CyberSecurity Architecture – 1 of 3: What is it?

In our September 24, 2018, Athens Group Newsletter, we discussed our afternoon panel at the September 2018 IADC Advanced Rig Technology Conference & Exhibition in Austin, Texas. The panel, Cybersecurity for Drilling Assets: Risk Assessment & Mitigation, featured drilling industry veterans, class society experts and cybersecurity practitioners.

Our panel presentation was titled: “It’s NOT Rocket Science. It’s Blocking and Tackling.” Although a football reference, it was meant to hit home with the simple fact that cybersecurity’s foundation in any organization depends on how well the basics are executed. Blocking refers to instituting the mitigation processes discussed in the newsletter. Tackling means getting out in front of the threats by implementing a CyberSecurity Architecture. That’s what this blog is about.

First some definitions:

1. Blocking – In American football, blocking or interference (or running interference) involves legal movements in which one player obstructs another player’s path with their body. The purpose of blocking is to prevent defensive players from tackling the ball carrier or to protect a quarterback who is attempting to pass or hand off the ball.
2. Tackling – The primary and important purposes of tackling are to dispossess an opponent of the ball, to stop the player from gaining ground towards a goal or to stop them from carrying out what they intend.
3. CyberSecurity Architecture –  CyberSecurity Architecture is a unified system design addressing the situational awareness of our hacking environment. In-depth security controls are identified across the entire internal and external networks. In-depth security control specifications include structures and connections among the network components.

Tackling requires three things:

1. Situational awareness – When a receiver adjusts his route to find the seam between two defenders in a zone defense, the defenders need to understand where and whom to tackle. In downstream, midstream and upstream operational hardware and software, this is the point where assets are the most vulnerable.
2. Sure footing and a firm stance – A tackle must start from a firm stance and have sure footing as they approach their target and prevent the ball from moving forward. The only way you can gain this in your network is to ensure that all components – hardware and software – are patched, functioning together and situationally aware for the attacker trying to move their ball forward into your network.
3. Eye on the target’s belt buckle – Head and shoulder fakes can be ignored when the tackle keeps their eyes on their opponents’ belt buckle. The hips don’t lie in the direction they are going. Your tackling requires stopping their quarterback from getting their ball onto your goal – sensitive data, equipment, operational capabilities.

Cybersecurity tackling begins once your attackers breach your blockers – VPN, firewall, DMZ. It’s first down and goal to go. The attackers have gotten into your systems by one of these methods:

1. Phishing
2. Personal devices infected outside of work
3. Weak passwords
4. Unpatched hardware and software
5. Poor to no Backup and Restore
6. Employee installed applications
7. Inadequate firewalls
8. Surfing compromised websites

Blocking versus Tackling:

Your CyberSecurity Architecture must be able to address both blocking and tackling. We’ll look at each one of these and talk about why you should care in the next blog.

The diagram below is NOT a CyberSecurity Architecture but is probably what your networks look like today if you’ve taken the time to map all the hardware and software devices.

What can you do about it?

Read the blog entries on our website – www.athensgroupservices.com, join our LinkedIn Group, and subscribe to our newsletter.