Secure Critical Infrastructure Demands Proactive Measures
By Collin Miller, Director of Cloud Security, Structured
Given the emergency brought on by rapid spread of COVID-19, many businesses have been shut down or are transitioning to telework to comply with public health measures. However, for the group of organizations that make up our critical infrastructure, shutting down is not an option. Critical infrastructure in the U.S. is defined as the following:
- Agriculture and food
- Public Health
- Emergency Services
- Defense Industrial Base
- Information and Telecommunications
- Transportation and Shipping
- Banking and Finance
- Chemical Industry and Hazardous Materials
- National monuments and icons
- Critical manufacturing
These sectors must find a way to continue operations while ensuring the health and safety of their employees, customers and other stakeholders. Many are implementing work-from-home policies and enabling widespread remote access. This presents new cybersecurity challenges as remote access systems are hastily rolled out and new users learn how to access Virtual Private Networks (VPNs) and other solutions for the first time.
In this new reality, securing remote access to our critical infrastructure is more important than ever. The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) recommends the following actions to secure remote access systems:
- Ensure VPNs and other remote access systems are fully patched.
- Enhance system monitoring to receive early detection and alerts on abnormal activity.
- Implement multi-factor authentication.
- Ensure all systems have properly configured firewalls, anti-malware, and intrusion prevention installed.
- Test remote access system capacity and increase capacity if necessary.
- Verify continuity of operations/business continuity plans are up to date.
- Increase awareness of IT support mechanisms for remote workers.
- Update incident response plans to consider workforce changes in a distributed environment.
We have already seen malicious actors take advantage of the fear, confusion, and disruption caused by the novel coronavirus pandemic by conducting phishing attacks, disinformation campaigns, and spreading malware.
The time to take action is now. Whether rolling out multi-factor authentication, securing cloud-based infrastructure and applications, or implementing unified communication and collaboration solutions, Structured stands ready to assist organizations in securing critical infrastructure and remote access in these uniquely challenging circumstances.
Collin Miller is the Director of Cloud Security for Structured, managing strategies for securing cloud-based infrastructure and applications. He has more than 16 years’ experience in networking and IT security, focusing on data loss prevention (DLP), secure remote access and authentication, next-generation firewall (NGFW), and security event and information management (SIEM). Collin is also an avid backpacker, having completed a thru-hike of the Pacific Crest Trail in 2015.