An official website of the United States government
An official website of the United States government
Data Breach
What is a Data Breach?
AĀ data breachĀ is an intrusion into an organizationās system, network, or database, by an outside or internal entity, resulting in unauthorized access to confidential or secured information.
Tips to prepare for a data breach
- Implement multifactor authentication for access to the operational technology (OT) network whenever applicable.
- If you require remote access, implement a firewall and/or virtual private network (VPN) in front of theĀ PLCĀ to control network access. A VPN or gateway device can enable multifactor authentication for remote access even if the PLC does not support multifactor authentication.
- Create strong backups of the logic and configurations to enable fast recovery.
- Keep your systems updated with the latest versions by the manufacturer.
What to do in case of a data breach
-
Contain the Problem
Quarantine or take offline potentially affected hosts.
-
Reimage Compromised Hosts
Unless you are instructed to forensically preserve compromised systems, they should be reimaged as soon as possible to prevent attackers from using them as part of a botnet or a foothold into your network.
-
Reset or Revoke Compromised Credentials
Reset all credentials that may have been exposed during the intrusion, including user and service accounts, compromised certificates, or other "secret" credentials.
-
File a Complaint
File a detailed complaint with www.ic3.gov. The complaint should contain all required data in provided fields.Ā Be sure to use the key words "data breach" in the incident description.
-
Stay Informed
Visit www.ic3.gov for updatedĀ Industry AlertsĀ regarding data breaches as well as other cyber-enabled schemes.
