In the wrong hands it s an open invitation

Similar documents
Securing Industrial Control Systems

Continuous protection to reduce risk and maintain production availability

Security in a Converging IT/OT World

Port Facility Cyber Security

Thrive in today's digital economy

Thrive in today's digital economy

ABB Process Automation, September 2014

ABB Ability Cyber Security Services Protection against cyber threats takes ability

SOLUTION BRIEF esentire Risk Advisory and Managed Prevention (RAMP)

Background FAST FACTS

The Cyber Threat. Bob Gourley, Partner, Cognitio June 22, How we think. 1

The Road to Industry 4.0

Best Practices in Securing a Multicloud World

Combating Cyber Risk in the Supply Chain

Mapping Your Requirements to the NIST Cybersecurity Framework. Industry Perspective

Cybersecurity Fundamentals

Service. Sentry Cyber Security Gain protection against sophisticated and persistent security threats through our layered cyber defense solution

CRITICAL INFRASTRUCTURE AND CYBER THREAT CRITICAL INFRASTRUCTURE AND CYBER THREAT

An Operational Cyber Security Perspective on Emerging Challenges. Michael Misumi CIO Johns Hopkins University Applied Physics Lab (JHU/APL)

Cyber Security Panel Discussion Gary Hayes, SVP & CIO Technology Operations. Arkansas Joint Committee on Energy March 16, 2016

SAP Cybersecurity Solution Brief. Objectives Solution Benefits Quick Facts

Keys to a more secure data environment

World Energy Perspectives 2016

Why you should adopt the NIST Cybersecurity Framework

Trends in Cybersecurity in the Water Industry A Strategic Approach to Mitigate Control System Risk

A GUIDE TO CYBERSECURITY METRICS YOUR VENDORS (AND YOU) SHOULD BE WATCHING

Cyber Risk in the Marine Transportation System

Measuring Cyber Risk Understanding the Right Data Sources. Sponsored By:

The Center for Internet Security

*** THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS ***

Industry Best Practices for Securing Critical Infrastructure

SYMANTEC: SECURITY ADVISORY SERVICES. Symantec Security Advisory Services The World Leader in Information Security

THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION

Cybersecurity and Nonprofit

Industrial control systems

IP Risk Assessment & Loss Prevention By Priya Kanduri Happiest Minds, Security Services Practice

Incentives for IoT Security. White Paper. May Author: Dr. Cédric LEVY-BENCHETON, CEO

Featured Articles II Security Research and Development Research and Development of Advanced Security Technology

Security Issues and Best Practices for Water Facilities

Mike Spear, Ops Leader Greg Maciel, Cyber Director INDUSTRIAL CYBER SECURITY PROGRAMS

2018 Edition. Security and Compliance for Office 365

10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS

Protecting productivity with Industrial Security Services

The Value Of NEONet Cybersecurity. Why You Need To Protect Your The Value Of NEOnet Cybersecurity. Private Student Data In Ohio

Business continuity management and cyber resiliency

How to be prepared for cyber attacks

INTERNAL AUDIT S ROLE IN CYBER SECURITY

Florida Government Finance Officers Association. Staying Secure when Transforming to a Digital Government

2017 Annual Meeting of Members and Board of Directors Meeting

FOR FINANCIAL SERVICES ORGANIZATIONS

Cybersecurity for the Electric Grid

HP Fortify Software Security Center

5 Trends That Will Impact Your IT Planning in Layered Security. Executive Brief

DHG presenter. August 17, Addressing the Evolving Cybersecurity Landscape. DHG Birmingham CPE Seminar 1

CYBER SOLUTIONS & THREAT INTELLIGENCE

European Union Agency for Network and Information Security

Building a strong platform strategy: IT and cybersecurity implications November 15, 2018

Security Standardization and Regulation An Industry Perspective

An ICS Whitepaper Choosing the Right Security Assessment

This Online Gaming Company Didn t Want to Roll the Dice on Security That s Why it Worked with BlackBerry

Security Awareness Training Courses

INSIDE. Integrated Security: Creating the Secure Enterprise. Symantec Enterprise Security

Cybersecurity Dimension of Critical Infrastructure

CYBERBIT P r o t e c t i n g a n e w D i m e n s i o n

Are we breached? Deloitte's Cyber Threat Hunting

MANAGING CYBER RISKS ACROSS THE SOFTWARE SUPPLY CHAIN

Gujarat Forensic Sciences University

White paper August The state of cybersecurity in the rail industry

Cybersecurity. Securely enabling transformation and change

Department of Management Services REQUEST FOR INFORMATION

Cyber Criminal Methods & Prevention Techniques. By

Five Steps to Improving Security in Embedded Systems

Automating the Top 20 CIS Critical Security Controls

CLOSING THE DOOR TO CYBER ATTACKS HOW ENTERPRISES CAN IMPLEMENT COMPREHENSIVE INFORMATION SECURITY

TOP 10 IT SECURITY ACTIONS TO PROTECT INTERNET-CONNECTED NETWORKS AND INFORMATION

Canada Highlights. Cybersecurity: Do you know which protective measures will make your company cyber resilient?

Cybersecurity and Hospitals: A Board Perspective

Security and Compliance for Office 365

Governance Ideas Exchange

Critical Infrastructure Protection (CIP) as example of a multi-stakeholder approach.

Statement for the Record

Defense in Depth. Constructing Your Walls for Your Enterprise. Mike D Arezzo Director of Security April 21, 2016

IRONSCALES Federation Combines Human Intelligence with Machine Learning to Discover & Stop Spear-Phishing Attacks

Protect Your Endpoint, Keep Your Business Safe. White Paper. Exosphere, Inc. getexosphere.com

Cybersecurity Training

Angela McKay Director, Government Security Policy and Strategy Microsoft

Recognizing Fraud Staying Safe 2018 Information/Cyber Security Training

Indegy. Industrial Cyber Security. ISA New Orleans Section. Applying the NIST Framework February 6, 2018

NW NATURAL CYBER SECURITY 2016.JUNE.16

HOW MIDSIZE ORGANIZATIONS CAN MEET COMPLIANCE REQUIREMENTS AND ENHANCE CYBERSECURITY WITH MICRO-SEGMENTATION WHITE PAPER FEBRUARY 2018

mhealth SECURITY: STATS AND SOLUTIONS

ISACA GEEK WEEK SECURITY MANAGEMENT TO ENTERPRISE RISK MANAGEMENT USING THE ISO FRAMEWORK AUGUST 19, 2015

Cyber-Threats and Countermeasures in Financial Sector

The Cyber War on Small Business

PROTECTING NATIONAL CRITICAL INFRASTRUCTURE AGAINST CYBER ATTACKS BEST PRACTICES RELATED TO TECHNOLOGY AND STANDARDS FROM EUROPE BANGKOK

with Advanced Protection

Plant Security Services Protecting productivity in the digital era October

Cyber Security Stress Test SUMMARY REPORT

Control Systems Cyber Security Awareness

Enhancing the Cybersecurity of Federal Information and Assets through CSIP

Transcription:

In the wrong hands it s an open invitation

If someone takes over your control system infrastructure it could prove fatal Control systems are indispensable for a number of industrial processes and are lucrative targets for intruders, criminal groups, foreign intelligence, phishers, spammers, hactivists or terrorists. Cyber-incidents affecting these control systems can have disastrous effects, not only on your operations, but also on a country s economy and on people s lives. Cyber-intrusions can cause power outages, paralyze transport systems and trigger ecological catastrophes. The implications of cybersecurity and the need for a comprehensive security strategy is now being acknowledged by more sectors and is now very much part of standard operational risk management. Without the right protection your secrets can be seen by anyone In our modern, interconnected world, cyber-attacks are never far from the headlines as organizations report a surge in incidents with criminals and state actors seeking to steal commercial secrets on an unprecedented scale. In 2015 a significant proportion of computer and organizational security professionals believed unintentional insider threat (UIT) to be the greatest cost to their enterprise 1. More than 95% reported that these breaches involved operator errors 2. With over 50% of organizations reporting that they have encountered an insider cyberattack 3, 43% of all data loss can be attributed to internal actors 4. Intellectual property can represent years of effort and millions of dollars worth of investment, which can be stolen in the blink of an eye with litigation unlikely to fully restore the pre-attack position. Businesses need to ensure that their intellectual property is appropriately protected to minimize its vulnerability and protect its future. 1 www.securonix.com/insider-attacks-were-the-most-costly-breaches-of-2015 2 www.virtru.com/blog/insider-threats-in-cyber-security 3 www.computerworld.com/article/2691620/security0/insider-threats-how-they-affect-us-companies 4 www.infosecurity-magazine.com/news/insider-threats-reponsible-for-43

Reduce the threats of a cyber-attack on your operations The Schneider Electric Cybersecurity Services Team recommends a Defense-in-Depth approach to cybersecurity for our customers. Defense-in-Depth is a hybrid, multi-layered security strategy that provides holistic security throughout an industrial enterprise and is expected to become a security standard in factories of the future. We do this by implementing our Cybersecurity Portfolio Lifecycle Methodology which is designed to support your business sustainability efforts and provide peace of mind across your entire operations. Privacy and Data Security Facility Security Operational Safety Cybersecurity Portfolio Lifecycle Methodology in Brief Cybersecurity should be an on-going process. By adopting the lifecycle methodology, our Cybersecurity Services Team 5 ensures your proposed solution is network, control, and safety system agnostic and matches your business requirements appropriately. 1 Assess 2 Design 3 Implement 4 Maintain We review the current network and system architectures, policy, procedure, and related compliance documentation as well as risk and threat reports to identify any potential problems or issues, and then recommend areas for improvement. Using the various assessment and / or project planning documentation from Stage 1 as a guideline, we will identify documentation and solutions that should be created and / or implemented. An overall site and system architecture design will be developed that details all the necessary components required to satisfy the standards set by the customer and/or industry. Using the architecture and design documentation, our team will begin the process of implementing your upgraded cybersecurity solution from procurement and staging to system commissioning and end-user training. Our Cybersecurity Services Team works closely with your designated security team to ensure proper solution management is understood. We also help to provide a mechanism by which continuous improvement and optimization are taking place that are adaptive to the ever-changing cybersecurity threat landscape. Site and System Assessments, Policy and Procedure Assessments, Industry Compliance Assessments, Independent Verification and Validation, Gap Analysis, Risk / Threat Assessment, Protection / Security Assurance Level Formation, and Cybersecurity Program Development Site and System Security Design, Security Policy Creation, Security Process and Procedure Creation, Virtual Control Effectiveness Validation, and Compliance Evaluation Criteria Establishment Hardware / Software Procurement, As Designed Network and System Security Installation, Configuration, Hardening, Integration with Existing Business Processes and Applications, and Knowledge Transfer of Solutions Periodic Security Patching, Solution Maintenance and Upgrades, Cybersecurity Lifecycle Roadmap Evaluations, Cybersecurity Awareness and Solution Training, Compliance and Control Effectiveness Assessments, Incident Response Exercises, Security Assurance Level Documentation, and Penetration Testing 5 The Cybersecurity Services Team can ensure the proposed solution matches customers requirements appropriately as long as: a) All four of the services set out above are purchased from Schneider Electric; and b) The various procedures set out by the Cybersecurity Services Team are followed accordingly.

The exponential increase in cyber-threat levels Over the last decade, the rise in cyber-attacks on critical infrastructure has resulted in cybersecurity becoming a central concern amongst industrial automation and control system users and vendors. These strategic attacks are aimed at disrupting industrial activity for monetary, competitive, political or social gain, or even as a result of a personal grievance. Nuclear Oil & Gas Energy Infrastructure Water & Wastewater Telecoms Mining, Minerals & Metals Discovered in 2010, the Stuxnet virus remains one of the largest and most successful industrial attacks in cyber-history. The Stuxnet worm targeted the PLC systems in Iran s nuclear program, causing centrifuges to spin out of control without triggering alarms. Before it was caught, the attack was able to destroy up to 1/5 of the country s nuclear centrifuges and set its nuclear program back a decade. In August 2012, a coordinated spear-phishing attack targeted the computer network of Saudi Arabia s state-owned oil firm, Aramco. The attack infected as many as 30,000 computers and took two full weeks to beat, but it failed to completely shut down the flow of oil, which appears to have been its goal. One of the biggest electrical blackouts in history, the 2003 First Energy blow out that left eight states in the dark for days may have been the result what is described as an accidental cyber-attack. A malicious worm designed to attack Windows and Unix systems of private users infected the system monitoring the grid. Hackers were able to change the levels of chemicals used to treat tap water at a water treatment plant. The attack focused on the outdated IT network of the plant, exploiting its web-accessible payments system and using it to access the company s web server. A UK telecoms group s computer system was hacked in October 2015 in what was originally feared to be a mass raid on customers personal data. While not as successful as first believed, the attack lost the company 101,000 customers, suffering costs of 60m as a result. The hack of one of Canada s largest mining companies saw 14.8GB of uncompressed data from internal networks posted online. The leaked data included employee login IDs and passwords, salary and budget documents, and other sensitive corporate and personal information about the company and its employees.

Contact us today to learn more. Schneider Electric Systems Inc. Dubai E Wing, Level 4, Silicon Oasis Headquarters, P.O. Box 341057, Dubai, United Arab Emirates +971 4 7099333 Houston 10900 Equity Dr, Houston, TX 77041, United States 1-877-342-5173 Montréal 4 Rue Lake, Dollard-des-Ormeaux, QC H9B 3H9 Canada 1-800-565-6699 In cybersecurity-services@schneider-electric.com the wrong hands it s an open invitation schneider-electric.com/process-automation 2016 Schneider Electric. All Rights Reserved. Schneider Electric Life Is On is a trademark and the property of Schneider Electric SE, its subsidiaries, and affiliated companies. 998-19130542_GMA-US

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback