Featured Image

Building an Advanced Cybersecurity Plan: Maintenance and Incident Response

A company's cybersecurity plan requires constant monitoring and maintenance in order to effectively detect, analyze, contain, recover, and prevent attacks. Learn what steps personnel should take when an incident is detected and how to maintain the system.
Jan 12, 2023

A company’s network and the cybersecurity implementation on that network require continuous monitoring and maintenance – just as a company would for any other piece of equipment. Maintenance of the cybersecurity implementation involves both periodic maintenance and incident response. The maintenance procedures and policies should be documented as part of a company’s overall cybersecurity plan, and compliance with these procedures and policies should be part of management’s oversight responsibilities.

When a cybersecurity problem is identified, incident or otherwise, the problem should be reported to the appropriate individuals responsible for oversight of network security. Immediate action should be taken to address any issue identified. The problem and the actions taken to address the problem should be fully documented.

Generally, most, if not all, of the software and hardware included in a company’s network and the equipment connected to the network is supplied by outside suppliers. There should be a contractual requirement with each of these suppliers defining their responsibility for immediately identifying any security vulnerabilities related to their products. The remedy to address these issues will vary depending on the complexity of the issue and the potential vulnerabilities to the company.

Tools used to monitor and maintain the network should also be continuously updated to provide detection for ever-evolving types of security threats. These tools should also be subject to significant scrutiny since they, too, can contain malicious code that can impact the network or contain a “back door” means to access the network. Security scanning of these tools and all vendor updates to equipment and software associated with the network and the cybersecurity implementation should be required before they are approved for use on the network.

The security plan should address detection, analysis, containment, recovery, and prevention from reoccurrence. It should also document how personnel respond when a cybersecurity incident is detected.

Obvious security incidents like equipment failure, ransomware, phishing, etc., should immediately be reported to the appropriate network security personnel. Additionally, network monitoring tools should be capable of detecting access control breaches, suspicious network traffic, detection and identification of new equipment connected to the network, and real-time scanning of all software running on the equipment connected to the network. Additionally, these detection systems should monitor and log all authorized access to the physical network equipment and, when possible, block all unauthorized access to this equipment.

Severe cybersecurity incidents are on the rise – especially ransom attacks. Many companies choose not to openly report such incidents, representing the issue to employees and customers as an equipment failure or major network failure. This is understandable since management’s responsibility is to protect the company’s reputation, customer relations, and personnel. However, information about the vulnerabilities that lead to these attacks and the actions taken to prevent a reoccurrence is very valuable to help other companies avoid such attacks. Companies are encouraged to report all attacks to authorities. The FBI and your state's attorney general are the best authorities to notify when a severe cybersecurity incident is detected. By reporting the incident promptly, you may gain valuable information to help resolve the incident and provide important information to help other companies avoid a similar attack. Suppose it is determined that an attack was caused by an unintentional action by an employee or service provider. In that case, it is important to address this with all employees and/or suppliers to minimize the chance of a repeat incident.

For more details on addressing maintenance and incident response relative to cybersecurity, you may want to reference Section 3.6 Incident Response, Section 3.7 Maintenance, and Section 3.14 System and Information Integrity of NIST standard SP 800-171.


For more on this topic, we invite you to explore the Building an Advanced Cybersecurity Plan article series.

Part 1: Engagement and Reinforcement

Part 2: Interaction Mapping

Part 3: Access Control

Part 4: Electronic Media Protection

Part 5: Identification and Authentication

Part 6: Activity Logging, Auditing, and Traceability

Part 7: Network Resource Configuration Management

Part 8: Communications, Network, and Database Security 

Part 9: Personnel and Infrastructure Security

Part 10: Maintenance and Incident Response

Part 11: Risk Assessment and Vulnerabilities Testing

PicturePicture
Author
John Turner
Director of Technology for FA Consulting & Technology (FAC&T) and member of the MTConnect Institute.
Recent technology News
Successfully implementing edge computing into your shop floor may be more cost efficient than you think! Here are a couple ways your shop (and budget) can benefit. Bonus: Edge computing devices can also bolster your cybersecurity measures, saving you more!
In collecting data for digital manufacturing, the underlying system architecture for collecting and storing the data can significantly impact the system's benefits and its flexibility for future extensions. We examine two types that may address your needs.
Event to Connect Small and Medium Manufacturers with Experts in Smart Technologies
Edge computing in digital manufacturing involves placing devices between data sources and the network, and ranges from basic data collection to distributed systems. Learn more about its benefits like data processing, isolation, organization, and security.
What are the benefits of harvesting semantic data from equipment on the shop floor? For starters, it's easier to integrate machines into shop maintenance and monitoring systems. Learn how the industry has responded to semantic data – and where it's going.
Similar News
undefined
Technology
By Douglas K. Woods | Oct 07, 2024

Change is happening faster than ever. With it comes opportunities – as well as potentially insurmountable challenges to the status quo.

6 min
undefined
Technology
By Stephen LaMarca | Oct 02, 2024

OpenUSD and USD refer to the same core technology, with OpenUSD emphasizing the framework's open-source nature.

4 min
undefined
Technology
By Bonnie Gurney | Oct 03, 2024

Throughout the six days of IMTS 2024, the IMTS+ Main Stage hosted more than 85 speakers and produced more than 50 live shows.

4 min