close
close

UK Government advises best practice on embedded device security

Posted on by darion

The UK government’s cybersecurity department has published new guidance to help businesses around the world better secure their operational technology (OT) and industrial control systems (ICS) equipment.

The guide, published by RITICS, presents recommendations and best practices for companies to help avoid attacks on embedded technologies.

The security body noted that there are a number of key differences between how OT/ICS networks operate and traditional IT networks. While protecting data confidentiality is a core function of IT networks, OT security focuses on maintaining the availability and integrity of devices accessing data.

“While cyber incident response plans (IRPs) should address both IT and ICS/OT systems, there are key differences that exist in ICS/OT environments that must be considered,” explains RITICS.

To address this issue, the group suggested that administrators take a different approach to OT networks and change the way they respond to incidents.

“ICS/OT systems and networks are typically sensitive to availability and integrity requirements, which requires incident response procedures to consider how systems are interacted with to collect data for forensic purposes,” the security group explains.

“These considerations should be documented in a detailed ICS/OT response plan, which may take into account different systems used across the ICS/OT operator’s assets, such as different locations, industrial processes, or system functionalities.”

Should an attack occur (which RITICS believes will likely happen to most companies sooner or later), the group said properly identifying and isolating the attack will be critical to minimizing damage.

“Operations, engineering and maintenance teams know your systems best and know how they behave,” the group noted.

“Training these teams to report suspicious behavior and building a culture that encourages reporting suspicious behavior are necessary long-term organizational efforts that will increase incident detection coverage and also help raise cybersecurity awareness among those who are not in full-time cybersecurity roles.”

RITICS stated that ultimately, the security of OT and ICS systems depends not so much on the knowledge of the security measures implemented within the organization, but on the ability to properly implement them and analyze data collected from incidents.

“Regardless of the choices ICS/OT operators make in deploying threat detection technologies, services, or internal capabilities, they should have a clear understanding of the current scope of logging and monitoring in their environment,” RITICS said.

“This is key to helping understand potential gaps and improvements in logging and monitoring coverage. More importantly, it gives the incident response team (regardless of its composition) a clear picture of where and how to collect logs to facilitate analysis.”