Cybersecurity Risk Management
Incident Response Practice
Training & Education
SOC Compliance
Security Audits
Security Hardening
Vulnerability Assessment
Pen Testing
Interim CISO
Industrial control systems (ICS) are adopting IT solutions to promote corporate business systems connectivity and remote access capabilities. The new IT capabilities make ICS less isolated from outside world, creating the need to secure these systems
The increasing use of wireless networking places ICS implementations at greater risk from adversaries who are in relatively close physical proximity but do not have direct physical access to the equipment. Special precautions must be taken when implementing security solutions to ICS environment.
An effective cyber security program for an ICS should apply a strategy known as “defense-in-depth,” layering security mechanisms such that the impact of a failure in any one mechanism is minimized.
Understand what data is valuable to which malicious actors. Creating profiles for groups such as hostile nation states, organized criminals, activists, and amateur hackers helps understand their goals and capabilities.
Controls exist to mitigate risk. Create metrics and indicators for critical controls to understand whether they are functioning effectively. Without understanding the effectiveness of controls, it is difficult to know if risks are being managed.