Critical infrastructure firms should update cybersecurity infrastructure, McAfee advises

Companies that rely on supervisory control and data acquisition (SCADA) systems to control their industrial processes should take a number of steps to improve the security of those systems, according to McAfee.

First, companies should have a formal business continuity plan in place that will keep core enterprise processes running even if the majority of IT infrastructure is offline. A robust disaster recovery plan should be in place and tested at least once a year.

Companies should be proactive about attacks, employing vulnerability discovery, security auditing, penetration testing exercises (red and blue team), patch and change management programs, secure software development lifecycle programs, execution and change control (application whitelisting) technologies, privilege management (access control, encryption, and two-factor authentication) technologies, and blacklist detection technologies (antivirus and network intrusion protection and defense systems). McAfee said that it is important to conduct regular robust penetration testing in order to understand how the network will stand up to an attack.

Critical infrastructure attack was one of the security trends identified by McAfee in its 2012 Threat Predictions report. Another trend is the increasing use of proof-of-concept code to attack embedded systems in cars, medical devices, GPS devices, printers, and other devices.

McAfee advises users of embedded systems to take a number of steps to protect them from these attacks. The “antiquated” process of updating embedded system makes it difficult, if not impossible, to update quickly to prevent newly discovered attack vectors, McAfee explained.

Companies should firewall their embedded systems and control or turn off all interfacing connections to the device (including WiFi, GPS, Bluetooth, and mobile phone networks). Firms should also apply any firmware updates in a timely manner.

“In the (not-too-distant) future, McAfee expects to see remote firmware updates in the same way that we have 'Patch Tuesday' for software. Manufactures must consider secure development lifecycle programs including auditing and best practices”, the company said.

What’s hot on Infosecurity Magazine?