Secure Critical Infrastructure Demands Proactive Measures

By Collin Miller, Director of Cloud Security

Given the emergency brought on by rapid spread of COVID-19, many businesses have been shut down or are transitioning to telework to comply with public health measures. However, for the group of organizations that make up our critical infrastructure, shutting down is not an option.  Critical infrastructure in the U.S. is defined as the following:

  1.  Agriculture and food
  2.  Water
  3.  Public Health
  4.  Emergency Services
  5.  Government
  6.  Defense Industrial Base
  7.  Information and Telecommunications
  8.  Energy
  9.  Transportation and Shipping
  10.  Banking and Finance
  11.  Chemical Industry and Hazardous Materials
  12.  Post
  13.  National monuments and icons
  14.  Critical manufacturing

These sectors must find a way to continue operations while ensuring the health and safety of their employees, customers and other stakeholders. Many are implementing work-from-home policies and enabling widespread remote access. This presents new cybersecurity challenges as remote access systems are hastily rolled out and new users learn how to access Virtual Private Networks (VPNs) and other solutions for the first time.

In this new reality, securing remote access to our critical infrastructure is more important than ever.  The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) recommends the following actions to secure remote access systems:

  1.  Ensure VPNs and other remote access systems are fully patched.
  2.  Enhance system monitoring to receive early detection and alerts on abnormal activity.
  3.  Implement multi-factor authentication.
  4.  Ensure all systems have properly configured firewalls, anti-malware, and intrusion prevention installed.
  5.  Test remote access system capacity and increase capacity if necessary.
  6.  Verify continuity of operations/business continuity plans are up to date.
  7.  Increase awareness of IT support mechanisms for remote workers.
  8.  Update incident response plans to consider workforce changes in a distributed environment.

We have already seen malicious actors take advantage of the fear, confusion, and disruption caused by the novel coronavirus pandemic by conducting phishing attacks, disinformation campaigns, and spreading malware. 

The time to take action is now.  Whether rolling out multi-factor authentication, securing cloud-based infrastructure and applications, or implementing unified communication and collaboration solutions, Structured stands ready to assist organizations in securing critical infrastructure and remote access in these uniquely challenging circumstances.