The Canadian Centre for Cyber Security (CCCS) continues to publish cybersecurity guidance documents that offer practical cyber hygiene best practices and enterprise preparedness and resilience resources. WaterISAC is sharing these resources to assist network defenders and help strengthen their cybersecurity posture. Members are encouraged to reference CCCS for on-going guidance publications and updates.

June 1, 2023

Top 10 IT security actions: No. 5 segment and separate information

This document is part of a suite of documents that focuses on the top 10 IT security actions recommended in Top 10 IT security actions to protect Internet connected networks and information (ITSM.10.089). Part of the top 10 IT security actions is to segment and separate information. Networks should be zoned by segmenting and grouping infrastructure services that have the same information protection requirements or that must adhere to the same communication security policies. This logical design approach is used to control and restrict access and data communication flows. Read more at CCCS.

Foundational cyber security actions for small organizations

Small and medium organizations (SMO) face growing cyber security concerns, including phishing  and ransomware attacks, that can compromise sensitive information and lead to financial or data loss. In this publication, CCCS summarizes the foundational security actions organizations can take to begin building their cyber security resilience. These actions are a minimum set of practices that can be implemented over time. Organizations will find some additional recommendations on security actions that they can implement as their organizational resources and capacity increase. Read more at CCCS.

May 25, 2023

Steps for effectively deploying multifactor authentication (MFA)

Threat actors commonly exploit weak or stolen credentials to compromise accounts, allowing them to breach networks, take control of systems, and gain access to sensitive information. To increase resilience to these attacks, organizations are encouraged to use strong authentication mechanisms, primarily multifactor authentication (MFA), to secure accounts and devices. This guidance document is designed to assist organizations to effectively deploy MFA reduce the risk and likelihood of compromised credential attacks or data breaches. Read more at CCCS.

Best practices for setting up a security operations center (SOC)

A security operations center (SOC) combines people, processes, and technology to work together to improve organizational resilience against cyber threats. This document provides guidance for organizations of all sizes on best practices for setting up and operating a SOC. It also provides guidance to organizations interested in subscribing to a SOC as a service (SOCaaS) from a third-party provider. Read more at CCCS.

April 20, 2023

Using Information Technology Asset Management (ITAM) to Enhance Cyber Security - This publication provides organizations with advice and guidance related to information technology (IT) asset management (ITAM). It will assist the organization in gaining a better understanding of ITAM, what it means, why it’s important to cybersecurity, and what the organization should consider to efficiently track, monitor, and maintain its IT assets. Organizations of all sizes can use this guidance to define the set of practices, tailored to their business requirements, that will allow them to track and manage IT assets in their environment. Read more at CCCS.

Members can also refer to Fundamental 1: Perform Asset Inventories in the “15 Cybersecurity Fundamentals for Water and Wastewater Utilities” for additional guidance.

April 18, 2023

Defending Against Data Exfiltration Threats - Data exfiltration attacks occur in various forms, including data espionage, user or system credentials theft, financial data theft, digital identity compromise, and data de-anonymization. To protect against these attacks, organizations should secure the data lifecycle processes (e.g. creation, operation, and destruction) from end to end. This document discusses some known data exfiltration techniques and proposes protection strategies that can be deployed to mitigate the impact from such threats. Read more at CCCS.

March 21, 2023

Isolate Web-facing Applications – Isolating web facing applications is part of a defense in depth protection strategy to reduce exposure to common threats and protect organizational systems and networks. Web-facing applications are programs that can be accessed over the Internet and that use web technology and browsers to perform tasks. Examples of web-facing applications include email services, word processors, online file converters, calendars, and Internet of Things (IoT) devices, such as security cameras and smart thermostats. This latest guidance document from CCCS discusses the common threats to web-facing applications and outlines several best practice security controls to protect them. Read more at CCCS.

March 9, 2023

Obsolete Products – Using old or unsupported IT or OT assets can present significant vulnerabilities for organizations. Obsolete products are ones that are no longer produced by the manufacturer in accordance with the original specification and usually entails vendors halting support for these products. Some other risks associated with using obsolete products include system crashes, along with increased financial and compliance risks. In addition, owners and operators of ICS/OT systems should consider replacement or upgrade paths during initial scoping and design before these systems and/or components become obsolete. However, if a replacement strategy is not feasible, then a minimum set of mitigation measures should be in place to protect these systems. Accordingly, this guidance offers methods for reducing your risk if your organization is continuing to use obsolete products. Read more at CCCS here.

February 28, 2023

Use of Personal Social Media in the Workplace – Social media gives you the power to connect with others effortlessly and share information instantly. However, using personal social media at work can offer threat actors easy and obvious entry points to your organization’s networks and systems. It can lead to unintentional loss of an organization’s data and the deployment of malware to a device or network through social media. And using social media at work can make individuals more of a target. In fact, the information you post and share can be used in well-crafted social engineering scams. Accordingly, this guidance offers methods for reducing your risk if you're going to use social media at work. Read more at CCCS here.

January 31, 2023

Connected Communities – In a connected community, technologies collect and analyze data about the environment, bridging the real world around us with digital systems, to improve the efficiency of public infrastructure and city operations. Despite their potential to optimize the world we live in, connected communities come with serious security challenges due to widened attack surfaces for threat actors to exploit and cause injury in the real world. This latest guidance from CCCS provides an overview of the challenges and risks faced by interconnected critical infrastructure communities. Read more at CCCS here.

December 22, 2022

Network Security Auditing – This process is a critical step in any cybersecurity maturity program. The goal of network auditing is to identify threats, potential areas of vulnerability, and to ensure an organization is meeting regulatory requirements. Conducing audits can help facilitate effective risk-based decision making. Lastly, the report provides best practices for network security auditing. Read more at CCCS here.

Network Security Logging and Monitoring – Logging and monitoring of networks is one of the principal methods organizations can use to protect themselves against malicious cyber activity. Logging and monitoring activities can assist organizations with detecting internal or external threats, mitigate network vulnerabilities, and minimize the impact when a security incident occurs. One of the most commonly used tools for logging and monitoring is known as a security information and event management (SIEM) platform. In addition, the report offers best practices for network security logging and monitoring. Read more at CCCS here.

December 20, 2022

Data Transfer and Upload Protection – Offers information on how to secure your data transfer processes to minimize potential cyber security risks to your organization. The guidance contains a list of measures that will enable your organization to tightly control your data transfer and upload processes. Read more at CCCS here.

December 6, 2022

Zero Trust Security Model – Provides information on Zero Trust (ZT) as a model to address the modern challenges of securing remote workers, protecting hybrid cloud environments, and defending against cyber security threats. The Government of Canada (GC) is working on developing a ZT Security Framework that is based on the CISA model and the National Institute of Standards and Technology’s (NIST) special publication. The framework is another reference for utilities working toward implementing a zero trust architecture. Read more at CCCS here.

October 18, 2022

Choosing The Best Cyber Security Solution For Your Organization – Discusses the various options available to organizations of all sizes when looking to strengthen their cybersecurity posture. It introduces basic cyber security best practices that organizations can implement with existing resources and outlines those that can be implemented with the assistance of a managed security service provider (MSSP). Read more at CCCS here.

October 6, 2022

Cyber Security Considerations for 5G Networks – Provides an overview of 5G networks and discusses potential ways in which 5G technology will assist critical infrastructure owners and operators in their future operations. Some of the benefits of 5G include low latency, increased bandwidth, and network capacity and slicing. Of course, there are potential security risks associated with 5G. These include the ability of threat actors to exploit IoT devices utilizing 5G and an increased risk of supply chain attacks on 5G infrastructure. Likewise, the heightened volume of data flowing over 5G networks will likely increase pressure on security monitoring, and 5G devices being more geographically distributed rather than centrally located increases the risk of untrusted and potentially unsecured devices connecting to the 5G network. The report concludes with recommended actions organizations can implement to prepare for the 5G transition. Read more at CCCS here.

August 18, 2022

Guest Wifi – Outlines the risks and benefits of setting up a guest network in addition to a primary network. Accordingly, CCCS examines potential threats to a guest network including from eavesdropping attacks, phishing, and other malicious activity. It concludes by offering recommendations for defending and securing a guest network. Read more at CCCS here.

August 16, 2022

Don't take the bait: Recognize and avoid phishing attacks – Covers the different types of phishing attacks and breaks down a phishing attack into three components – the bait, the hook, and the attack. Additionally, the report encourages organizations to implement regular user awareness training and offers suspicious indicators users should be aware of to prevent them from falling victim to an attack. Read more at CCCS here.

Artificial Intelligence – Discusses potential cyber threats emerging from the development of artificial intelligence (AI), including an overview of AI and how companies are already using the technology in their operations, including through facial recognition, data analysis, and cybersecurity. CCCS identifies three primary threats of AI tools, which include data poisoning attacks, adversarial example attack, and model inversion and membership inference attacks. Read more at CCCS here.

Top 10 IT security action items: No. 10 Implement application allow lists – Highlights CCCS’s top ten recommended IT security actions and concerns implementing application allow lists. The product offers guidance on creating an allow list and best practices for implementing them at your organization. Read more at CCCS here.

Identity, Credential, and Access Management (ICAM) – Covers security tools, policies, and systems that helps organizations manage, monitor, and secure access to their information technology (IT) infrastructure. ICAM represents the combination of digital identities, credentials, and access controls into a single comprehensive approach. Read more at CCCS here.

Protect information at the enterprise level – Offers guidance for assessing, managing, and destroying information properly, and securing your data externally. Read more at CCCS here.

August 9, 2022

Domain Name Service (DNS) tampering – Examines DNS tampering. Threat actors frequently target DNS services in order to direct legitimate web traffic to malicious domains, which enables them to compromise not only your systems, but those of your customers as well. This guidance offers guidance and mitigation methods for defending against DNS tampering attacks on hosting servers and tampering attacks on DNS resolution. Read more at CCCS here.

Top 10 IT security action items: No. 2 Patching operating systems and applications – Outlines recommended best practices for patching. The report also discusses security vulnerabilities and patches, baseline configurations for systems, implementing a patch management schedule, and unsupported systems and software. Read more at CCCS here.