ICS Cybersecurity Terms
ICS Malware Prevention
Studies have shown that malware related incidents are the number one cause of cyber-related production losses and upsets in Industrial control systems. As such, malware prevention (e.g. anti-virus, whitelisting) is an important component of an overall ICS security program. However, deployment of malware prevention in an ICS can be challenging. ICS malware prevention policies and procedures need to balance the need for system reliability with the need for system security.
aeSolutions can assist in the development and implementation of an ICS malware prevention program and the deployment of anti-virus and/or whitelisting software to assist organizations in meeting the requirements set forth in ICS cybersecurity standards such as ISA/IEC 62443 and NERC CIP. aeSolutions has developed tools, techniques and templates to assist our customers to develop their Asset Management and Vulnerability Management practices, create and validate their Incident Response Plans, and assist with evaluating options to establish and staff a Security Operations Center (internal/MSSP/hybrid). Customers are encouraged to visit our Houston offices where we have established an ICS equipment/product testing lab. In addition to the ability to evaluate and test ICS IT and OT equipment, we have strategic relationships with several vendors of ICS Anomaly Detection products, and we can assist customers with hands-on product-comparison evaluations.
Security information and event management (SIEM) is where software and services combine security information management (SIM) and security event management (SEM) into one security management system. This provides a real-time overview and analysis of security alerts generated by applications and network hardware.
SIEM Integration is a part of Security Operations. This may be the most important of all and is the basis for cyber resiliency, which is the highly-attuned skill to quickly and effectively detect a cyber event, combined with the highly-practiced ability to quickly and effectively respond to eradicate the intruder and recover to normal business operations – all with the goal of minimizing, as much as possible, any significant negative business impacts or loss events.
aeSolutions can assist in the acquisition, configuration, and implementation of a Security information and event management (SIEM) tool. We can help you integrate your SIEM into your larger Cyber Risk strategy as well as aid mitigate issues such as alert fatigue, rule changes, and log management.
ICS Backup and Restore
Trusted, available operational technology (OT) information is critical to the safe, reliable and profitable operation of industrial processes yet it faces risk of corruption or loss from both malicious and non-malicious events. In fact, ransomware attacks against industrial entities jumped more than 500 percent over the last two years. A sound Backup and Recovery practice is foundational in any OT Cybersecurity Program and, in the event of a ransomware or wiper attack, may be the last line of defense. Despite best efforts, it is highly likely that at some point in the operation of an ICS there will be a loss of a device or server containing critical data. Whether this loss is due to accidental or malicious forces, it is critical that a comprehensive backup and restore policy be in place to recover this data.
aeSolutions can assist in the development and implementation of a backup and restore program and the deployment of automated backup systems to assist organizations in meeting the requirements set forth in ICS cybersecurity standards such as ISA/IEC 62443 and NERC CIP.
If you are a member of our CKC , Cybersecurity Knowledge Center, we have more more backup info available at "Develop, maintain and test IACS backups, along with an associated recovery plan."
ICS OT Change Management
Change management policies and procedures are used to control modifications to hardware, firmware, software, and documentation to ensure the ICS is protected against improper modifications prior to, during, and after commissioning. A formal change management program should be established and procedures followed to insure that all modifications to ICS components and the ICS network maintain the security requirements established in the ICS Cybersecurity Requirements Specification. Changes to the ICS that could affect security, including configuration changes, the addition of network components, and installation of new application software should prompt an update of the ICS Cybersecurity Risk Assessment.
There are a variety of commercial software tools available to assist in managing and enforcing these policies/procedures. aeSolutions can assist in the development and implementation of an ICS change management program and the deployment of software tools to assist organizations in meeting the change management requirements set forth in ICS cybersecurity standards such as ISA/IEC 62443 and NERC CIP.
Contact us to learn how aeSolutions can assist you develop policies and procedures.
ICS Security Hardening
Hardening an industrial control system involves constraining the functionality of the various components to prevent unauthorized access or changes, removing unnecessary functions or features, enabling security features, and patching any known vulnerabilities. aeSolutions can design and implement the security hardening requirements for a new system or help implement the security hardening gaps discovered as part of an ICS Cybersecurity Vulnerability Assessment for an existing system.
Contact Us to learn more how aeSolutions can help you harden your ICS. While it can be a daunting task to properly assess and remediate vulnerabilities in an OT Environment, aeSolutions has extensive experience in assessing, designing, optimizing, and mitigating vulnerabilities in your PCN network. aeSolutions has the tools and a proven process needed to conduct these assessments, put together an extensive remediation plan, and to build a maintenance program around ICS firewall management. A well-designed DMZ network offers the capability and flexibility to share process data across the enterprise securely while at the same time containing and localizing the impact to plant operations should a cybersecurity event occur. aeCyberSolutions can also assist in the development and implementation of an ICS patch management program and the deployment of patch management software to assist organizations in meeting the requirements set forth in ICS cybersecurity standards such as ISA/IEC 62443 and NERC CIP.
ICS Remote Access
Technology has made it possible to remotely connect to control systems from anywhere in the world with any device capable of Internet access. This capability provides many operational benefits such as being able to maintain and support systems with remote staff, to supply operational data to Enterprise Resource Planning (ERP) systems and regulators, and to enable vendors to provide support and updates to the system. These benefits notwithstanding, allowing remote access to a control system, especially remote access over public networks (e.g. the Internet), can be extremely risky. Since the risk varies with the application, the decision whether to allow remote access to an ICS should always be based on the results of an ICS Cybersecurity Risk Assessment.
Remote access has recently been the cause of a number of very public incidents in the OT space. Are you doing everything you can to protect your environment? aeSolutions can assist by evaluating your current ICS remote access implementation and assisting in the design/redesign of a solution with the appropriate layers of security.
Secure Wireless Networking
While licensed-band radio systems and microwave links have been used for many years in SCADA applications, the use of wireless communications in ICS environments has increased significantly in recent years. It is more common to find WiFi and cellular access points in ICS networks, and some automation vendors are adding wireless functionality directly into their ICS products.
Wireless access to the ICS network introduces risks similar to ICS Remote Access with some additional threat vectors. Since the risk varies with the application, the decision whether to allow remote access to an ICS should always be based on the results of an ICS Cybersecurity Risk Assessment.
aeSolutions can assist by evaluating your current ICS wireless implementation and assisting in the design/redesign of a solution with the appropriate layers of security. aeCyberSolutions has also developed tools, techniques and templates to assist our customers to develop their wireless and remote wireless access practices.
OT SOC Design / Implementation
A security operations center (SOC) is a centralized location or unit that deals with security issues on an organizational and technical level in real time. The staff of a SOC is tasked to detect, mitigate, and possibly do forensic analysis of cybersecurity incidents.
aeSolutions can assist you with best practices for standing up and implementing an OT SOC all while strategizing within your Cyber Risk goals. Our staff is uniquely experienced with the different benefits and challenges that an OT SOC that is monitoring a control system network vs an IT SOC monitoring enterprise data.
This page is a short glossary of some definitions of ICS Cybersecurity Terms. Industrial Control Systems (ICS) are important to supporting US critical infrastructure and maintaining national security. ICS owners and operators face threats from a variety of adversaries whose intentions include gathering intelligence and disrupting National Critical Functions.
As ICS owners and operators adopt new technologies to improve operational efficiencies, they should be aware of the additional cybersecurity risk of connecting operational technology (OT) to enterprise information technology (IT) systems and Internet of Things (IoT) devices.