Identify prevention of and protection systems against cyber threats in manufacturing.

Identification should include the concept that

• security awareness related to social engineering threats is a critical part of ICS incident prevention
• preventions and protections against cyberattacks change as the targets, vulnerabilities, and threats change
• each vulnerability will have its own unique set of preventions and protections, and should include, but not be limited to
• network protection as the initial line of defense (e.g., authentication, virus protection software, anti-spyware, anti-adware, firewalls, intrusion prevention)
• operating systems and applications as critical to reducing vulnerabilities and identification of systems maintenance measures that assist in system protection (e.g., system updates and audits)
• secure coding practices in database information and programming as critical to preventing injection vulnerabilities, in which an application sends untrusted data to an interpreter (e.g., Attackers use exploit injection flaws to steal data and compromise the target system. Protection measures should be evaluated in the system design and programming phase. Addressing this concept in design and development will prevent flaws in production.)
• user training to make users aware of potential threats resulting from their actions.

Process/Skill Questions:

• Why might a company restrict user access to the network resources necessary for their business functions?
• What are examples of practices and controls regarding the protection of networks and information?
• What is social engineering and how can it be used to compromise otherwise secure systems?
• What are some examples of possible threat sources?
• What are the categories of potential vulnerabilities and predisposing conditions commonly found within ICS systems?