Are we still in time in Spain to avoid this mishap?
I know I should be looking for the needle in the Haystack, but looking for that in a Waste Water Tank is not easy either. When you have to protect Drinking & Waste Water control networks plants you should be aligned with the best practices and be national regulation complaint.
Since February 2014, EEUU deployed its Cyber Security Framework from the National Institute of Standards and Technology (NIST). In that General Framework, detection of behavioral anomalies, is recognized in the third function defined by the Framework: Detect.
Under the function Detect (DE) is the category of Anomalies and events (AE), and under this, there is one sub management categories established:
· DE.AE-1: A baseline of network operations and expected data flows for users and system is established and managed.
(The need to detect anomalies in control networks is found in the following standards: COBIT 5 DSS03.01, ISA 62443-2-1:2009 188.8.131.52 and NIST SP 800-53 Rev. 4 AC-4, AC-3, CM-2, SI-4)
In the Water sector and in 2014 too, AWWA deployed another Cyber Security Framework (Process Control System Security Guidance for the Water Sector). In this guide there was a Cross Reference to NIST Cybersecurity Framework, and the only two categories not addressed in this cross reference were related with cyber security events detection!!!
Why is this? I don’t really know, but what I do know is that continuous security monitoring is the only way to detect any threat in your network and managed risk in a proper way.
Now we are going to have our water sector regulation in Spain but … Are we going to forget about anomalies detection in our permanent security measures too?
If so, we will never find the needle (or the virus) in our water tanks.
Enrique Martín García (Telvent Global Services)