Best Practices Against Cyberthreats
You know it’s serious when the U.S. Department of Homeland Security sends out an advisory.
In response to a recent cyberattack on a natural gas compression facility, the department’s Cybersecurity and Infrastructure Security Agency (CISA) issued a long list of best practices to help energy companies protect themselves. Surprisingly, the victim organization had not included cyberattacks in its emergency response plan. As a result, it was forced to shut down operations for two days.
Among CISA’s recommendations:
- Make sure your organization’s emergency response plan “considers the full range of potential impacts that cyberattacks pose to operations, including loss or manipulation of view, loss or manipulation of control, and loss of safety.”
- “Allow employees to gain decision-making experience via tabletop exercises that incorporate loss of visibility and control scenarios.”
- “Implement redundant communication capabilities between geographically separated facilities responsible for the operation of a single pipeline asset.”