B5. Resilient networks and systems

Serviceteam IT Security News

Principle

The organisation builds resilience against cyber-attack and system failure into the design, implementation, operation and management of systems that support the delivery of essential services.

Description

The services delivered by an organisation should be resilient to cyber-attack. Building upon B.4 (the technical protection of systems), organisations should ensure that not only is technology well built and maintained, but consideration is also given to how delivery of the essential service can continue in the event of technology failure or compromise. In addition to technical means, this might include additional contingency capability such as manual processes to ensure services can continue.

Organisations should ensure that systems are well maintained and administered through life. The devices and interfaces that are used for administration are frequently targeted, so should be well protected. Spear phishing remains a common method used to compromise management accounts. Preventing the use of management accounts for routine activities such as email and web browsing significantly limits the ability for a hacker to compromise such accounts.

Guidance

Preparation

It’s important to be prepared to respond to significant disruption; for this business continuity and disaster recovery planning is essential. This should include a definition of the most critical resources and an understanding of the order of dependencies, for restoration. Test that these plans can or should work, for example through manual failover, table-top scenario walk-throughs or red-teaming. You should be ready to adjust security level or priority in response to an identified or assumed serious incident, or a change in security risks.

Maintenance and repair

You should reduce the likelihood of failure or attack by taking all reasonable measures to maintain networks, information systems and necessary technologies in good working order. Exceptions should be appropriately managed.

Segregation

In the event of an incident, it is more likely that an essential service will be able to continue where the networks and information systems that support it are segregated from other business and external systems. Separation of system architecture, remote access and privileged access are some key principles that can protect more critical systems from external disruption.

Some essential service sectors may apply the industrial automation and control system security standard IEC 62443, which applies a reference model that separates systems into different logical layers. The standard’s architecture model segregates equipment into security zones.

Capacity

Limitations of networks and information systems, or external services or resources, such as network bandwidth, processing capability, or data storage capacity, should be understood and managed with suitable mitigations to avoid disruption through resource overload.

Diversity and dependencies

Make appropriate use of diverse technologies, geographic locations and so on, to provide resilience. You should understand and manage external or lower-priority dependencies to ensure that alternative means are suitable for continuation of the essential service.

Working backups

In the event of a disruptive event, you should be able to revert to backups of hardware and data that are known to be functioning and accessible. Operators should maintain secured offline, potentially off-site, backups of the operational data, equipment configurations, gold builds, etc. needed to recover from an extreme event.

Suitable alternative backups may include paper-based information and manual processes. Other essential backups may include personnel with appropriate knowledge and access to up-to-date documentation. Consider how to make it easy to recover following an incident or compromise.

References

BS ISO/IEC 27002:2013 section 17

PD ISO/IEC TR 27019:2013 section 14

IEC/TS 62443-1-1

BS IEC 62443-2-1:2011 section 4.3.2

HMG Emergency preparedness

HMG Emergency Response and Recovery: Non statutory guidance accompanying the Civil Contingencies Act 2004

The Business Continuity Institute has some freely available introductory business continuity guidance and members can access more detailed resources

NCSC DOS guidance

< Back to Principle B4                  Forward to Principle B6 >

Source: NCSC

With over 20 years of experience, Serviceteam IT design and deliver sophisticated connectivity, communication, continuity, and cloud services, for organisations that need to stay connected 24/7. We take the time to fully understand your current challenges, and provide a solution that gives you a clear understanding of what you are purchasing and the benefits it will bring you.

To find out how we can help you, call us on 0121 468 0101, use the Contact Us form, or why not drop in and visit us at 49 Frederick Road, Edgbaston, Birmingham, B15 1HN.

We’d love to hear from you!

/by
You might also like
Serviceteam IT Security News IoT Malware Activity Already More Than Doubled 2016 Numbers
Serviceteam IT Security News Factorization Flaw in TPM Chips Makes Attacks on RSA Private Keys Feasible
Serviceteam IT Security News CyberFirst Girls Competition: Could 2018 be your year?
Serviceteam IT Security News Windows Defender Bypass Tricks OS into Running Malicious Code
Serviceteam IT Security News Google Phishing Attack: users hit with sophisticated phishing
Serviceteam IT Security News Protective DNS service for the public sector is now live