As the days grow shorter and colder, I’m reminded that November is Critical Infrastructure Security and Resilience Month here in the US. According to the Department of Homeland Security, this observance “builds awareness and appreciation of the importance of critical infrastructure and reaffirms the nationwide commitment to keep our critical infrastructure and our communities safe and secure.”
Great songs tend to stick in our heads, so I thought I’d help to keep our critical infrastructure secure by putting it to music. Do you remember “The Dark Side of the Moon,” the epic album from Pink Floyd? Here are its wonderful tracks and a view on how each relates to cybersecurity:
- Speak to Me. Cybersecurity is a boardroom-level conversation now, and every critical infrastructure operator from power utilities to healthcare providers to water treatment plants should be talking about how cybersecurity risks can affect critical operations. Risk management conversations and coordination should include input from all levels in the organization: the executive level, the business/process level, and the implementation/operations level. These inclusive discussions help build consensus throughout the organization as well.
- Breathe. Once the cybersecurity conversation begins, the threat landscape and system vulnerabilities and what-if scenarios start sounding very ominous. Panic can set in. Protecting critical infrastructure can seem completely overwhelming! Here’s what to do: Breathe! Breathe in the air. Don’t be afraid to care. We at Cisco have some good news for you, and we can help too.
- On the Run. Keeping things on and running — availability — is the main mission of most critical infrastructure operators, sometimes at the expense of protecting data confidentiality and maintaining system integrity. Remember that cybersecurity must address all three tenets — confidentiality, integrity, and availability — so that cybersecurity problems don’t become operational problems. Recent ransomware outbreaks that completely shut down hospital systems are just the start. Cisco Ransomware Defense is one example of our many capabilities to help critical infrastructure operators address all three tenets of cybersecurity.
- Time. In cybersecurity, time is not our friend. Breaches and outages can happen in a matter of minutes. We must have the right capabilities to not only reduce the time to detection (discovering that you’re under attack) but also the time to remediation (taking effective action once you’re under attack). We at Cisco deliver the ultimate visibility and responsiveness to detect more threats and remediate them faster.
- The Great Gig in the Sky. There are a lot of compelling reasons to look up to the clouds. Cloud computing offers a wide range of IT capabilities with efficiency and scale that’s difficult or impossible to do in-house. However, you must have visibility and control over those great gigs in the sky. Consider CloudLock, a cloud cybersecurity platform that helps organizations securely leverage the cloud for apps they buy and build. CloudLock delivers security for cloud applications and platforms, including SaaS (Google G Suite, Box, Dropbox, Salesforce, ServiceNow, Slack) IaaS (Amazon Web Services), and PaaS (Force.com).
- Money. Just like Time, Money is not our friend in cybersecurity either. Critical infrastructure operators have very limited resources, so they must use them as effectively as possible. Every cybersecurity investment must help bring risks down to acceptable levels. Cisco Advisory Services is one example of how we can help. Our Strategy and Risk Management Services include assessments, planning and guidance that deliver a holistic view of IT risks from the impact of using cloud and mobile services as part of an IT strategy – one that helps ensure that cyber investments are as efficient and effective as possible.
- Us and Them. According to Gartner, about 30% of US organizations have already adopted the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF) for Critical Infrastructure Protection. By 2020, it’s expected to be 50% of US companies. If your organization hasn’t considered adopting their framework, we think you ought to have a look. It’s a simple yet effective way to help manage cyber risks, covering the most critical people, process and technology controls. And we at Cisco have mapped our products and services to the CSF to make it easy for us to help.
- Any Colour You Like. Many organizations have already decided to follow a comprehensive risk management framework like ISACA COBIT 5, the ISO 27000-series, or maybe the Electricity Subsector Cybersecurity Risk Management Process (RMP). You can still use those with the NIST CSF; in fact, the NIST CSF is meant to help guide you to the key areas that will help manage cyber risks most effectively in your organization. Then it maps back to those frameworks so that you can get the detailed information you need. So follow any risk management framework you like. The NIST CSF is there to support and complement it — not complicate it.
- Brain Damage. Threat intelligence is vital. It must be built into the cybersecurity products you buy, updated constantly, and backed by a vigilant and experienced team of cyber experts and threat-hunters. Products that lack actionable threat intelligence could be diagnosed with… well, the song title says it best. Anyway, here at Cisco, Talos is our industry-leading threat intelligence organization. They detect and correlate threats in real time using the largest threat detection network in the world to protect against known and emerging cyber security threats to better protect your organization and keep your systems running. And we built it in.
- Eclipse. Whether the Earth blocks the Moon from view, or the Moon blocks the Sun, the eclipse reminds us that we still have to block as many attacks as we can. Sure, we must also be able to Detect, Respond, and Recover, but we cannot lose sight of the importance of blocking capabilities: Identify and Protect. That’s why we at Cisco have advanced solutions to provide deep visibility and advanced control over your network: To help you know what you have so that you can properly secure it and block threats from affecting operations. Of course, that’s in addition to our Detect, Respond, and Recover capabilities – but let’s focus on essential preventative controls too.
Okay, so there you have it. Cybersecurity to the tune of the Dark Side of the Moon. And now? Well… The time has come, the blog is over. Thought I’d something more to say.