Industrial Control Systems (ICS) and other critical infrastructure are routinely targeted by hacker groups. An effective cyber-attack on any ICS and SCADA system can be disastrous. Beyond any potential damage to the assets and physical infrastructure, it can also be life threatening. A robust cyber security program is necessary.
Ingressum uses and follows internationally formulated and accepted standard of CPNI to conduct a SCADA security assessment. CPNI’s recommendations for process control and SCADA security are essentially contained within the below eight good practice areas.
IMPROVE AWARENESS AND SKILLS
Only with a good knowledge of the business risk can an organisation make informed decisions on appropriate levels of security and required improvements to working practices. Processes must be established to continuously reassess business risk in the light of ever changing threats.
IMPLEMENT SECURE ARCHITECTURE
Based on the assessment of the business risk, organisations should select and implement technical, procedural and management protection measures to increase the security of process control systems.
ESTABLISH RESPONSE CAPABILITIES
Implementing security mechanisms across process control systems is not a one off exercise. Threats to the security and operation of process control systems develop and evolve over time and organisations should therefore undertake continuous assessment of process control system security.
UNDERSTAND THE BUSINESS RISK
A holistic approach to security includes technical, procedural and social appreciation – the success of any technical or procedural security protection measure is ultimately dependent upon the human component. Employees are both the most important resource and the biggest threat to security.
MANAGE THIRD PARTY RISK
The security of an organisation's process control systems can be put at significant risk by third parties, for example, vendors, support organisation and other links in the supply chain, and therefore warrant considerable attention.
ESTABLISH ONGOING GOVERNANCE
Formal governance for the management of process control systems security will ensure that a consistent and appropriate approach is followed throughout the organisation. Without such governance the protection of the process control systems can be ad-hoc or insufficient, and expose the organisation to additional risks.
Get your free trial today!
Protection against cyber threats both visible and those hidden “outside the flags !”