Featured Image

Building an Advanced Cybersecurity Plan: Maintenance and Incident Response

A company's cybersecurity plan requires constant monitoring and maintenance in order to effectively detect, analyze, contain, recover, and prevent attacks. Learn what steps personnel should take when an incident is detected and how to maintain the system.
Jan 12, 2023

A company’s network and the cybersecurity implementation on that network require continuous monitoring and maintenance – just as a company would for any other piece of equipment. Maintenance of the cybersecurity implementation involves both periodic maintenance and incident response. The maintenance procedures and policies should be documented as part of a company’s overall cybersecurity plan, and compliance with these procedures and policies should be part of management’s oversight responsibilities.

When a cybersecurity problem is identified, incident or otherwise, the problem should be reported to the appropriate individuals responsible for oversight of network security. Immediate action should be taken to address any issue identified. The problem and the actions taken to address the problem should be fully documented.

Generally, most, if not all, of the software and hardware included in a company’s network and the equipment connected to the network is supplied by outside suppliers. There should be a contractual requirement with each of these suppliers defining their responsibility for immediately identifying any security vulnerabilities related to their products. The remedy to address these issues will vary depending on the complexity of the issue and the potential vulnerabilities to the company.

Tools used to monitor and maintain the network should also be continuously updated to provide detection for ever-evolving types of security threats. These tools should also be subject to significant scrutiny since they, too, can contain malicious code that can impact the network or contain a “back door” means to access the network. Security scanning of these tools and all vendor updates to equipment and software associated with the network and the cybersecurity implementation should be required before they are approved for use on the network.

The security plan should address detection, analysis, containment, recovery, and prevention from reoccurrence. It should also document how personnel respond when a cybersecurity incident is detected.

Obvious security incidents like equipment failure, ransomware, phishing, etc., should immediately be reported to the appropriate network security personnel. Additionally, network monitoring tools should be capable of detecting access control breaches, suspicious network traffic, detection and identification of new equipment connected to the network, and real-time scanning of all software running on the equipment connected to the network. Additionally, these detection systems should monitor and log all authorized access to the physical network equipment and, when possible, block all unauthorized access to this equipment.

Severe cybersecurity incidents are on the rise – especially ransom attacks. Many companies choose not to openly report such incidents, representing the issue to employees and customers as an equipment failure or major network failure. This is understandable since management’s responsibility is to protect the company’s reputation, customer relations, and personnel. However, information about the vulnerabilities that lead to these attacks and the actions taken to prevent a reoccurrence is very valuable to help other companies avoid such attacks. Companies are encouraged to report all attacks to authorities. The FBI and your state's attorney general are the best authorities to notify when a severe cybersecurity incident is detected. By reporting the incident promptly, you may gain valuable information to help resolve the incident and provide important information to help other companies avoid a similar attack. Suppose it is determined that an attack was caused by an unintentional action by an employee or service provider. In that case, it is important to address this with all employees and/or suppliers to minimize the chance of a repeat incident.

For more details on addressing maintenance and incident response relative to cybersecurity, you may want to reference Section 3.6 Incident Response, Section 3.7 Maintenance, and Section 3.14 System and Information Integrity of NIST standard SP 800-171.

For more on this topic, we invite you to explore the Building an Advanced Cybersecurity Plan article series.

Part 1: Engagement and Reinforcement

Part 2: Interaction Mapping

Part 3: Access Control

Part 4: Electronic Media Protection

Part 5: Identification and Authentication

Part 6: Activity Logging, Auditing, and Traceability

Part 7: Network Resource Configuration Management

Part 8: Communications, Network, and Database Security 

Part 9: Personnel and Infrastructure Security

Part 10: Maintenance and Incident Response

Part 11: Risk Assessment and Vulnerabilities Testing

John Turner
Director of Technology for FA Consulting & Technology (FAC&T) and member of the MTConnect Institute.
Recent technology News
Digital manufacturing uses operational data for more informed decision-making, which helps increase workflow efficiency. But a major challenge is the quality of data. Learn more about this crucial factor in digital manufacturing decision-making processes.
Art and engineering, Robot retires to do what it loves, Projects for standards in measurement, US air force offers am experience for students.
Digital manufacturing is company-specific strategy that uses data from manufacturing operations to support more informed decision-making and increase efficiency. Find out what goes into building a unique digital manufacturing strategy for your business.
KOVAL smartly deploys advanced monitoring technology in the service of creating a reliable, consistent (and delicious) product.
Any cybersecurity implementation involves a trade-off between a company’s tolerance for risk and the effort and costs associated with protecting the company’s resources and customers. Learn how to assess risk and test for vulnerabilities in your network.
Similar News
By Stephen LaMarca | May 12, 2023

In April, Silicon Valley Robotics hosted its annual Robot Block Party in Oakland, California. The event served as a hub for robotics enthusiasts, hobbyists, and makers to showcase their projects and products. Think public school book fair – but for robots.

4 min
By Nina Anderson | May 23, 2023

Does a year-over-year percentage growth truly reflect industry change? Do increased robot installations in sectors with less robot density look the same in ones with more density? Derivatives help expose how total change is affected when variables change.

5 min
By Stephen LaMarca | May 12, 2023

Roboangelo. AI is so big it needs 7 research institutes. Raspberry Pi on steroids. Exhaustion? No. Errors? Rarely, but yes. Captain planet is a LIAR!

5 min