ICS SCADA security compliance
Industrial Control Systems (ICS) can be found in many of a nations’ critical infrastructures. These include nuclear plants, oil & gas industry, transportation, chemicals processing, and other process industries. Examples of such systems can be Distributed Control Systems (DCS), Programmable Logic Controllers (PLC) or Supervisory Control and Data Acquisition systems (SCADA). Due to their wide spread, as well as the criticality of domains in which they are used, the security of Industrial Control Systems and components should be equally taken into account, together with other aspects such as performance or safety.
An efficient way of securing your ICS products (either in their off-the-shelf state or during actual use) is by seeking compliance with relevant standards. Secura is actively involved in the field of standardization, as well as a member of high reputation cybersecurity organizations. This is why we are fully up to date with the most relevant publications, offering you state-of-the-art assessments. The base of our ICS security assessments if focused on the IEC 62443 family of standards. These standards provide clear and measureable security requirements which can be addressed at both manufacturers and users of ICS components and systems. We complement our assessments with other relevant standards such as UL 2900 or the ENISA baseline ICT requirements in order to provide you a holistic view of your products’ cybersecurity. On the organization side, we follow internationally recognized frameworks such as the NIST Cybersecurity Framework, NIST SP 800-53 or the Department of Homeland Security ICS Catalog to audit your internal policies and procedures, as well as assess the way in which ICS systems are securely deployed.
We understand that ICS cybersecurity is a shared responsibility between parties such as manufacturers, integrators and end user companies. Therefore, Secura designed its services in order to support each of these particular actors in addressing their cybersecurity needs.
The security of an off-the-shelf ICS component or system relies heavily on the design and development process. Secura supports manufacturers with aligning the individual development stages to internationally recognized standards and frameworks, providing assurance on the security level of their products. IEC 62443 is the base of our assessment, testing your products’ compliance against state-of-the-art security functionalities. Other standards such as UL 2900 and the ENISA ICT requirements can be used to complement IEC 62443 as an add-on service. We select the applicable security requirements that are relevant to your product, and perform a technical assessment validating your compliance. The assessment will conclude with a deliverable in the form of an internationally recognized report. This will enable you to showcase the security of your product, which could lead to a significant market advantage. Moreover implementing and following the standards applicable to your business helps you in structurally increasing security and show this to the markets you are active in.
Secura can support integrators and end users in aligning the secure deployment of ICS products against state of the art standards. IEC 62443 offers testable security requirements, addressing your ICS integration policies, internal cybersecurity management system or the secure deployment of ICS products within your company. This is why this family of standards represents the core of our assessment. As an added service, organizations can align their procedures, policies and implemented security controls to well-known security frameworks, such as the international NIST CSF, NIST SP 800-53, Department of Homeland Security Catalog or the Dutch specific NCSC ICS security checklist. We select the requirements relevant to your specific case and then assess your organization using a combination of audit principles and testing. Finally, a compliance report is issued, providing you a strong tool for communicating your security principles to various stakeholders.
For more details on our offered services as well as the assessment process, please check our ICS SCADA factsheet.