Webinar named “Automated Business Continuity &
Data Protection in Smart Manufacturing” was organized by HKPC on 10th
Jun 2022. They invited two speakers to introduce cyber resilience and the first
rule of business continuity.
The first speaker was Mr. Lawrence Law (Security
Consultant, HKCERT) and his topic entitled “Embracing Cyber Resilience in Smart
Manufacturing”. Firstly, he introduced HKCERT that coordination of information
security incident response for local enterprises and internet users. He also briefed the global operational technology
(OT) security incidents increasing in manufacturing segment.
Then Mr. Law explained four factors causing OT sectors’
vulnerability. They are “Human Operated Ransomware”, “Pandemic drives”, “Digital
Transformation” and “Unpatched Systems”. Most of hacker attack IT first and
then went to OT that cause Industrial control system (ICS) vulnerability.
After that he mentioned to build cyber resilience
withstands cyber-attacks. 3 key strategies are “Adopt Network Segmentation”, “Data
Backup and Recovery” and “Enhance Network Security Visibility”. For segmenting OT
network, De-militarized Zone (DMZ) was employed to separate IT and OT.
The Purdue Model, formally the Purdue Enterprise
Reference Architecture (PERA), is a structural model for industrial control
system (ICS) security, concerning physical processes, sensors, supervisory
controls, operations, and logistics. It separated from Level 0 to Level 5. Some
critical data stored in level 3 under OT and level 4 under IT.
Finally, Mr. Law stated implementation of network
security through “enforcement of strict access control to OT network”, “establishment
of visibility to all OT communication”, “Conducting baseline of device asset
and setting” and “On-going monitoring and detection”. Lastly he introduced IoT
security best practice guideline in HKCERT website.
The second speaker was Mr. Chris Wong (Regional
Channel System Engineer, HK & Taiwan, Veeam). In the beginning, he introduced the history
of ransomware since 1981.
Then he briefed Advanced Ransomware Attach in six
stages and they are “Observation”, “Setting up Shop”, “Preparation”, “Cripple
recoverability” and “Ransom Declared”.
After that Mr. Wong introduced three-part defense
approach and they are protection of immutable backup, alert for visibility and
reliable recovery.
Finally, he suggested 32110 best practices for
ransomware protection. An immutable backup should be employed for protecting
data that ensures the data is fixed, unchangeable, and can never be deleted,
encrypted, or modified. Recovery should consider Scale, Recure Restore and Disaster
Recovery Orchestration.
沒有留言:
發佈留言