As industrial control systems become more connected, they also become more exposed to threats. High-consequence events resulting from cyberattacks can adversely affect organizations operations continuity and safety. Addressing these risks is important for organizations looking to protect their industrial networks.
What are commons concerns?
Cyberattacks on ICS and SCADA systems can impact the safety, availability and reliability of workers, operations and value chains leading to catastrophic consequences. Organizations that are potentially impacted by these consequences are located in a variety of industries including, but not limited to electric power, nuclear, manufacturing, infrastructure, transport (railways, ports and airports) and oil & gas (upstream, midstream and downstream).
Organizations within these industries have a variety of concerns such as cyberattacks that could cause damage to reputation, shareholder confidence, environment, or cause system outage, loss of production, injury, or even loss of life. Organizations therefore have to assess if they have the right people to manage and sustain ICS security. While IT and OT have been increasingly convergent over the years, a gap in understanding and solid practice between OT and IT security tends to remain. This critical skills gap contributes to security vulnerabilities, which are often overseen but have to be identified and addressed appropriately. Secura provides organizations with the capabilities to regain control over their OT Security.
How can Secura help your organization?
Secura has developed a proven OT risk assessment methodology. The OT risk assessment follows internationally recognized standards and best practices such as IEC 62443, NIST SP 800-82 and ALARP which are specifically tailored to industrial control, automation and other systems. The OT risk assessment is specifically designed to identify site level risks as opposed to organizational level risks. The OT risk assessment service includes the following IEC 62443 aspects and addresses the following subject areas within each aspect:
- FR 1 - Identification and authentication control
- FR 2 - Use control
- FR 3 - System integrity
- FR 4 - Data confidentiality
- FR 5 - Restricted data flow
- FR 6 - Timely response to events
- FR 7 - Resource availability
The findings that have been identified are given a risk rating. Secura follows a standard risk rating system which can be adjusted based on your organization. Not only risks to ICS are identified, but also areas to sustain are included in the report. Cyber Physical attack scenarios are outlined by giving a detailed description which could encompass all relevant parts of each security. The results presented by Secura give insight in how effective implemented OT security controls are by which risks can be mapped to relevant parts of requirements belonging to IEC 62443.