Our critical computer-based process control systems used to be isolated, esoteric and largely invulnerable to cyber security threats. Those times are past. Such systems - and the more conventional IT systems which support them - are now the targets of attack, and changes in technology are increasing the risk of error and mishap.
For example: a component on a legacy control system fails. That model is no longer available and is replaced with a modern equivalent which also has wireless networking which you don't need. The unit is installed, its wireless capability isn't used but isn't disabled. And now your network has an open connection to the Internet.
Process control systems are the subject of attack, whether the operator is the intended target, or whether they suffer collateral damage because someone is attacking all systems of a particular type. And the old notion of being 'air-gapped' from the Internet does not provide insulation from cyber security threats - Iranian centrifuges and Stuxnet being a prime example.
The risks are obvious: most significantly, compromise of safety-critical systems, along with control system degradation affecting your production targets, your ability to deliver contracted products and services, and your reputation.
You do not have to deal with this on your own
Tools and techniques for assessing and managing risks to your control systems are available and are being continuously refined. Government, in the shape of the UK's National Cyber Security Centre and the Centre for the Protection of National Infrastructure, and the USA's National Institute of Standards and Technology (NIST) are aware of these issues and are actively pursuing them. International standards such as IEC 62443 are available and are being further developed.
Frazer-Nash can help you. Our cyber security specialists are trained in the protection of industrial control systems; they are experienced in managing the relationship between safety and cyber security in regulated industries, and they are supported by control system engineers with deep technical and industry knowledge and understanding.
We can help you identify your critical assets and points of vulnerability. We can identify your cyber-based business risks and present them in language which reflects your commercial priorities and regulatory obligations. We can help you draw up risk management and incident response and recovery plans which reflect the realities of your business and win the confidence of those who will be putting the plans into practice day by day. It's not just your legacy systems: we can help you with upgrade or renewal programmes, ensuring that cyber security is designed in from the start.
Your process control systems are essential to your commercial performance and reputation. Frazer-Nash can help you look after those systems and maintain their value to your business.
Want to know more about managing cyber security risk to your control systems, and how Frazer-Nash can add value to your operations?
Please contact Martin Concannon on 01925 404062, email firstname.lastname@example.org