Protecting Your Network from Cyber Threats

Data Center Best Practices | Protecting Your Network from Cyber Threats

Protecting your network from Cyber threats is a constant concern for any company or organization. Whether the motive is ransom or sabotage, any piece of equipment connected to the network can be a point of entry for malicious code. Protecting the security of a network requires a plan that includes risk minimization and identification of potential points of vulnerability. 

Plan for Worst Case Scenarios

When a cyber breach occurs, the best chance to minimize damage is to act quickly to both shut down access to your network and prevent data loss or tampering. Preparation is the best way to reduce reaction time in case of an actual event. Best practices suggest these three simple steps to protect your network and the data it hosts. 

  • Back up the system
  • Develop a plan
  • Test the plan

Back Up the System

The most effective way to recover from a malware attack is by backing up your systems and data frequently. This should be a daily event. Back up all critical resources off the network and keep a copy in a secure, tamperproof, or offline environment. Maintain these daily backups for a set period so that you can restore your system from a version that predates any infection. Remember to test your backups regularly so you know they will work properly when you must use them.

Develop a Plan

Create a plan to recover from an attack if a system is malfunctioning, inoperable, or not working reliably. The plan should include disconnecting systems from the internet if they can still run reliably, setting up compensating controls for systems that must stay connected, and limiting functionality to high priority tasks to reduce risk and potential attack surface area. Also include the steps required for manual operations in case the system becomes unavailable. Assign responsibilities for restoring the network and devices quickly when it is safe to do so and let that staff know what is required of them. Remember that not all staff may know how to perform manual operations and may need training.

Test Your Plan

Test your incident response plan to avoid any missteps during an actual event. If an incident occurs, having confidence in a tested incident response plan can minimize your risk and exposure.

  • Hold incident response walkthroughs and invite executives, IT and OT managers, public affairs, and legal.
  • Review key decisions points and specify who will make each decision. Be sure the designated person fully understands their responsibility. 
  • Include scenarios for systems that are malfunctioning, inoperable, or not working reliably because of external interference.
  • Confirm that applicable equipment is never left in program mode, where it is vulnerable to unauthorized updates. 
  • Review your support contracts and government services for response and recovery.
  • Test your system recovery backup.

Planning for a cyber threat is a best practice, but there are also actions that can be taken immediately to shore up your network’s defenses. Identifying and minimizing risks now can protect your network, uptime, and peace of mind.

Minimize Risk

Apply patches and updates: Update with distributed vendor patches or mitigations for identified vulnerabilities. Some systems remain vulnerable because organizations are either unaware of, or choose not to, implement these fixes. Effective patching can stop many attacks, so implement a monitoring system to be sure your facility always applies the latest patches and updates for operating systems, antivirus tools, and any other software.

Be aware of vulnerabilities: Most major manufacturers regularly post security notifications with information on vulnerabilities and patches that they receive from entities such as the U.S. Department of Homeland Security’s ICS-CERT, Computer Emergency Readiness Teams (CERTs) from various countries, cybersecurity ISACs (Information Sharing and Analysis Centers) around the world, and cybersecurity firms. These updates are designed to fix known vulnerabilities and are encouraged for any Internet-connectable device.

Train your employees: Provide cybersecurity training to all your employees. Educate them about phishing emails, infected attachments, malicious websites, and other methods of attack that they may see at work. Require contractors or managed services vendors to complete the equivalent cybersecurity training.

Identify Potential Points of Failure – From Outer to Inner Ring

  • Perimeter
  • Network
  • Workstation
  • Device

Perimeter: Set up firewalls
Building a highly protected network that helps prevent outside access is the most critical line of defense against cyberattacks. Best practices suggest the following.

  • Limit access to the networks that connect to critical equipment.
  • Always place critical systems and devices behind firewalls and other security protection appliances. Then limit access to only authorized remote connections.
  • Remove or secure devices that connect to the internet to minimize exposure to attackers. Tools are available that will identify internet accessible OT devices that are exposed to the internet.
  • Restrict external network connectivity to your systems and devices.
  • Continually monitor for events that might indicate attempted unauthorized access.
  • Limit access to internal networks where devices reside.
  • Only allow remote workers to access the internal network through VPN (virtual private network) and provide them with a company laptop or other device to avoid the use of personal computers to connect to your network.

Network

An often-overlooked network connection is UPS equipment and other connected devices in your power infrastructure, such as PDUs. While most equipment is connected with network management cards that already offer a degree of security from outside threats, they are not 100% hacker-proof. Even less secure, are the more basic network connections that don’t include a network management card. Choosing the right network card can give you added security. Eaton’s Gigabit Network Card is the first in the industry to meet UL 2900-1 cybersecurity standards. That designation means that it has been rigorously reviewed and tested. The Gigabit card offers a high level of encryption and password protection.

Implement secure access controls by reducing the pathways into and within your networks – Implement security protocols on existing pathways to make it more difficult for a threat to enter and move around your system. Isolate control and safety system networks and remote devices from your business network. This helps prevent an attacker who enters one part of the network from gaining access to other areas. Sanitize laptops and systems that were connected to any other network by fully updating software programs and using antivirus protection. Disable unneeded/unused communication ports and protocols – PLC controllers and network interface modules generally support multiple communication protocols that are enabled by default. Disable ports and protocols that are not required for the application. Use secure methods for remote access – Implement secure methods for remote users to access your network. Require all remote users to connect and authenticate through a single, managed interface before conducting software upgrades, maintenance, and other system support activities. Create an asset inventory and network map – A detailed inventory of your assets and a map of your infrastructure can help increase awareness of components that may require patching and backup. We recommend that you follow these guidelines. 

  • Inventory all devices with an IP address, including their software and firmware versions. 
  • Include removable media and spare equipment. 
  • Identify all communication protocols used across the network.

Catalog external connections to and from the OT networks, including vendor, third-party, and other remote access. Set up measures for detecting compromises – Minimize the chances of compromise by monitoring and auditing system events 24/7. Use intrusion detection systems (IDSs), intrusion prevention systems (IPSs), antivirus software, and usage logs to help detect compromises in their earliest stages. Use a trusted time server such as NTP (Network Time Protocol) to synchronize the clocks for all devices in your network. This helps ensure that your logs provide accurate data about the time of any breach. Despite implementing these preventive measures, you may still experience compromises. Have a plan in place to quickly detect the issue and respond.

Workstation
Implement strong authentication and authorization controls – Change default passwords when new software is installed and regularly after that. This is particularly important for administrator accounts and control system devices. Eliminate the use of default passwords and disable default system accounts when possible. Use role-based access with multi-factor authentication to help prevent security breaches and provide a log of access activity. Add password security features, such as an account lockout that activates when too many incorrect passwords are entered and a requirement for strong passwords for all users. 

Set up a blocklist to deny access to known suspicious or malicious entities – A blocklist (blacklist) filters incoming traffic and denies access to entities (such as domains, email addresses, or applications) that have been previously associated with malicious activity. It can help prevent known viruses, spyware, Trojans, worms, and other kinds of malware from accessing your system. Antivirus tools, spam filters, intrusion detection systems, and other security software commonly incorporate blocklists to help control access. One of the biggest advantages of a blocklist is its simplicity. Any entity not on the list is granted access, but anything that is known or expected to be a threat is blocked.

Use an allow list to help keep your systems safe from unwanted software – Add allow list (whitelist) software to your defenses so only entities that your system recognizes as authorized are granted access or privileges on your workstation. The allow list works with your blocklist software to allow only known software to run. Using an allow list increases your confidence that installed files and loaded executables have maintained their integrity and are authentic. 

Encourage secure workstation habits – Everyone in your company can contribute to cybersecurity efforts by keeping their workstations as safe as possible. Scan any devices used to exchange data, such as external hard drives or USB drives, before using them in any node connected to the network. Remove unnecessary programs and services from workstations and store sensitive data on a server. Regularly back up data from hard drives. And be sure that everyone gets into the habit of locking their screens when they aren’t in use.

Device Install physical controls to help prevent unauthorized access – While this isn’t just a cybersecurity issue, it’s important to put physical controls in place so that no unauthorized person can access your equipment or devices. Keep all controllers in locked cabinets and limit access to any connected devices. 

Track operating modes – Keep PLCs in RUN mode. If PLCs are not in RUN mode, confirm that an alarm informs the operators. 

Check the documentation for product-specific information – Review the product guides for your equipment to find cybersecurity recommendations and best practices.

Conclusion

Cybersecurity is top of mind for most major UPS manufacturers. As protections from unwanted access to your network are evolving rapidly, most major manufacturers offer firmware upgrades that enhance the security features of your UPS equipment. We recommend regularly checking your network-connected UPS equipment for firmware upgrades.

Below is a list of links that can help you find updates that may be available for your equipment.

APC/Schneider Electric
Eaton
Vertiv/Liebert
CyberPower
Toshiba
Alpha 

For equipment not included in the above list, we recommend an Internet search for either the specific part number for your UPS or other power equipment. If you aren’t sure of the exact part number, do a search for the manufacturer’s firmware upgrade site using a specific search term such as, “APC Smart-UPS Firmware Upgrade”. Before downloading any software, confirm you are on the manufacturer’s website and not a third-party site.

For more information about protecting your network from cyber threats, contact us, 800-876-9373 or [email protected].

Download the whitepaper version of this article.