Critical infrastructure operators and related organizations looking to achieve the Cybersecurity and Infrastructure Security Agency’s cross-sector performance goals should consider a variety of actions to protect their systems from threats, according to Roman Arutyunov, co-founder and senior vice president of products at Xage Security.
In a blog post published earlier this month, Arutyunov highlighted the importance of tracking assets, managing credentials and authentication, segmentation and vulnerability mitigation with a 10-step checklist.
“Keeping sensitive data encrypted, and behind multiple layers of defense, and requiring extra layers of authentication in order to access sensitive data, are increasingly urgent for critical infrastructure organizations,” he wrote.
To organize identities and credentials, Arutyunov recommended changing default passwords, separating user and privileged accounts and rotating credentials.
Arutyunov said organizations should implement compensating and commensurate controls for assets lacking credentials, use multifactor authentication, adopt strong encryption and secure sensitive data.
Other actions he listed are limiting connections of OT assets to the public internet, collecting and storing logs, segmenting networks at the most granular level and handling known vulnerabilities.