I Want to Secure My Industrial Control System – What’s the First Step

Industrial Control System (ICS) operators recognize the need to improve cybersecurity, but many lack the understanding on how to start the process.  End users attend cybersecurity conferences, webinars, or read articles in the trade press and learn about specific cybersecurity topics – like threat detection or defense in depth architectures.  Many are tempted to start to take steps to improve security – but it is critical to first create a plan prior to taking action.  Schneider Electric has issued a white paper designed to provide guidance to operators who are initiating projects to secure industrial control systems.

The whitepaper introduces the cybersecurity lifecycle which consists of four phases; Assessment, Implementation, Maintenance, and Auditing.  The white paper focuses on the Assessment Phase, and provides a detailed overview of the steps required to create a security plan.  The Assessment Phase is divided into 4 major steps:

  • Documenting the System – Discovering all devices in the targeted system and mapping them to illustrate location and connectivity. A detailed asset inventory is then created that provides configuration details for system components.
  • Vulnerability Assessment – Designed to enable operators to identify and document potential vulnerabilities. The vulnerability assessment utilizes accepted cybersecurity frameworks and tools to identity vulnerabilities.
  • Implementing Zone/Conduit Architecture – Segmenting the network into zones and conduits. Equipment is grouped based on the criticality of the assets, operational function, physical/logical location, or access requirements.
  • Risk Assessment – Risk assessment prioritizes activities to secure a system. Risk assessment allows the organization to select countermeasures that will have the greatest impact on system security.

The threat of cyber-attack is real and will continue to be an issue plaguing ICS for the foreseeable future.  Following the steps outlined in this paper will enable operators to create a security plan.  The key is to stop waiting, it is critical to analyze your system and create a security plan.

The post I Want to Secure My Industrial Control System – What’s the First Step appeared first on Schneider Electric Blog.

Visit Toronto Wiring
from Schneider Electric Blog


Visit Toronto Wiring

Comments

Post a Comment

Popular posts from this blog

EFF: No Digital Surveillance of Iranians at the U.S. Border—or Within the U.S.

No Digital Surveillance of Iranians at the U.S. Border—or Within the U.S. Only days into heightened tensions between the United States and Iran, media outlets have published disturbing reports of increased scrutiny of people of Iranian descent at U.S. borders, including in at least one case involving a traveler’s phone. EFF strongly opposes any targeting of people for digital surveillance based on their race, religion, or nationality, at our border and in our interior. And we remind all members of the public to practice surveillance self-defense. Disturbing Reports from the Border On January 5, media outlets reported that more than 60 people of Iranian descent, including U.S. citizens, were held at the border between Canada and Washington state for many hours and questioned about their perceived connections to Iran. U.S. Customs and Border Protection (CBP) denied that it detained or refused entry to Iranians based on their national origin, a claim contested by accounts f
Read more

EFF: Corporate Speech Police Are Not the Answer to Online Hate

Corporate Speech Police Are Not the Answer to Online Hate A coalition of civil rights and public interest groups issued recommendations today on policies they believe Internet intermediaries should adopt to try to address hate online. While there’s much of value in these recommendations, EFF does not and cannot support the full document. Because we deeply respect these organizations, the work they do, and the work we often do together; and because we think the discussion over how to support online expression—including ensuring that some voices aren’t drowned out by harassment or threats—is an important one, we want to explain our position. We agree that online speech is not always pretty—sometimes it’s extremely ugly and causes real world harm. The effects of this kind of speech are often disproportionately felt by communities for whom the Internet has also provided invaluable tools to organize, educate, and connect. Systemic discrimination does not disappear and can even be ampl
Read more

Living on the (IT) Edge: Schneider Electric at HPE Discover 2018

Image
We’re here at HPE Discover 2018 , proudly sponsoring the event and enjoying a jam-packed few days in Las Vegas. The data center industry has experienced tremendous disruption in the last decade. The fourth Industrial Revolution, with its IT/OT convergence, the proliferation of IoT, and insatiable demand for digital connectivity, is creating the opportunity to push the envelope of performance beyond the obvious and create new business value. And there’s no bigger opportunity right now than at the edge. At the same time, these new paradigms are also driving more complexity: companies today are trying to manage a combination of environments, from large centralized data centers on-premises or in the cloud, regional edge data centers, to local edge data centers. We have more data centers, intertwined across more locations, and with more data, than ever before. All of this adds up to promising opportunities on the horizon for our customers – but an equally daunting number of new challenges
Read more