To address growing industry interest in cyber
security, Invensys has recently introduced formal cyber security assessment
services to help customers understand the risks that might impact the safety
and reliability of their operations. Performed on site, the control system assessment
provides a baseline of the user’s current security position, and it can be used
as the starting point to develop a strategy.
Douglas Clifton, Director
Cyber Security, Critical Infrastructure and Practice, Invensys
The service includes the following elements:
- Site and system assessment. The results of the assessment are provided in a conclusive report highlighting critical assets, vulnerabilities and risks.
- Compliance assessment. Invensys addresses compliance status by reviewing operations and processes against required corporate compliance standards.
- Establishing a security baseline. This allows customers to gauge progress against current status and operating models for security.
On the issue of compliance, Michael Martinez, a former ISO auditor
and current Invensys cyber security consultant, hosted a session at the
conference where he walked attendees through the compliance aspects of cyber
security.
“It used to be, if you had USB ports on plant floor systems, the
best practice to secure them was to epoxy them. Now there are methods through
software to disable them,” Clifton said. Best-practices compliance issues
addressed in Martinez’s session also include protecting against vulnerabilities
presented through the use of Web services and SQL databases.
During the Invensys
Software conference in Dallas this
week there were other sessions on cyber security such as: “Cyber Security in
the New World” and “General session 05–GISCP Certification”. Live twitter coverage (search
#SoftwareRevolution).
No comments:
Post a Comment