Services
for industrial automation & process
We help you design, build and protect a ‘system’. One System of Systems (OSoS) and we create it with a common language for all professional disciplines, based on IEC 81346 and IEC 62443!
We design the foundation for digitalization and we help you manage RISK for the entire solution lifecycle.
IEC 81346 is about labelling of systems and the system elements and IEC 62443 is a standard and a framework for OT Cyber security and a reference architecture for OT/ICS.
Step :
1: Convert everything and whatever you do into systems thinking.
2: Arrange the systems in part-of relations i.e. systems consists of sub elements.
3: Apply the IEC 81346 standard series as the naming convention for these systems.
4: Work with IEC 62443 standard series as the framework for Cyber security and reference architecture.
To help Organizations reduce RISK for their OT/ICS environment we define system requirements needed to protect the infrastructure, based on a combination of functional requirements and risk assessment, often including an awareness of operational issues as well.
Industrial Control Systems (ICS) have experienced an exponential increase in cyberattacks over the last decade. The industry has responded to cybersecurity threats by creating standards to assist end users and equipment vendors through the process of securing industrial control systems.
There are several key standards available in the market today. IEC 62443 has been developed by both the ISA99 and IEC committees to improve the
safety, availability, integrity, and confidentiality of components or systems used in industrial automation and control. The IEC 62443 series of standards can be utilized across industrial control. IEC 62443 is evolving to become a key standard in the industry, and Cybernet-ICS is building its cybersecurity strategy and services around the standard.
Work with RISK: To be able to measure and control this process, we use the Foundational requirement = FR, System requirement = SR and Security level = SL from the IEC 62443 Standard. It gives us a tool for overtime to be able to steer the "Ship" in the right direction.
Types of SLs
SLs have been broken down into three different types: target, achieved and capability. These types, while they all are related have to do with different aspects of the security lifecycle.
• Target SLs (SL-T) are the desired level of security for a particular system. This is usually determined by performing a risk assessment on a system and determining that it needs a particular level of security to ensure its correct operation.
• Achieved SLs (SL-A) are the actual level of security for a particular system. These are measured after a system design is available or when a system is in place. They are used to establish that a security system is meeting the goals that were originally set out in the target SLs.
• Capability SLs (SL-C) are the security levels that components or systems can provide when properly configured. These levels state that a particular component or system is capable of meeting the target SLs natively without additional compensating countermeasures when properly configured and integrated.
Each of these SLs is intended to be used in different phases of the security lifecycle according the IEC 62443 series. Starting with a target for a particular system, an organization would need to build a design that included the capabilities to achieve the desired result. In other words, the design team would first develop the target SL necessary for a particular system. They would then design the system to meet those targets, usually in an iterative process where after each iteration the achieved SLs of the proposed design are measured and compared to the target SLs. As part of that design process, the designers would select components and systems with the necessary capability SLs to meet the target SL requirements – or where such systems and components are not available, complement the available ones with compensating countermeasures. After the system went into operation, the actual SL would be measured as the achieved SL and compared to the target SL.
Services:
Cyber Security Manager for OT, ICS and SCADA.
- Single point of contact for contractors and staff "OT Cyber Security responsible"
- Establish RISK management and governance in the organization
- Establish and describe the concept of least privilege
- Establish and manage a Cyber risk reduction program for the OT Project
- Establish and describe Cyber Security Requirement Specification for the OT Project
- Establish and describe Cyber Security Requirements to Suppliers
- Establish and describe Software and Network Requirement to Suppliers
- Establish or contribute to Risk analyst
- Establish or contribute to Risk and vulnerability assessment
- Establish or contribute to Risk and security assessment
- Establish Remote access solution for vendors and staff
- Establish Continuous Monitoring and Threat Detection
- Establish or contribute to a Backup, recovery and versions control program
- Establish or contribute to OT Cyber security awareness program
- Create or contribute to data flow diagrams
- Create or contribute to data network diagrams
- Create or contribute to establish network zones and conduits
- Provide Cyber Security and Network Engineering requirements to Contractors and suppliers
- Provide input and participate in the development of data flow
- Ensure that Contractors design is in accordance with the current Company Technical Requirements and best practice (example IEC 62443)
- Ensure that relevant operational requirements and experience data are implemented in the design.
- Advice vendors and staff in Cyber Security topics
- Review and verify Contractors / Suppliers design and deliveries
- Participate in FAT, SAT and Commissioning
OT/ICS Solution Architect
- Design of Network
- Design of Data flow
- Design zones and conduits
- Design of Software solution (not the applications)
Config and installations
- Network
- Firewall
- Datacentre
- Monitoring
- Remote access