Industrial Control System (ICS) operators recognize the need to improve cybersecurity, but many lack the understanding on how to start the process. End users attend cybersecurity conferences, webinars, or read articles in the trade press and learn about specific cybersecurity topics – like threat detection or defense in depth architectures. Many are tempted to start taking the steps to improve security – but it is critical to first create a plan prior to taking action. Schneider Electric has issued a white paper “Cybersecurity Assessment – The Most Critical Step to Secure an Industrial Control System” designed to provide guidance to operators who are initiating projects to secure industrial control systems.
The whitepaper introduces the cybersecurity lifecycle which consists of four phases; Assessment, Implementation, Maintenance, and Auditing. The white paper focuses on the Assessment Phase, and provides a detailed overview of the steps required to create a security plan. The Assessment Phase is divided into 4 major steps:
- Documenting the System – Discovering all devices in the targeted system and mapping them to illustrate location and connectivity. A detailed asset inventory is then created that provides configuration details for system components.
- Vulnerability Assessment – Designed to enable operators to identify and document potential vulnerabilities. The vulnerability assessment utilizes accepted cybersecurity frameworks and tools to identity vulnerabilities.
- Implementing Zone/Conduit Architecture – Segmenting the network into zones and conduits. Equipment is grouped based on the criticality of the assets, operational function, physical/logical location, or access requirements.
- Risk Assessment – Risk assessment prioritizes activities to secure a system. Risk assessment allows the organization to select countermeasures that will have the greatest impact on system security.
The threat of cyber-attack is real and will continue to be an issue plaguing ICS for the foreseeable future. Following the steps outlined in this paper will enable operators to create a security plan. The key is to stop waiting, it is critical to analyze your system and create a security plan. The whitepaper can be found at: https://www.schneider-electric.com/en/download/document/998-20298472/
View to learn more about what differentiates our approach from others and why businesses should consider Schneider Electric to address their cybersecurity challenges.