The Abhisam Industrial Cyber Security Lifecycle shows the top 10 controls needed to achieve robust cyber security for your Industrial Automation, Control and Safety System (IACS).
IACS is a broad term for control and automation systems such as DCS (Distributed Control Systems), PLC (Programmable Logic Controllers), SCADA (Supervisory Control and Data Acquisition Systems), SIS (Safety Instrumented Systems), HIPPS (High Integrity Pressure Protection Systems), BMS (Burner Management Systems) and others.
These systems may have different types of sensors, transmitters, controllers, final control elements and various HMI (Human Machine Interface) displays, such as Operator Stations, Engineering Stations and so on. There may be other connected systems such as Asset Management Systems for FOUNDATION Fieldbus or HART based devices, which are also connected to these control and automation systems.
Gartner OT security controls
In July 2021, Gartner predicted that by the year 2025, we will see many more attacks on industrial systems, which may harm or kill humans. Gartner published an OT cybersecurity graphic that showed the OT security controls needed, to ensure good OT security.
However, we find that Industrial Cyber Security control points are not adequately covered by this graphic and we came up with another version, which is shown below.
Abhisam Industrial Cyber Security Lifecycle- Top 10 controls to secure your IACS
Here is the graphic, click the link to view it. It is a smart graphic, clicking on the blue boxes reveals more information about each.
At the heart of this, is the Industrial Cyber Security Management System- this ICSMS will manage the entire lifecycle, which is a continuous process once you start it. This ICSMS has to be in sync with your organizations’ main CSMS that is used for IT security. The ICSMS will manage these controls. What are these controls? Read on below.
Top 10 controls to ensure Industrial Cyber security
These controls should be part of your own Industrial Cybersecurity lifecycle and are managed via your Industrial CSMS. These are
- People, Policies, Procedures and Standards.
- Hazard & Risk Assessment
- Asset Inventory Management
- Training and Competency Management
- Secure architecture, devices, software, practices and supply chain
- Intrusion Detection & Prevention
- Event Logging and Analysis
- Incident Response
- Backup and Restore
- Patch Management and Testing
Industrial Cyber Security
Industrial Cyber security is a growing concern among not only large organizations, but also increasingly among governments, who recognize that critical infrastructure includes industrial automation, control and safety systems that monitor, control and keep safe key national assets such as oil refineries, chemical manufacturing plants, water and wastewater plants, electricity generation and distribution networks, pipelines and so on.
This is distinct from IT security that seeks to secure IT related infrastructure such as banks, stock market trading systems, networks such as SWIFT and so on from cyber attacks. Industrial systems are considered part of “OT systems” and are considered a sub domain of OT security.
To know the differences between IT security and OT security please see the Industrial Cybersecurity whitepaper here.
However, it should be noted that OT security can include even non critical infrastructure such as building automation systems, access control systems, parking systems, home automation systems, etc.
Where can I get more information?
Join the Abhisam Industrial Cybersecurity Professional training program to learn more. Use the Abhisam LMS to not only deliver training in Industrial Cyber Security to your employees and contractors, but you can also use it to manage competency of these people. Get in touch with us for more details.