ICS/SCADA Security Assessment – The OT
What is Industrial Control Systems?
Critical Infrastructure (CI) and Defense Critical Infrastructure (DCI) are composites of assets essential to project, support, and infrastructure needed to sustain America and our military. CIs and DCIs are a combination of critical assets and task critical assets, which are of such extraordinary importance that they their compromise could have adverse effects on the American Public or our ability to fight our enemies. Most of the Department of Defense's (DoD's) DCIs rely on multiple CI systems, including electric power, water, wastewater, natural gas, and telecommunications. These elements utilize and depend upon varying control systems to maintain, operate, and control environments. Industrial Control Systems (ICS) provide the automation services necessary to operate these infrastructure elements efficiently and effectively, but are unfortunately becoming the target for more and more threat actors. These exploits, as seen with the Colonial Pipeline ransomware attack, have direct impacts to the wellbeing of our fellow citizens.
According to the National Institute of Standards and Technology (NIST), ICS is the general term that includes several types of control systems, including supervisory control and data acquisition (SCADA) systems, distributed control systems (DCS), and Programmable Logic Controllers (PLC) that operate utilities, manufacturing, transportation, and environmental systems.
Unbeknownst to most, these facility-related control systems provide building control, electronic security, environmental, and medical controls that are not typically considered ICS and therefore are not hardened or assessed. At CISEVE, we believe the opposite. These are the critical systems and they must be hardened and assessed just as traditional Information Technology (IT) systems. Securing the Operational technology (OT) is equally as important as securing the IT.
More importantly, these CIs that support DCIs require even further scrutiny to ensure that our militaries forces can operate, even in contested cyberspace. CISEVE is capable and ready to assist both industry and the government to better secure their CIs and DCIs. CISEVE uses a mix of NIST, DoDI, and experience to be able to ensure each entity is capable of I identifying their systems, protecting those systems, detecting cyber events, responding effectively to those events, and recovering. Contact us at info@CISEVE.com and let us discuss how we can assist your organization, entity, base, or even weapon system.