The NIST Cybersecurity Framework Part 2: Don’t Gloss Over the Problematic Impact of Privileged Passwords in Critical Systems

November 12, 2013 CyberArk

Just two weeks ago, NIST published the Preliminary Cybersecurity Framework for improving critical infrastructure cybersecurity. The Framework consists of standards, guidelines, and best practices to promote the protection of critical infrastructure and I already highlighted the importance of securing privileged identities in this recent blog post.

The framework also includes an appendix that covers future areas for improvement for the Cybersecurity framework. These areas are important but are still evolving and require further research and understanding. No mature standards for these areas exist yet.

One of these areas is Authentication. The NIST guidelines mention that passwords alone are inadequate to fulfill authentication needs and this is of course true, however, many years will pass until more advanced authentication capabilities will be widely used and adopted in the control systems environments in order to replace the usage of passwords.

We at CyberArk believe that the common usage of privileged passwords in critical system is indeed problematic. In many cases, for example, the privileged passwords are shared between a large number of employees and there is no real tracking of who is using the privileged password (leading to a lack of accountability) and there are no frequent updates of the privileged password. All these issues indicate the problematic usage of passwords—not to mention the fact that many recent cyber attacks have exploited privileged passwords as a critical component of their attack.

I believe that as a first step, critical infrastructure operators should understand that even though passwords are problematic there is a lot that can be done today in order to minimize the risk. A critical infrastructure operator should consider using a privileged account security system that will prevent the problematic usage and exploitation of privileged passwords (mentioned above) which is so common today, especially in control room and control applications. CyberArk is here to help.

Previous Article
Stopping Pass-the-Hash Attacks: How CyberArk Helps a Global Communications Provider Mitigate this Advanced Threat
Stopping Pass-the-Hash Attacks: How CyberArk Helps a Global Communications Provider Mitigate this Advanced Threat

By John Worrall A new type of advanced attack, known as Pass-the-Hash, has been gaining notoriety by target...

Next Article
New PCI DSS revision calls for improved password security – and about time too
New PCI DSS revision calls for improved password security – and about time too

The PCI Security Standards Council recently announced the latest revision of the Payment Card Industry Data...

Gartner Names CyberArk a Leader in the 2021 Magic Quadrant for PAM

Download Now