Close

Search for a Glomacs Course by Keywords

Categories
Articles

Recent SolarWinds Breach: A Warning of the Perils to Critical Infrastructures (PART 4)

While it is not possible to stop attacks from happening, there is a lot of activities that organizations can do to protect their assets. The nature and details of these activities are broad and addressing them goes beyond the scope of this paper; nevertheless, we will briefly discuss two activities involving cybersecurity culture and training.  

Cybersecurity culture in the workplace is much more than forcing employees to change their passwords regularly and enforcing policies without providing proper rationale. Think of cybersecurity culture as the total of the established or adopted ideas, beliefs, values, and knowledge, which constitute the shared bases of joint action in an organization with regards to cybersecurity. It involves the total range of cybersecurity processes, activities, and ideas created or shared by individuals within an organization with shared goals, which are transmitted and reinforced throughout the organization.

The following are examples of a good cybersecurity culture:

There are processes in an organization that…

  1. Ensures that the process assess that accountability for decisions related to cybersecurity is traceable.
  2. provide adequate checks and balances, e.g., the appropriate degree of independence in the processes involving verification, validation, and configuration management.

The following are examples of a poor cybersecurity culture:

  1. Cybersecurity accountability is not traceable
  2. The reward system favors cost and schedule over cybersecurity

Indeed, sloppy practices, misplaced priorities, and poor leadership up and down the supply chain are common at organizations. The SolarWinds hack was the result of our collective approach to cyber security, which is in urgent need of an upgrade. Peter Drucker is often credited with saying that culture beats strategy. The SolarWinds hack is a manifestation of a crisis in the way we approach cybersecurity. The culture of complacency has to be replaced by a relentless culture of securing and safeguarding our assets which need to be several steps ahead of hackers. In a similar manner as in the recent Boeing 737 MAX airplane tragedies , where violations of safety rules on the part of Boeing were as much to blame as a faulty sensor, the SolarWinds breach represents a cultural and systemic failure of leadership, policy, and cybersecurity procedures. It constitutes a warning that the worst may be yet to come.

One way to improve the cybersecurity culture in an organization is to establish processes that will facilitate and empower the organization to perform all that is required by a good cybersecurity culture. The organization shall ensure the persons within the organization that are involved in assuring cybersecurity of vehicles possess the cybersecurity competences and awareness to fulfil their responsibilities.” One way of meeting this requirement is to attend training programs, courses, or seminars.

GLOMACS is Offering a New Training Course on “Cybersecurity Monitoring, Event Management, and Incident Response in Intelligent Transportation Systems

The participants of this GLOMACS training course, will:

  • Enhance their analytical and problem-solving skills through participation in breakout exercises
  • Learn how to analyze the cybersecurity of the Intelligent Transport Systems (ITS) infrastructure
  • Be able to apply cybersecurity techniques to implement resilience and strong defenses
  • Learn how to perform cybersecurity risk assessments for their organization
  • Improve the cybersecurity of their organizations
  • Develop cybersecurity plans including those for monitoring, event management, and incident response

Although the above training course focuses on Intelligent Transportation Systems, many of the concepts and methodologies are generic which can be applied to other IT and OT areas. As a result, participating organization will become adaptive and improve their cybersecurity while at the same time serve stakeholders and the public at the highest level.

Read Part 1
Read Part 2
Read Part 3

GLOMACS Training & Consultancy
Typically replies within an hour

Olivia
Hi there 👋
My name is Olivia. Please tell me how I can assist you..
1:40
×