ICS Cybersecurity Terms
ICS Malware Prevention
Studies have shown that malware related incidents are the number one cause of cyber-related production losses and upsets in Industrial control systems. As such, malware prevention (e.g. anti-virus, whitelisting) is an important component of an overall ICS security program. However, deployment of malware prevention in an ICS can be challenging. ICS malware prevention policies and procedures need to balance the need for system reliability with the need for system security.
aeSolutions can assist in the development and implementation of an ICS malware prevention program and the deployment of anti-virus and/or whitelisting software to assist organizations in meeting the requirements set forth in ICS cybersecurity standards such as ISA/IEC 62443 and NERC CIP.
Security information and event management (SIEM) is where software and services combine security information management (SIM) and security event management (SEM) into one security management system. This provides a real-time overview and analysis of security alerts generated by applications and network hardware.
aeSolutions can assist in the acquisition, configuration, and implementation of a Security information and event management (SIEM) tool. We can help you integrate your SIEM into your larger Cyber Risk strategy as well as aid mitigate issues such as alert fatigue, rule changes, and log management.
ICS Backup and Restore
Despite best efforts, it is highly likely that at some point in the operation of an ICS there will be a loss of a device or server containing critical data. Whether this loss is due to accidental or malicious forces, it is critical that a comprehensive backup and restore policy be in place to recover this data.
aeSolutions can assist in the development and implementation of a backup and restore program and the deployment of automated backup systems to assist organizations in meeting the requirements set forth in ICS cybersecurity standards such as ISA/IEC 62443 and NERC CIP.
ICS OT Change Management
Change management policies and procedures are used to control modifications to hardware, firmware, software, and documentation to ensure the ICS is protected against improper modifications prior to, during, and after commissioning. A formal change management program should be established and procedures followed to insure that all modifications to ICS components and the ICS network maintain the security requirements established in the ICS Cybersecurity Requirements Specification. Changes to the ICS that could affect security, including configuration changes, the addition of network components, and installation of new application software should prompt an update of the ICS Cybersecurity Risk Assessment.
There are a variety of commercial software tools available to assist in managing and enforcing these policies/procedures. aeSolutions can assist in the development and implementation of an ICS change management program and the deployment of software tools to assist organizations in meeting the change management requirements set forth in ICS cybersecurity standards such as ISA/IEC 62443 and NERC CIP.
Contact us to learn how aeSolutions can assist you develop policies and procedures.
ICS Security Hardening
Hardening an industrial control system involves constraining the functionality of the various components to prevent unauthorized access or changes, removing unnecessary functions or features, enabling security features, and patching any known vulnerabilities. aeSolutions can design and implement the security hardening requirements for a new system or help implement the security hardening gaps discovered as part of an ICS Cybersecurity Vulnerability Assessment for an existing system.
Contact Us to learn more how aeSolutions can help you harden your ICS.
ICS Remote Access
Technology has made it possible to remotely connect to control systems from anywhere in the world with any device capable of Internet access. This capability provides many operational benefits such as being able to maintain and support systems with remote staff, to supply operational data to Enterprise Resource Planning (ERP) systems and regulators, and to enable vendors to provide support and updates to the system. These benefits notwithstanding, allowing remote access to a control system, especially remote access over public networks (e.g. the Internet), can be extremely risky. Since the risk varies with the application, the decision whether to allow remote access to an ICS should always be based on the results of an ICS Cybersecurity Risk Assessment.
aeSolutions can assist by evaluating your current ICS remote access implementation and assisting in the design/redesign of a solution with the appropriate layers of security.
Secure Wireless Networking
While licensed-band radio systems and microwave links have been used for many years in SCADA applications, the use of wireless communications in ICS environments has increased significantly in recent years. It is more common to find WiFi and cellular access points in ICS networks, and some automation vendors are adding wireless functionality directly into their ICS products.
Wireless access to the ICS network introduces risks similar to ICS Remote Access with some additional threat vectors.Since the risk varies with the application, the decision whether to allow remote access to an ICS should always be based on the results of an ICS Cybersecurity Risk Assessment.
aeSolutions can assist by evaluating your current ICS wireless implementation and assisting in the design/redesign of a solution with the appropriate layers of security.
OT SOC Design / Implementation
A security operations center (SOC) is a centralized location or unit that deals with security issues on an organizational and technical level in real time. The staff of a SOC is tasked to detect, mitigate, and possibly do forensic analysis of cybersecurity incidents.
aeSolutions can assist you with best practices for standing up and implementing an OT SOC all while strategizing within your Cyber Risk goals. Our staff is uniquely experienced with the different benefits and challenges that an OT SOC that is monitoring a control system network vs an IT SOC monitoring enterprise data.