Industrial Cybersecurity Program Building
Using industry standards, including NIST CSF and ISA 62443, aeSolutions has developed tools, techniques and templates (such as aeCyberProgram™) to help you fast-track your cybersecurity program policies, procedures, standards, and training and awareness programs. We can also help you with establishing a governance board and charter, a security plan and master policy, and other executive engagement activities and deliverables (such as aeReport™), all designed to drive the creation of a security culture in line with your safety culture and your operational reliability requirements.
Using our proven Five Pillars of Cybersecurity methodology, aeSolutions can help you justify, design, document and implement your Industrial Cybersecurity Program.
A comprehensive approach to cybersecurity calls for addressing requirements in all five areas:
Governance means effectively engaging your executive team to ensure they understand that cyber risk is business risk, and that they must ‘own’ cyber risk in order to create a cybersecurity culture through commitment and accountability. This is typically accomplished by establishing a cybersecurity executive governance board.
Risk Management means systematically identifying and quantifying potential cyber-based business loss events so that management can confidently evaluate the organization’s exposure to cyber risk, and fund a program that is proportional to the risk and is consistent with the organization’s overall risk management strategy.
Security Integration entails deeply integrating cybersecurity requirements throughout the organization’s day-to-day business practices. For example, updating master service agreements to include cybersecurity provisions (i.e., procurement dept.), or ensuring that a new site’s factory acceptance tests include cybersecurity validations (i.e., capital projects dept.), or disabling insecure protocols when installing field equipment (i.e., engineering dept.), etc.
Security Implementation includes all the technical controls and standards and procedures we use to ‘harden’ our systems in order to make it more difficult for cyber-attackers to breach our defenses or to reach their intended targets. Typical controls include things like firewalls, anti-virus, whitelisting, patching, encryption, and many others.
Security Operations may be the most important of all and is the basis for cyber resiliency, which is the highly-attuned skill to quickly and effectively detect a cyber event, combined with the highly-practiced ability to quickly and effectively respond to eradicate the intruder and recover to normal business operations – all with the goal of minimizing, as much as possible, any significant
negative business impacts or loss events.
The Challenges of Industrial Control System (ICS) Cybersecurity
Using our proven Five Pillars of Cybersecurity methodology, aeSolutions can help you justify, design, document and implement your Industrial Cybersecurity Program. Establishing a comprehensive ICS Cybersecurity Program can be very challenging. Senior management must understand the business risk. An acceptable risk-reduction strategy must be identified. Spending and resource requests must be justified. Priorities must be set. A new culture of operations technology (OT) security must be fostered.
Operations, Engineering and IT departments must build new relationships and collaborate more effectively. New skills must be established. New policies and practices must be documented. Employees and contractors must be trained and held accountable. Systems must be hardened. Networks must be monitored. Defenses must be tested. Threat intelligence must be evaluated. Incident response drills must be conducted. Metrics must track progress and identify gaps. Continuous improvement must be maintained.
aeSolutions can help.
Benefits of choosing aeSolutions
We are uniquely experienced helping companies develop ICS security programs, frameworks, policies and practices.
We are multi-disciplined, with combined Process Control, Process Safety, and Industrial Cybersecurity expertise.
We are familiar with industrial operation and we regularly work on-site in plants, facilities and factories.
We are leaders in ICS cybersecurity standard development (e.g. ISA/IEC 62443).
We are pioneers in ICS cybersecurity risk assessment as the developer of the aeCyberPHA methodology.
We are authors and instructors of the numerous ICS cybersecurity training courses.
We are deeply experienced with an average industry experience of 18+ years.
We are a team of credentialed professionals (CISSP, GICSP, 62443 Expert, C | EH, CCNA, CCDA, MSCE, CFSE, PMP, etc).
We have the staff, skills and experience to design and implement ICS cybersecurity mitigations.
We don’t ‘sell-then-switch’– when you meet with us you’re meeting with the people who do the work.