• Risk Mitigation

    OT Security Controls Implementation is a Challenge

    Industrial Cybersecurity Program

    Establishing ICS Security Program

    Effective integration of security into an ICS requires defining and executing a comprehensive program that addresses all aspects of security, ranging from identifying objectives to day-to-day operation and ongoing auditing for compliance and improvement. The primary benefits of a security program is to improve control systems safety, reliability, and availability. Secondary, it helps meeting regulatory requirements, reducing legal liabilities and enhancing corporate image and reputation.

     

    We develop a security program that includes the following:

     

    · Development of specific ICS policies and procedures

    · Define leadership, roles and responsibilities for ICS personnel

    · Define security requirements for vendor’s contract and procurement language

    · Assess or define an inventory for ICS assets

    · Perform a risk and vulnerability assessment and develop a mitigation controls plan

    Physical

    Security

    Protection of Critical Components

    Our experts will evaluate the possibility to gain physical access to the systems and devices within the facility and substations in order to simulate system intrusion to either conduct immediate malicious acts or to introduce unauthorized hardware or software.

     

    This is not a theoretical discussion and physical security shall not be underestimated. Stuxnet worm, was originally carried in on a USB stick, demonstrated the effectiveness of surreptitiously gaining physical access to private or isolated networks.

     

    Evaluation of physical security controls will comprise the following:

     

    · Authorization process of ICS personnel in the control room

    · Workstation and peripherals security in control and server room

    · CCTV and ACS security measures

    · Data center or technical room security and environmental conditions

    Operation Security

    Reducing the Operational Risk

    The prolific use of TCP/IP technologies in ICS, such as connected devices, is expanding the attack surface of industrial systems at an alarming rate. A commitment to operational security and independent assurance of industrial systems must be incorporated into today’s Information Technology (IT) and Operational Technology (OT) programs. We asses or establish the following processes:

     

    · ICS Incident and Response Management

    · Change/Configuration/Capacity management

    · Security Monitoring

    · Antivirus solution

    · Usage of portable media

    · Patch management

    · Account management

    · Backup procedures

    · Recovery and reconstitution

    Security Architecture

    Reducing the Threat Landscape​

    Examination of fit-for-purpose security design using our attacker-oriented lens. Accuras’s own security review methodology and deep technical expertise sets us apart. We spearhead efforts to secure ICS architecture by introducing proven best-practices, defense-in-depth security, and reliability throughout the product lifecycle. As we provide vast systems engineering hands-on, expert techniques, and accurate results in our security design recommendations and assessments. The assessments comprise the following and more:

    · Security configuration review of network and field devices

    · Backdoors and holes in the network and its perimeter

    · Satellite/GSM ingress and egress network points plus covert channels

    · Network segmentation, resilience capabilities and firewall bypass

    · Network access control, official and unofficial

    · VPN Remote access

    · Redundancy and resiliency

    · Wireless/Radio security

    · Protection of assets (hardening)

    · EWS, HMI and workstation security

×
A data protection is enforced to oversee the effective and secure transmission, processing, storage, and eventual disposal of your personal data, and data related to your requested services. Accura will retain your personal data for mailing purposes until you request that it be removed, after which it will be securely disposed of. Accura will never sell your personally identifiable data and will only share your personally identifiable data with our partners when you provide agreement to do so.

When you consent to us using your information for the purposes of sending you information about Accura products or services, you are providing us with your consent to send you materials detailing our products and services that we consider will be of interest to you. We will only send materials we perceive relevant covering new vulnerabilities, industry articles, important news and business information.