SBN

Data Loss Protection (DLP) for ICS/SCADA

Introduction

Data loss prevention (DLP) is a strategy that seeks to avoid the deletion, corruption or leakage of confidential or proprietary data stored on company devices, networks and servers. DLP’s primary goal is to control who has access to data that a given company holds. 

In addition, DLP is also concerned with what others do to such data once they have access to it: for example, copying of data onto portable devices or USB drives, printout or circulating data via email or chat app. In fact, 34% of experts at SecurityWeek’s 2019 ICS Cyber Security Conference identified malware-ridden removable media drives as an attack vector (like Stuxnet and its zero-day USB-based exploitation), followed closely by email/phishing.

Nevertheless, causes of data loss may vary from negligence (e.g., a misconfigured firewall) to infiltration or insider threats. Verizon’s 2018 Data Breach Investigations Report estimated that insiders were involved in 28% of all cyberattacks.

An industrial control system (ICS) / supervisory control and data acquisition (SCADA) infrastructure is the simplified tool for management, monitoring and control of industrial processes. Disruptions of operations are often avoided at the expense of security. If ICS systems were known for something in the past, that was the fact that they operated in silos, i.e., the operational technology (OT) part was separated from the IT part, and the rest of the world. For better or worse, more such companies utilize smart technology — to manage operations or perform instantaneous measurement of some indicators, for example.

In the beginning of 2020, the Cybersecurity and Infrastructure Agency (CISA) registered a major cyberattack that caused an outage in a gas compression facility. The adversary managed to reach it by moving from the IT network of the facility onto the OT network as a result of an employee (Read more...)

*** This is a Security Bloggers Network syndicated blog from Infosec Resources authored by Dimitar Kostadinov. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/mgWvPLbaZww/