Industrial control systems

Similar documents
CYBER RESILIENCE & INCIDENT RESPONSE

Security Awareness Training Courses

Incentives for IoT Security. White Paper. May Author: Dr. Cédric LEVY-BENCHETON, CEO

to Enhance Your Cyber Security Needs

Department of Management Services REQUEST FOR INFORMATION

Designing and Building a Cybersecurity Program

SECURITY SERVICES SECURITY

Continuous protection to reduce risk and maintain production availability

BHConsulting. Your trusted cybersecurity partner

Cybersecurity. Securely enabling transformation and change

Canada Life Cyber Security Statement 2018

SRM Service Guide. Smart Security. Smart Compliance. Service Guide

THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION

locuz.com SOC Services

SYMANTEC: SECURITY ADVISORY SERVICES. Symantec Security Advisory Services The World Leader in Information Security

M&A Cyber Security Due Diligence

A new approach to Cyber Security

align security instill confidence

Protect Your Organization from Cyber Attacks

CYBER SECURITY TRAINING

Cyber Security. Building and assuring defence in depth

BHConsulting. Your trusted cybersecurity partner

CCISO Blueprint v1. EC-Council

Security-as-a-Service: The Future of Security Management

GDPR Update and ENISA guidelines

CYBERBIT P r o t e c t i n g a n e w D i m e n s i o n

Six Weeks to Security Operations The AMP Story. Mike Byrne Cyber Security AMP

Industrial Security - Protecting productivity. Industrial Security in Pharmaanlagen

GDPR: Get Prepared! A Checklist for Implementing a Security and Event Management Tool. Contact. Ashley House, Ashley Road London N17 9LZ

Industrial Cyber Security. ICS SHIELD Top-down security for multi-vendor OT assets

Sage Data Security Services Directory

Securing Industrial Control Systems

Crises Control Cloud Security Principles. Transputec provides ICT Services and Solutions to leading organisations around the globe.

Cyber Security Strategy

NEW DATA REGULATIONS: IS YOUR BUSINESS COMPLIANT?

Digital Health Cyber Security Centre

Protecting your data. EY s approach to data privacy and information security

How To Build or Buy An Integrated Security Stack

Cybersecurity for the Electric Grid

Cyber Security Technologies

ALTITUDE DOESN T MAKE YOU SAFE. Satcom Direct s Comprehensive Cyber Security Portfolio for Business Aviation

Cyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK.

ISE North America Leadership Summit and Awards

Digital Wind Cyber Security from GE Renewable Energy

Nine Steps to Smart Security for Small Businesses

Gujarat Forensic Sciences University

M a d. Take control of your digital security. Advisory & Audit Security Testing Certification Services Training & Awareness

NATIONAL CYBER SECURITY STRATEGY. - Version 2.0 -

A practical guide to IT security

Best Practices in ICS Security for System Operators

ENISA EU Threat Landscape

An Overview of ISA-99 & Cyber Security for the Water or Wastewater Specialist

Manchester Metropolitan University Information Security Strategy

Cybersecurity Protecting your crown jewels

Protecting information across government

Enhance Your Cyber Risk Awareness and Readiness. Singtel Business

Forensic analysis with leading technology: the intelligent connection Fraud Investigation & Dispute Services

Adaptive & Unified Approach to Risk Management and Compliance via CCF

Penetration testing.

Tech Advantage Benchmarking Your Cyber Security Program. March 5, 2014

How to be cyber secure A practical guide for Australia s mid-size business

White Paper. View cyber and mission-critical data in one dashboard

Introducing Cyber Observer

Security by Default: Enabling Transformation Through Cyber Resilience

Keys to a more secure data environment

The Key Principles of Cyber Security for Connected and Automated Vehicles. Government

Cyber Security and Data Protection: Huge Penalties, Nowhere to Hide

Cyber Security Solutions Mitigating risk and enhancing plant reliability

Data Sheet The PCI DSS

EU General Data Protection Regulation (GDPR) Achieving compliance

Cyber Security: Threat and Prevention

Enhancing the security of CIIPs in Europe - ENISA s Approach Dimitra Liveri Network and Information Security Expert

Chapter 18 SaskPower Managing the Risk of Cyber Incidents 1.0 MAIN POINTS

Building a Resilient Security Posture for Effective Breach Prevention

Aon Service Corporation Law Global Privacy Office. Aon Client Data Privacy Summary

External Supplier Control Obligations. Cyber Security

INFORMATION SECURITY. One line heading. > One line subheading. A briefing on the information security controls at Computershare

Security and Architecture SUZANNE GRAHAM

CYBER INSURANCE: MANAGING THE RISK

CYBERSECURITY MATURITY ASSESSMENT

IoT & SCADA Cyber Security Services

ABB Process Automation, September 2014

Workshop on Cyber Security & Cyber Crime Policies. Policies for African Diplomats

Mapping Your Requirements to the NIST Cybersecurity Framework. Industry Perspective

Concept Note: GIDC. Feasibility Study(F/S) on Government Integrated Data Center (GIDC) for the Republic of Nicaragua

cybersecurity in Europe Rossella Mattioli Secure Infrastructures and Services

Canada Highlights. Cybersecurity: Do you know which protective measures will make your company cyber resilient?

CONE 2019 Project Proposal on Cybersecurity

Balancing Compliance and Operational Security Demands. Nov 2015 Steve Winterfeld

CYBER RISK MANAGEMENT: ADDRESSING THE CHALLENGE SIMON CRUMPLIN, FOUNDER & CEO

Position Title: IT Security Specialist

T-SURE VIGILANCE CYBER SECURITY OPERATIONS CENTRE

how to manage risks in those rare cases where existing mitigation mechanisms are insufficient or impractical.

How can operators capitalize on outputs?

European Union Agency for Network and Information Security

Cyber Security Trends A quick guide

INTELLIGENCE DRIVEN GRC FOR SECURITY

Information Assurance 101

How to Underpin Security Transformation With Complete Visibility of Your Attack Surface

Effective Data Security Takes More Than Just Technology

Transcription:

Industrial control systems Attractive targets for cyber-attacks A five-point strategy for a secure environment

The risk of a cyber-attack is real and continues to rise Cyber threats to industrial control systems are an undeniable reality. Developments such as the Internet of Things, wireless technology, and remote access - from laptops, tablets or smartphones - heighten the risk of being hit by a cyber-attack. Far-reaching consequences A successful cyber-attack can have far-reaching consequences for your business, citizens and the environment. The consequences of a successful cyber-attack should not be underestimated. First, there could be a significant impact on your business. The attack could also red-line critical parameters of your industrial control systems without your DCS and SCADA systems even noticing. By the time the sabotage is uncovered, the damage could already have been done. Recent cases have shown just how severe this damage could be, with companies often exposed to crippling financial fallout. Legal compliance Since cyber-attacks might also impact the environment and citizens too, many countries are working on a legislative framework to combat the phenomenon. More than ever it makes perfect sense for companies and organisations to take the issue seriously, and do everything they can to protect themselves. Existing IT security products are impotent in the face of determined cyber-attacks. A trusted and experienced strategic defence partner Since existing IT security products, such as anti-virus packages and firewalls, are effectively impotent in the face of determined attacks, other solutions are urgently needed. ENGIE Lab Laborelec combines IT and ICS knowledge to successfully combat and prevent cyber-attacks. A five-point, end-to-end programme from a detailed assessment of your current cyber security status to full 24/7 monitoring safeguards your critical industrial control systems. Examples of successful cyber-attacks 2001 Texas, USA. DoS attack shuts down the port of Houston. 2006 UK. Cancer treatment delayed by virus. 2007 South Africa. Automated anti-aircraft cannon malfunctions, killing 9 people and wounding 14. 2012 Montreal, Canada. Cascade of computer crashes causes metro system shutdown. 2014 USA. Russian-based Dragonfly group attacks energy industry. Source http://www.risidata.com/database 2

Five-point End-to-end Strategy Assess Detailed evaluation of the existing architecture, communication protocols, access rights and workflow in order to map weak spots in cyber defence. Prioritise Setting priorities, based on maximum risk reduction, balanced by cost and speed of implementation. Assure Real-time monitoring by our Secure Operations Centre, 24/7, supervised by ICS/IT specialists. Remediate Implementation of effective and robust measures to detect and block cyber-attacks. Manage Managing your ICS cyber security programme by monitoring key risk indicators and performing Penetration Hack Tests and operational audits to verify and improve the effectiveness of the cyber security policy. ENGIE Lab Laborelec s five-point security assessment strategy will enable you to: Effectively communicate at all organisational levels (including management) on operational resilience against cyber threats. Prioritise cyber security activities and investments and develop an effective roadmap. Implement a cost-effective process to mitigate cyber risks. Apply industry best practice, international standards and local regulations. 3

The ENGIE Lab Laborelec Five-point End-to-end Strategy Assess & Prioritise In most cases, our five step programme starts by making a blueprint of the current security situation. Our experts map potential cyber threats and locate areas where a security breach would have the biggest impact. We can then set up a focused and well-defined plan of action to minimise the impact of cyber incidents. Moreover, we developed a training programme for the plant s personnel to increase their cyber security awareness. ICS Cyber Security Assessment During the ICS Cyber Security Assessment we evaluate all relevant equipment, people and processes. The assessment covers the complete life cycle, from writing the specifications, to purchasing, implementation, daily use and maintenance. The results of a 360 gap analysis are here presented in a spider chart, showing scores on six axes for the current asset position (blue), the site s aspirational position (orange) and the NERC-CIP reference (green). Based on a risk assessment methodology, developed in-house, we assess the criticality of individual control systems and the possible consequences of cyber-related incidents. This enables us to map any gap between your current status and the applicable standard. The assessment stage enables us to clearly define key performance indicators for risk, and advise where action or investment is required. Based on this information, we propose a roadmap to minimise the total cost of ownership of the cyber security improvement process. The roadmap will also be useful to local regulatory authorities. ICS Cyber Security Awareness Training Awareness is key in understanding the possible business impact of cyber security incidents. The main goal of this training is to provide the participants the basics of industrial control system security and learn the threats landscape. The training is designed for process engineers, IT personnel, operations staff and other plant personnel responsible for developing and maintaining cyber security. The ICS Cyber Security Awareness Training focuses on the basics of industrial control systems security. 4

The ENGIE Lab Laborelec Five-point End-to-end Strategy Remediate This is the point at which the plan of action is brought into effect, taking into account the priorities that were set in the previous stages. It involves removing existing ineffective measures before installing a robust and effective multi-layered defence system and introducing a comprehensive training programme. Hardening solutions Based on a multi-layered defence strategy, we fortify your ICS environment against cyber-attacks. We put in place a multi-layered defence strategy to block cyberattacks, including a physical/mechanical, a software and a monitoring layer. This third layer involves the installation of monitoring tools in strategic places, enabling us to detect potential cyber-attacks from our Secure Operations Centre. The outcome is presented in a roadmap, outlining the architecture of the technical solutions and providing detailed information on the project schedule and budget. We also set up an implementation programme increasingly recommended by governments and regulatory authorities which sets out the required security measures. Furthermore, we advise future steps and quick wins. ICS Cyber Security Concepts Training The Concepts training learns process engineers, IT personnel and plant operations staff how to defend industrial control systems against cyber threats. The training focuses on the core security principles for developing and maintaining a safe, secure and resilient operational environment. The course provides you with: A guidance on how to protect installations against cyber security threats A strategy to mitigate technical and organisational security risks A correct understanding and application of security policies Insights into strategies and protocols to secure and monitor computer networks The training focuses on core security principles to defend industrial control systems against cyber threats. 5

The ENGIE Lab Laborelec Five-point End-to-end Strategy Manage & Assure Managing and improving your ICS cyber security programme requires continuous monitoring and updates. To achieve this, we monitor key risk indicators and perform Penetration Hack Tests as well as operational audits. ICS Cyber Security Penetration Hack Tests ENGIE Lab Laborelec s ICS Cyber Security Penetration Hack Tests consists of a preparation phase, an onsite assessment and a reporting phase. Penetration Hack Tests prove that the cyber defence systems function properly and react as expected. Our tests examine both the physical and digital resilience of the targeted systems and provide a KPI for assessing and comparing individual systems. The test programme includes both unauthenticated and authenticated vulnerability and network scans, social engineering tests and a review of the technical and security settings of systems, applications and network components. We deliver a list detailing all vulnerabilities and their potential consequences, a list of mitigation measures and an overview of (potentially) compromised systems. ICS Secure Operations Centre Our ICS Secure Operations Centre uses a robust, centralised monitoring solution to proactively detect and deal with cyber security issues on industrial control systems around the clock. Our experts provide Secure Remote Access services and Security Event Analysis and Forensics to guarantee secure operations of your critical automation system assets. In case of a cyber-related issue, the Secure Operations Centre contacts you immediately and advises on mitigating actions. Subsequently, a root cause analysis is executed. Our ICS Secure Operations Centre monitors the security of your industrial control systems around the clock. 6

Network & Client References Network We have developed an extensive ecosystem of authoritative organisations in the field of cyber security, keeping us abreast of all the latest developments and methods used by cyber criminals. EU joint research centre for the mapping of test capabilities ERNCIP Latest products on the market OEMs (Emerson, ABB,) ENISA EU Network information security agency for the latest white papers and networking Research for front end insights MIT (IC) consortium EuroSCSIE Closed information sharing public-private platform Special forensic analysis Thales WIB All industry automation end-user organisation ECO SYSTEM Client References We are proud to have 76 sites from different industrial branches permanently connected to our Secure Operations Centre. The ICS Secure Operations Centre monitors 76 sites currently, in various sectors of industry worldwide 750 420 128 ASSETS ISSL USERS IVPN USERS 950 loglines per day We successfully implemented a large number of cyber security projects in several domains, such as oil and gas plants, renewable power installations, nuclear and conventional power plants and power grid operators. 7

Why ENGIE Lab Laborelec is your preferred partner Combining ICS / IT expertise Our experts are not just trained in conventional IT security, they also have vast experience in operational technology. Our knowledge of industrial control systems and industrial and energy processes, means that we speak the language of both industrial operators and IT specialists. 10 years of experience ENGIE Lab Laborelec s unique methodology is based on more than 10 years of hands-on experience in cyber security, international networking, and co-operation and compliance with standards institutions (NERC-CIP, WIB/IEC 62443 Vendor Requirements, ISO 27k series and others). Multidisciplinary knowledge ENGIE Lab Laborelec has expertise in a wide variety of domains, giving us a clear view of the wider context in which industrial control systems function. Consequently, we have a full understanding of which parts of the industrial process are critical. Covering the complete value chain of ICS cyber security ENGIE Lab Laborelec performs cyber security gap analyses, health checks and risk assessments, as well as Penetration Hack Tests and follow-up audits on governance and recoverability. We also run a Security Operation Centre for continuous round-theclock scanning of actual security status and updating of security devices for over 76 sites currently. Vendor-independent ENGIE Lab Laborelec is fully vendor-independent. Our cyber security team uses the best available tools on the market from a range of suppliers. LABORELEC Rodestraat 125, 1630 Linkebeek info.laborelec@engie.com

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback