Checklist

Checklist for Public-Private Organizations: Infrastructure Response

Recovering from a cyber attack is a critical phase that requires careful planning and execution to restore normal operations, learn from the incident, and strengthen defenses against future threats. This checklist provides step-by-step guidance—with explanations—to help your organization navigate the aftermath of a cyber attack effectively.

If you need assistance or have questions during your recovery process, please contact our cybersecurity hotline at 1 (855) 550 6628 or email help@moatit.com. Our experts are available to help at no charge.

01. Ensure the Attack is Fully Contained and Eradicated

Initiate incident response plan specific to critical infrastructure

  • Activate the Industrial Control Systems (ICS) emergency response team
  • Establish communication with relevant government agencies (e.g., CISA, DOE, EPA)
  • Assess potential impact on public safety and service continuity

02. Isolate and Contain

Implement network segmentation between IT and Operational Technology (OT) systems

  • Isolate affected SCADA systems and PLCs from the network
  • Activate manual override procedures for critical operations if necessary
  • Implement fail-safe mechanisms to prevent unauthorized control

03. Assess Impact on Critical Operations

Evaluate the integrity of Industrial Control Systems (ICS)

  • Check for any manipulation of SCADA data or control systems
  • Assess impact on resource distribution systems (e.g., pipelines, power grid, water treatment)
  • Determine if safety systems have been compromised

04. Notify Authorities and Stakeholders

Contact relevant sector-specific Information Sharing and Analysis Centers (ISACs)

  • Inform regulatory bodies (e.g., FERC, EPA, state utility commissions)
  • Alert interconnected utility providers and partners
  • Notify customers about potential service disruptions

05. Engage Specialized Support

Activate agreements with ICS/SCADA systems

  • Restore from known-good backups, ensuring integrity of backup systems
  • Apply security patches to vulnerable systems, following change management procedures
  • Reconfigure systems to enhance segmentation between IT and OT networks

06. Enhance Monitoring and Control

Increase monitoring of ICS/SCADA systems for anomalies

  • Implement additional security controls on remote access to operational systems
  • Enhance logging and monitoring of physical access to critical infrastructure
  • Deploy ICS-specific intrusion detection systems

07. Conduct Thorough Investigation

Perform root cause analysis focusing on both cyber and physical aspects

  • Investigate potential insider threats or supply chain compromises
  • Analyze potential impacts on interconnected infrastructure systems
  • Document findings for regulatory compliance and future prevention

08. Update Risk Assessment and Mitigation Strategies

Reassess cybersecurity risks specific to critical infrastructure operations

  • Update business continuity and disaster recovery plans based on lessons learned
  • Enhance physical security measures for critical assets
  • Implement or improve an ICS-specific vulnerability management program

09.Strengthen Resilience

Conduct tabletop exercises simulating cyber-physical attacks

  • Implement redundancy in critical systems and fail-safe mechanisms
  • Enhance supply chain security measures for critical components
  • Improve coordination with other utilities and government agencies

10. Notify Authorities and Stakeholders

Conduct ICS/SCADA- specific cybersecurity training for operators

  • Implement awareness programs about cyber-physical threats
  • Train staff on updated emergency response procedures
  • Conduct joint cybersecurity exercises with other utilities and agencies

11. Continuous Monitoring and Improvement

Implement ongoing vulnerability assessments for ICS environments

  • Regularly test and update incident response plans
  • Participate in sector-specific threat intelligence sharing
  • Continuously assess compliance with regulations like NERC, CIP, or AWWA standards

Responding effectively during a cyber attack is critical to minimizing damage and facilitating a swift recovery. By following this checklist and utilizing available resources, your organization can navigate the incident with greater confidence and control.

For immediate assistance or personalized guidance during a cyber attack, please contact our cybersecurity hotline at1 (855) 550 6628 or email help@moatit.com. Our experts are ready to help at no charge.

Disclaimer: This checklist is a general guide and may not encompass all the specific needs of your organization. It is recommended to consult with cybersecurity professionals for personalized advice.

Need help with your security program?

Signup for our monthly newsletter

Cyber-Idaho

CONTACT US — AVAILABLE 24X7

Quick Links

About

Resources

Copyright © 2024 Powered by

MOAT-1
Privacy Policy