see what assistance may be available. In times of need, Partners can be heroes by providing human resources, access to technologies, and valuable advice based on what they see across other organizations.
  • Keep an eye on anomalous behaviors – You may experience increases or decreases in traffic from sources you’re not used to seeing. For example, part of your operations may be dark, or a large amount of your normal network traffic is being generated over the VPN instead of from usual sources.

Proactive Actions Nozomi Networks Customers Can Take Now

  • Create additional dashboards for monitoring remote access connections
  • Add secured remote access integration (via TDI or Pulse Secure) to enable more remote access scenarios to more systems
  • Plan for post-pandemic, when someone will need to patch everything back up to normal. Have monitoring in place for those events and new faces that might be around to help out
  • Watch for false-positive alerts in the Nozomi Networks console. If your organizational policy usually stipulates that no one can manage the web interface of IoT devices from outside of headquarters, but due to the virus, staff working from home may need to do so… you’ll start getting alerts for policy-violations. However, during this time, no action needs to be taken due to the unusual situation
  • Review the console to ensure you have a good grasp of what normal operations look like (what alerts typically happen, what the graph looks like, etc.). Should the time come, you may need to figure something out without the help off a crucial resource. It helps to understand current behavior in-and-out
  • Use the Nozomi Networks Asset Intelligence service to speed up and increase the accuracy of anomaly detection and reduce your mean-time-to-response (MTTR)
  • If you’re in the midst of a Nozomi Networks PoC or deployment, I’d advise you to rack, stack, power, and cable up the hardware now. The setup, configuration and tuning can be done remotely
  • Have some Nozomi Networks Central Management Console queries on hand to help pull details from the riskiest as well as the most critical (hopefully not the same) zones of your enterprise. Become familiar with what you see
  • Backup. Limited services could have an impact on availability, and you could find yourself rebuilding something in the future. Backing up is also a best practice, regardless of the situation
  • Monitor your OT and IoT processes (if present) a little more than normal, tracking parameters and their histories, and the frequency of updates. This could be an early indicator that something isn’t right within the systems
  • Keep your eyes peeled by running reports more frequently than usual

Please remember to wash hands frequently, use hand sanitizer, and stay calm. Your family and the world needs you now. You can shine by delivering the safety and security we’ve been trained to provide. Stay safe, friends!