Thursday, October 17, 2013

Cyber Security Lessons: Did You know?

To address growing industry interest in cyber security, Invensys has recently introduced formal cyber security assessment services to help customers understand the risks that might impact the safety and reliability of their operations. Performed on site, the control system assessment provides a baseline of the user’s current security position, and it can be used as the starting point to develop a strategy.

Douglas Clifton, Director Cyber Security, Critical Infrastructure and Practice, Invensys

The service includes the following elements:
  • Site and system assessment. The results of the assessment are provided in a conclusive report highlighting critical assets, vulnerabilities and risks.
  • Compliance assessment. Invensys addresses compliance status by reviewing operations and processes against required corporate compliance standards.
  • Establishing a security baseline. This allows customers to gauge progress against current status and operating models for security.

On the issue of compliance, Michael Martinez, a former ISO auditor and current Invensys cyber security consultant, hosted a session at the conference where he walked attendees through the compliance aspects of cyber security.
“It used to be, if you had USB ports on plant floor systems, the best practice to secure them was to epoxy them. Now there are methods through software to disable them,” Clifton said. Best-practices compliance issues addressed in Martinez’s session also include protecting against vulnerabilities presented through the use of Web services and SQL databases.
During the Invensys Software conference in Dallas this week there were other sessions on cyber security such as: “Cyber Security in the New World” and “General session 05–GISCP Certification”. Live twitter coverage (search #SoftwareRevolution).
Related information: Cyber Security Lessons and Resources for All Industries, Automation Information or the The Wonderare HMI/SCADA Times at http://situation-awareness.com