DriveLock in Practice
Use case | Critical infrastructures
Critical infrastructures have been the target of cyberattacks for some time, as current reports show:
+++++++++++++++++++++++++++++++++ NEWS +++++++++++++++++++++++++++++++++++
With the rise of cybercrime, operators of critical infrastructures must prove that their IT security measures are appropriate and "state of the art". The effectiveness of the IT measures must be proven through certification or audits. Attention: Not only critical infrastructure companies are affected, but also their suppliers. Larger clients usually expect certain security measures from their suppliers to be able to provide appropriate security evidence.
In the field of cyber security, critical infrastructures should cover the following considerations (source: German Guidelines on content and requirements for industry-specific security standards - B3S).
The USA regulations can be found at CISA, for Australia, details can be found here.
Inventory of the relevant information technology processes, systems and components
Categories of measures, including device control, malware protection, encryption, multi-factor authentication
Detection of attacks and IT incidents as well as reaction to them and forensics
Threat categories concerning cyber security are typically:
The intelligent whitelisting procedure, i.e. a positive list of approved programs that can be dynamically extended
Device control (only authorised use of external media such as USB sticks).
Forced encryption of data written to external media is also available as an option.
DriveLock also supports full auditing of external media usage and logging of data flow, including shadow copies.
Sensitisation of staff and employees through online lessons and interactive training modules e.g. for protection against phishing attacks and social engineering.
Provision of a smartcard middleware for the efficient management of smartcards (also for new versions). Thus, access/access control and multi-factor authentication can be realised independent of the manufacturer and cost-effectively.