There are seven key steps you can take to prevent getting hacked:
- Set a Control Systems Internet Access Policy
A written policy must expressly prohibit individuals and machines from accessing the Internet from the control system network.
- Establish Control systems user awareness and training
User awareness and training involves ensuring users understand that their actions could adversely affect the system, and that they must know, understand, and follow established policies and recommended practices in order to protect it.
- Coordinate security efforts between your corporate IT network and
your control systems network
Because control systems security depends in part on the security of the IT network, and responsibilities for IT security and control systems security are often separate, these two groups must work together to ensure security of the protected processes.
- Establish a Firewall between the control system network and the
information technology network
A firewall should be configured to allow only specific communications between the IT network (corporate LAN) and the control systems network. The firewall should provide Network Address Translation (NAT) or proxy capability.
- Up-to-date patches
After proper testing, appropriate patches should promptly be applied to browsers, e-mail readers, operating systems, and any applications known to be susceptible to attack on both the information system and control system networks.
- Web browser and e-mail security
Web browser security ranges from tightening security settings on Web browsers by disabling scripting and other forms of active content (such as ActiveX) to totally remove browser functionality. These changes should be made to control system machines or machines that access control systems where these settings and software are not needed. E-mail security includes turning off images and removing e-mail applications from the control system in which they are not necessary.
- Secure code
Secure coding involves techniques that prevent would-be attackers from using program functionality in unintended ways.
These practices employ policy, people, and technology countermeasures to protect against XSS and other Web attacks. Critical infrastructure control system asset owners are encouraged to appropriately apply these practices in their operating environments.
Watch our 7 Tips to Prevent Getting Hacked video: