OT Cyber Security Consultancy
OT Cyber Security Consultancy
In today’s Operational Technology (OT) environment, cyber security plays a critical part to ensuring the safe and reliable operation of Industrial Automation and Control Systems (IACS). Legislators and regulators are enforcing companies to take preventative action and provide evidence that protective measures and robust governance is in place to mitigate the risk of a cyber incidents. To identify, understand and reduce cyber security risks, all organisations should have implemented an ongoing Cyber Security Management System (CSMS). A CSMS is an excellent way to manage risk within a large and complex organisation, but it is equally effective within smaller companies too.
At MAC Solutions our Cyber Security Gap Assessment (CSGA) is an essential step to ensuring your company implements an effective CSMS. By identifying areas that result in increased risk exposure, or non-compliance to regulatory and legislative requirements so these problematic areas can be identified and can be quickly addressed. We understand that no two businesses are the same, as such we offer a highly customisable service. Our CSGA can be tailored to your exact needs by considering the legislative requirements and any other standards your business requires to comply with.
Cyber Security Gap Assessments
Once run the results from the Cyber Security Gap Assessment (CSGA) and Risk Assessment Service will allow you identify and record where your organisations current critical business systems are, where their vulnerabilities lie, the level of cyber risk you face, and whether your staff’s behaviours are contributing to the overall threat level.
• Define a means of measuring organisational Cyber Maturity which can be monitored year on year to measure Return on Investment (ROI)
• Improve the organisations understanding of business-critical systems and associated
vulnerabilities both in the control systems and associated policies and procedures
• Provide a prioritised action plan allowing you to concentrate on what’s important
Proportionate and Appropriate control measures based on evidence and risk
Once the organisational maturity has been defined our consultants will work with you to develop a strategic approach with the aim of improving your cyber resilience driven by your current business needs. Once the Cyber Maturity and Risk Levels have been defined our consultants will help you to define:
• Acceptable cyber resilience methodologies
• Define resilient and secure system architecture designs
• Identify security solutions that best help protect and monitor the organisations critical systems
• Artificial Intelligence, machine learning and human experience
• Significantly improve your organisations cyber investment decisions
• Strengthen customer trust through measurable maturity scoring
• Using the ROI metric can help achieve and maintain the desired cyber resilience level
Passive, offline data ingestion and OT safe active detection. Automated tools and experienced professionals to humanly assess and validate.
Defining a cyber security scope and asset inventories helps define business critical systems and quantify how individual scenarios are handled, often these are expected to retrofit onto existing control systems networks. Knowing if the existing system is free from malware or ransomware can be a daunting task, our experienced Cyber Security consultants can help with:
• Analysis of data provided from existing security deployments
• Implement and monitoring threat detection solutions
• Network traffic analysis to detect existing malware patterns
• Endpoint anomaly detection
• Known good starting point with asset inventory and baseline
• Network malware and ransomware detection
• Network architecture walkthrough and validation
• Comprehensive list of missing patches and weak configurations
People, Process, Technology
Being able to effectively respond to threats relies not only on the policies and procedures defined as part of the corporate OT policy but also being able to effectively understand the information that is flowing in from a range of detection and protection appliances and endpoints.
• Logical and critical process protection/isolation
• Endpoint Detection and Response (ERD) along with device isolation
• SOC/SIEM message standardisation
• Business critical systems and processes can be isolated whilst threats are neutralised
• Interfacing with the wider enterprise security architecture
• Review of policies and procedures to ensure they reflect best practice and are appropriate
Business Continuity and Disaster Recovery. The ability to recover is only second to safety, both are intrinsically linked
Testing the procedures and mitigations that are in place is key to validating the integrity of the running systems, regular testing defines the need to review the current cyber maturity stance allowing an organisation to fix or fine tune individual elements of the procedures should change be necessary. The same is also true of an organisation’s backup schema, our Cyber Consultants can help you identify backup issues before they become recovery problems.
• Secure backup architecture design and scheduled automatic testing to ensure data can be recovered
• Scalable backup data replication fits organisational needs
• Fast and efficient recovery
• Ensure backups are validated and restorable
• Ensure backup integrity and ensure free from Ransomware attack
• Critical assets and applications can be recovered in minutes in a Disaster Recovery scenario
Common Frameworks we are currently supporting our customers with
The Network and Information Systems (NIS) directive. The NIS directive is an EU wide legislation to raise the overall resilience of the EU to cyber security threats on critical infrastructure. The deadline for adoption was May 2018, so the NIS directive is now a legal requirement. The NIS directive applies to all network and information systems that are deemed to be Operators of Essentials Services (OES), for example Utilities or Transportation.
Non-compliance with the NIS directive leads not only to unacceptable business and safety risks but could also lead to financial penalties with a maximum fine of £17M. The applicability of the NIS directive is not limited to OES, this is comprehensive framework that can scale to other non-regulated sectors.
IEC 62443 is a series of requirements and best practices related to cyber security of Industrial Automation and Control System (IACS). IEC 62443 provides a comprehensive framework for all aspects of an Operational Technology network relating an IACS. Multiple countries, such as the UK with OG86, have implemented legislation based upon IEC 62443.
A gap assessment against IEC 62443 is therefore an excellent choice for companies who wish to assess their assets against an internationally recognised standard for cyber security.
Cyber Assessment Framework
The UK’s National Cyber Security Centre (NCSC) developed the Cyber Assessment Framework (CAF) as a tool for Competent Authorities (CA) to assess Operators of Essential Services against the requirements of the NIS directive. If you are an OES then compliance with the CAF is mandatory and non-compliance can result in a fine.
A gap assessment against the CAF framework can also be beneficial for those who wish to adhere to the same strict standard to mitigate business and safety risks posed by a cyber incident.
If your site is exposed to major hazard risk, for example Control of Major Accident Hazards Regulations (COMAH) sites, you are required to demonstrate that you are effectively managing your cyber security risk. The HSE have published OG86 based upon industry standards such as ISO27001, IEC 62443 and the UK’s National Cyber Security Centre’s CAF to guide operators on how to implement a CSMS to manage risk.
For those operating a COMAH site, compliance with OG86 is a mandatory requirement and the HSE are routinely inspecting sites for compliance. MAC Solutions has significant experience and expertise in this field and offers a comprehensive gap analysis program to aid your company in becoming compliant with OG86.
The NIST framework sets out a series of standards, guidelines and best practices relating to cyber security. Like IEC 62443, this framework sets out industry best practices for cyber security of industrial control systems. By having SolutionsPT carry out a gap assessment against this framework an organisation will have excellent awareness of how their cyber security management compares to that of industry best practice. Recommendations will be drawn up that allows you to identify areas where you need to make improvements to reduce your cyber security risk to an acceptable level.
Sponsored by the Department for Environment, Food & Rural Affairs (Defra) and the Food Standards Agency (FSA). Its development was facilitated by BSI Standards and came into effect on 16 November 2017
The focus of PAS 96 is on protecting the integrity and wholesomeness of food and food supply. Any intending attacker, whether from within a food business or its supply chain or external to both, is likely to attempt to elude or avoid routine management processes. It should help food businesses mitigate each of these threats, but the approach may also be used for other business threat