Situational awareness is the “voodoo” art of how to piece information together and provide a coherent picture of the true threats to your environment.
NIST recently released a draft version of NIST SP 1800-7, Situational Awareness for Electric Utilities, which covers architecture requirements for integrating ICS, OT, and IT networks for an integrated analytical approach for the energy sector. This requirement has been challenging for utilities to implement as their IT and OT networks have been purposefully kept at arms-length from each other. As this boundary becomes blurred and legacy OT devices are networked, there are obvious security concerns. The NIST document does a great job of outlining a high-level reference architecture, as well as laying out the steps utilities should take from the start of their process (product selection) to the implementation of their systems.
Here are 3 ways that utilities will benefit by using the NIST practice guide:
- Methodology and Architecture – The NIST practice guide lays out a Methodology to guide organizations through planning and the implementation lifecycle. In addition, it also lays out a reference architecture, giving utilities an understanding of how the systems must come together to effectively meet the requirements.
- Defined Security Capabilities – The NIST practice guide is built on the NIST Cybersecurity Framework, attributing the security capabilities to the framework. It gives organizations the requisite starting point for identifying and integrating the security capabilities into their own cybersecurity framework.
- How-To Guides – The How-To section provides examples of a national security architecture. NIST is quick to point out the architecture is only a reference and may not match or suit an organization’s current architecture or requirements. However, with the additional setup guides for the security capabilities implemented in the computer lab, it does give organization’s a head start if they do choose to implement one of the documented capabilities.
Hint to the Wise
While the NIST standard provides excellent guidance in many areas, it does not cover aspects of security that are required to have a mature solution. For example, the key to a great situational awareness environment are the rules and alerts used in each of the systems to identify suspicious or malicious packets. Although these topics are part of the ‘longer tail’, continuous monitoring and analytics are necessary capabilities that not only drive revisions to the logic but also bring context to enhance risk decisions and business requirements.
The analytics of situational awareness, which would include threat intelligence pieces, is the hardest part of any cybersecurity program. It is hard because it takes time to build the foundational information about what is occurring on the network and also to piece together the longer “so what” aspects, which are always asked from senior leadership. Situational awareness is much more than systems connected together but is also the “voodoo” arts of how to piece the information together and provide a coherent picture of the true threats to your environment.
Photo credit: Flickr
By going to work quickly to solve the most challenging cybersecurity and identity management problems, Idenhaus takes the pain out of securing corporate information and assets for companies that aspire to maximize their potential in this digital age. Click here to contact us