Krish is a subject matter expert on cybersecurity solutions applied to industrial control systems. He has over 20 years of industry experience with process automation, high availability architectures, industrial networks, and application software. Krish has executed many cybersecurity risk and vulnerability assessment projects for chemical, O & G pipeline logistics, specialty chemical and CFATS compliant companies per the NIST framework and ISA 99/IEC 62443 standards. He brings expertise and experience developing and designing holistic cybersecurity program for industrial control systems leveraging proven IT technologies and industry best practices. Krish works closely with various stakeholders within an organization to develop detailed implementation protocols, policies and procedures, cybersecurity specifications for control system platforms, to help manage the lifecycle of cybersecurity programs. He enjoys playing tennis, a wannabe golfer and recently started learning to play the drums. His favorite pastime is watching the show First Take on ESPN with his son.
The following article is reproduced from the January issue of Chemical Processing with permission. . Our aeCyber™ suite of services is a risk-driven approach organized into four competencies: Governance, Risk Management, Security Implementation, and Security Operations. By working with you and focusing on the core mission in each of these four areas, we can […]
Published: January/February Issue, 2018 | InTech Magazine Industrial control system (ICS) cybersecurity is critical to companies that spend millions of dollars assessing and mitigating ICS cybersecurity risks. This is great news for brownfield systems, but how do we make sure that greenfield projects do not install new ICSs with cybersecurity vulnerabilities and gaps? Cybersecurity does not […]
Numerous cybersecurity incidents, especially those targeting the energy sector, have raised concerns among oil, gas and petrochemical corporations. Such a cyber breach could compromise industrial control and safety systems, leading to health, safety or environmental incidents or financial loss. “Are our plant controls systems secure?”; “Do we have adequate protection measures in place?”; “Would we […]
Rising awareness of securing industrial control systems (ICS) and focus of organizations to roll out ICS cybersecurity programs have prompted a fresh look at the applicability and benefits of penetration (pen) testing. A well designed pen testing project in a controlled environment provides insights and in‐depth findings that cannot be otherwise obtained from traditional risk assessments alone. It complements risk based assessment by taking a deeper look at critical zones and conduits that were identified during the assessment. The results and recommendations help generate cybersecurity requirements specifications and drive standardization of security measures across multiple plants within an organization. This paper highlights the benefits of pen testing in an ICS environment and offers guidelines to design and conduct a pen testing project.
The design and implementation of Industrial Control Systems (ICS) cybersecurity program poses significant challenges due to the stringent requirements of a manufacturing plant and how control systems and their networks are engineered, operated and maintained. While industry has made significant strides in gaining awareness and applying resources to address these requirements, many organizations have also come to realize that implementing cybersecurity measures in the ICS environment – also referred to as Operations Technology or OT, is challenging and quite different from implementing cybersecurity in the enterprise IT environment. Many of the concepts proven and accepted in enterprise IT are either too difficult and/or complex to execute or simply not relevant to the operating environment. Guidance provided by the NIST framework and other publications are helpful to getting started, and experience also dictates that there are a core set of cybersecurity elements for the ICS environment that must be done right. This paper highlights the uniqueness of the ICS environment and offers core principles for a successful development and launch of an ICS cybersecurity program.