This is the next in a series of blogs and papers on the benefits of cyber certification. Certification provides you with the opportunity to work with an experienced cyber team here at exida, and the vast knowledge of cyber experts worldwide codified in the IEC 62443 family of standards.
TripWire published this article on January 24, 2016, more than 4 years ago. It contains 22 recommendations on how to secure your systems. This is the first part of a 2-part series reviewing the first 11 of those recommendations.
Given the last 4 years, look back at any security issues you have experienced, and see if any fall into these categories. Clearly mitigation for these attacks will not secure your system by themselves, but the process of certification will change perceptions of security threats and help build a stronger security mindset in the development and maintenance of systems.
1. First and foremost, be sure to back up your most important files on a regular basis.
“Ideally, backup activity should be diversified, so that the failure of any single point will not lead to the irreversible loss of data. Store one copy in the cloud, resorting to services like Dropbox, and the other on offline physical media, such as a portable HDD.”
IEC 61443-4-2 CR7.4 Control system recovery and reconstitution speaks directly to this attack and is a foundational requirement of a secure system.
2. Personalize your anti-spam settings the right way.
“Most ransomware variants are known to be spreading via eye-catching emails that contain contagious attachments. It is a great idea to configure your webmail server to block dubious attachments with extensions like .exe, .vbs, or.scr.”
IEC 62443-4-1 SM-9 Security requirements for externally provided components looks at any type of component that could be part of a system and analyses the risk.
3. Refrain from opening attachments that look suspicious.
4. Think twice before clicking.
5. The Show File Extensions feature can thwart ransomware plagues, as well.
6. Patch and keep your operating system, antivirus, browsers, Adobe Flash Player, Java, and other software up-to-date.
7. In the event a suspicious process is spotted on your computer, instantly turn off the Internet connection.
8. Think of disabling vssaexe.
The previous items (3 thru 8) would be part of IEC 62443-4-1 SG-3 Security hardening guidelineswhich discusses providing end users with guidance and best practices to secure their systems.
9. Keep the Windows Firewall turned on and properly configured at all times.
10. Enhance your protection more by setting up additional Firewall protection.
These two items (9 and 10) are part of developing a Defense in Depth strategy. This speaks to the many layers an attacker would have to penetrate to succeed in their attack. This is discussed in IEC 62443-4-1 SG-1 Product Defense in Depth.
11. Adjust your security software to scan compressed or archived files if this feature is available.
This is another example of the Security Hardening Guidelines that are created and delivered with the system. These guidelines will start with the recommendations from the standard and be augmented with other security research and user experience as the product matures.
The remaining 11 items from the Tripwire article will be discussed in part 2. If your product had gone through a certification process with exida, each of these items would have been discussed and a plan formulated for mitigating them.