Critical Infrastructure / SCADA
With high levels of industrial automation, remote access possibilities and network ubiquity, it is essential that system access and working be regulated and monitored. Further, sensitive industrial control systems, when hijacked, can have extensive implications on the business reputation, finance and employee morale. As your reliable partner and trusted friend, Paramount brings deep knowledge, meaningful insight extensive capability and innovation in approach to secure your assets at every step.
What is ICS/SCADA Consulting?
Industrial systems have high levels of automation today. The base to this automation is an Industrial Control System (ICS), wherein all the signals are collated in one interface, thereby allowing plant engineers to take decisions. The data to this central control system is in turn fed by PLC and SCADA interfaces, which in turn get updated data from sensors in various locations. SCADA systems are thus industrial computing assets that provide a human operator with updated real-time information about the current state of the remote process being monitored, as well as the ability to manipulate the process remotely. Industrial Control Systems perform mission critical functions to operate infrastructure for electricity generation, transmission and distribution, oil and gas drilling, production and processing,water treatment systems, etc.
Malicious attacks on SCADA system may lead to catastrophic consequences such as asset mis-configuration, physical injury, process interruption and equipment damage. SCADA Security Assessment assists in reducing risk to threats and encourages compliance with regulatory mandates by analyzing vulnerabilities that could lead to system compromise.
In recent times, critical SCADA and ICS systems are increasingly at risk of cyber-attacks. Especially in the Middle East, malware attacks like Stuxnet, Flame, Duqu, Shamoon have brought to focus the urgent necessity for securing ICS systems. The complex interconnectivity between ICS with other business IT systems and the Internet has increased the risk further. A security breach into an ICS system could result in disruption of service, loss of production, instability of control systems, equipment damage or even loss of human lives. This is because,
- Most SCADA or ICS Systems are not designed with security aspects in mind
- Terminal devices have limited computing and memory resources
- Only a small number of professionals with the right competency are present to help out
- Collaboration and support from professional community is highly needed and cannot be availed immediately at the time of attack as no one is on standby
- It is difficult to implement solutions in real time
Approach and Offerings
Paramount’s methodology of SCADA Assessment is designed based on best industry standards and practices. Our approach is to optimize tailor-made offerings to meet client’s objectives, unique threat environment and any other operating constraints.
Although tailored based on the scope of engagement and other application requirements, any successful approach to tackling security threats to industrial control system must cover following key steps:
- Interviews with Managers, Operators, Engineers & System Administrators
- Assessment of security configurations – Host, Network and Applications
- Vulnerability Assessment and Penetration Testing
Review of existing security policies and related documents (such as change control, backup, incident detection and recovery), Control Access to System (Physical Security, ACL)
- Review of network segmentation, functional demilitarized zones and firewalls
- Lock down Perimeter Security
- Train Personnel & Contractors
- Manage & Monitor ICS System Security
- Periodically Perform Security Audits
Outcome and Delivery
Paramount has amassed a wealth of information by leading hundreds of complex vulnerability assessments and can help you with:
- ICS risk management
- ICS policies and procedures
- ICS Security assessment
- ICS vulnerability assessment and penetration testing
- Configuration review
- Threat profiling
- Incident management
- Communication security and network topology-zoning & conduits
- Patching and change management
The Security review covers all levels of Industrial Control – Enterprise Systems (ERP, MES,CMMS), SCADA, HMIs, PLCs, RTUs - Backup, Antivirus, Firewalls, Intrusion Detection Systems, Access Control Policies, Security Policies and Procedures and Security Management Practices conforming to NERC CIP, ISA SP99 (IEC-62443) , NIST 800-82 & IEC62351. This means that every aspect of your industry is secured against nefarious activities, thereby delivering top notch reliability and absolute business continuity.