Regency IT Consulting has conducted an extensive program into the issues and challenges of securing Industrial Control Systems (ICS) against attack and compromise.
Its no secret that the best defence for any ICS is to design an overall security architecture that provides defence in depth across the different components. What is more difficult to identify is an approach that provides the necessary defences without putting additional risks into the architecture and operating procedures of deterministic and safety-critical systems. Regency has identified a complete approach that provides a whole-life solution, using the best-of-breed solutions integrated by Regency into a single package consisting of four countermeasures that provide a comprehensive defence to manage the risk.
The first is the use of good practice to perform a formal risk assessment of the assets and existing countermeasures using the Citicus One toolset specifically designed for ICS implementations. These, when assessed by one of our security architects, provide an identification of the appropriate defences and a documented justification for their use.
The second is the use of Firewall/Intrusion Detection technology that is specifically designed for use in ICS environments. Regency have partnered with Byres Security to use the award-winning TOFINO enforcer modules. Our research team has worked closely with Byres to improve the capabilities of the systems and the defences provided by the technology.
The third element is the way that Regency has integrated the outputs of this solution into a Security Information & Event Monitoring System (SIEM). This enables the existing Security Operations Centre team to monitor and defend the organisation’s data and ICS networks. This gives improved incident response and reporting capability with little or no increase in personnel requirements.
The final part of the approach is the use of the McAfee whitelisting technology to defend the IT systems that comprise the control and reporting elements of ICS. This will prevent the infection or corruption of existing files attempting to damage or compromise systems. Regency have worked with McAfee to test and integrate the software into the overall package so that we have confidence in the ability to add this to existing ICS infrastructures without adverse impact.
Through the integration of these capabilities Regency and Cassidian have created a unique offering for the securing and monitoring and of Industrial Control Systems. In this period of increasing threats to ICS this capability offers a compelling capability to aid the defence of Critical National Infrastructure.
Â
Â
