Preventing Widespread Cybersecurity Impacts with Network Segmentation

As Shawn Taylor recently wrote for Security Magazine, “There are nearly as many motives for a cyberattack as there are modes of operating.” In other words, the threat landscape is widening from all angles. There are a variety of players, methods, technologies and vulnerabilities. And there are no real signs of this trend slowing down. However, there are measures that prevent it from causing large-scale impacts. One such practice is network segmentation.

Defining Network Segmentation

Like it sounds, network segmentation is the act of compartmentalizing a system. More specifically, the Cybersecurity & Infrastructure Security Agency (CISA) defines it as a “physical or virtual architectural approach dividing a network into multiple segments, each acting as its own subnetwork providing additional security and control.”

Although network segmentation is not an end-all-be-all cybersecurity strategy, it is a significant addition to an operator’s overall proactive plan. Chief among its benefits is that it combats a breach from reaching all of a facility’s systems. Essentially, it can help to quarantine a hacker’s access to only one specific area, therefore buying time to patch other openings. In an interview with Plant Services, David Anteliz, the senior technical director at Skybox Security, emphasized this point stating, “With segmentation, we’re able to offset some of the problems that come with brute force attacks.”

Network Segmentation in Action

Because of the service it provides, network segmentation has increasingly become a go-to cybersecurity best practice. This is especially true as industrial operations turn more and more to a mix of wired and wireless networks.

As outlined in a press release put out by the Transportation Security Administration (TSA) in July, network segmentation was even a part of the revised Security Directive regarding oil and natural gas pipeline cybersecurity. After publishing an initial directive in 2021, the TSA decided to update the guidelines considering the evolving and intensifying risk presence. With input from other organizations such as the CISA, the new set was issued with a focus on technologies that allow the industry to better adapt. Included is the development of “network segmentation policies and controls to ensure that the Operational Technology system can continue to safely operate in the event that an Information Technology system has been compromised and vice versa,” according to the press release.

In a more recent circumstance, law enforcement from around the globe warned critical infrastructure owners to be on alert for exploitations of vulnerabilities associated with Fortinet FortiOS and Microsoft Exchange, which Iran-sponsored actors may have been targeting. In order to protect against this situation, the agencies located across the U.S., U.K., Australia and Canada are urging that network segmentation is implemented. By doing so, an organization can prevent lateral movement if they are or were to be affected.

Network Segmentation Challenges

However, as network segmentation continues to appear in recommendation lists, it is important to remember that maintaining it can be very challenging and deserves proper technique and attention. In 2017, Paul Brandau wrote the following line for Delta Risk, and it remains true. “Proper network segmentation can be very difficult to implement correctly, especially on networks that have existed without it for many years. It requires an in-depth understanding of the expected network communication within the organization, or else segmentation may stop employees from performing their normal day-to-day work functions.”

So, if you are implementing network segmentation for the first time, it is most likely going to take hefty changes in the architectural design of networks. This means that you will need both the tools and expertise to complete this task. Luckily, Veracity is here to help with that process. You can request a demo to learn more about the ways in which we support full cycle industrial network segmentation at https://veracity.io/contact/

Sources:
Share

You Might Also Like...

IT Support by SADOSSecure, Fast Hosting for WordPress