Active monitoring is also essential to a well-rounded cybersecurity program. Questioning all access to critical systems, then monitoring that access in real time, as well as preventing critical functions, such as code download, without appropriate approvals and privileges, for example, are critical to mitigating the malicious insider threat.
A security intelligence (SI) capability is another important component of a defense-in-depth approach. SI solutions integrate with existing systems and detect events of risk-management interest, providing security with actionable and comprehensive insight into threats.
SI builds on the data-collection capabilities of log management; the correlation, normalization, and analysis capabilities of security information and event management; the network visibility and advanced threat detection of network behavior anomaly detection; and the network traffic and application content insight afforded by network forensics.
Another component that security professionals should consider is anomaly detection, a relatively new technology that learns the normal behavior of networks and systems and provides alerts when anomalous activities occur that might signal a hacking attempt. Anomaly detection can help security personnel spot new threats even before malware signatures are available.
In the face of evolving cyberthreats such as Stuxnet and Flame, there is no doubt that the critical infrastructure owners and operators need to continuously reevaluate the risks they face and revise their defenses accordingly. How well they will meet the challenge remains to be seen.
Douglas Powell, CPP, PSP, is manager of security and privacy at British Columbia Hydro and Power Authority in Burnaby, British Columbia. He is chair of the ASIS Critical Infrastructure Working Group and vice chair of the ASIS Utilities Security Council. Allan Wick, CPP, PSP, PCI, is corporate security and business continuity manager for Tri-State Generation and Transmission Association, Inc., of Denver, Colorado, and chair of the ASIS International Utilities Security Council. Don Fergus, CISSP (Certified Information Systems Security Professional), CRISC (Certified in Risk and Information Systems Control), is senior vice president, professional services, for Patriot Technologies, Inc., of Frederick, Maryland, and chair of the ASIS Information Technology Council.