(Page 2 of 2)
Adopting a Defense-in-Depth Strategy
In advance of releasing additional mitigation information in an advisory, ICS-CERT continues to advise the U.S. natural gas companies to adopt a "defense-in-depth" security strategy that includes the regular monitoring of log files by experienced administrators, together with the upgrading, patching or removing of vulnerable legacy software applications.
Still, ICS-CERT noted that even companies with the best firewall configurations, security software and a well-trained IT management staff remain vulnerable to cyber attacks -- which means they need to be prepared to handle and analyze any intrusions that occur. ICS-CERT recommends that companies prepare and regularly review incident preparedness and response checklists that will enable them to document and respond to any cyber incidents.
Full documentation includes IP ranges and hostnames; DNS information; software and operating system names and versions, and patch levels; user and computer roles; and ingress as well as egress points between networks. Additionally, companies are advised to compile an incident report that specifies the affected IPs, method of detection, the type of assistance required and the attack's potential operational impact.