CyberSecurity Parts 2 & 3

CyberSecurity Part 1 = Intrusion Detection

CyberSecurity Part 2 = Damage Assessment

CyberSecurity Part 3 = Recovery & Restoration

When you mention CyberSecurity to others in the industry today, everyone immediately thinks about what I call CyberSecurity Part 1: Intrusion Detection.

First, let’s agree that everyone knows that process control systems are vulnerable – having been designed for performance in real-time, their biggest protection until recently has been their use of proprietary operating systems and vendor-specific command languages. As a hacker, you really needed to know the specifics of a control system in order to attack it.

These days, though, the major vendors have almost all moved to use PC- and Windows-based operating systems as their platform of choice. Suddenly, the hackers know as much or more than the vendor experts about the underlying structures and the tables are turned.

Government organizations – like the United States Computer Emergency Readiness Team – and others all pretty much agree that CyberSecurity is a big issue for the safe and continued operation of the world’s process and manufacturing facilities.

 

But they all only focus on CyberSecurity Part 1: Intrusion Detection – check out  www.us-cert.gov/control_systems/cstraining.html to see what I mean.

At PAS, we’re focused on CyberSecurity Parts 2 & 3, because we believe that it is NOT ENOUGH to know that you’ve been attacked by a hacker, but to also know what changed and how to recover.

The PAS Integrity software is the world’s premier and only solution addressing the Damage Assessment and Recovery & Restoration aspects of a CyberAttack.

Without Integrity, users are left to manually search across the various automation assets to figure out what changed and from what backup (if any exists) to restore the configuration. 

That type of manual find-and-restore operation is time-consuming and labor-intensive – meaning it may cost unnecessary days or hours of plant down-time while you search system records. Even then, it only works for simple one-time hackers who crack in, break something and leave.

But manual find-and-restore operations are almost completely ineffective for the more sophisticated hacker.

The advanced hacker may break into your systems multiple times over a longer period of time to lay his seeds of destruction.  While this sounds too-sophisticated-to-be-true, stop and think about how disgruntled employees might set about to do their damage. 

A simple restore from the last backup is insufficient to discover what changed or how to restore it.

And here is where the Integrity software from PAS shines – tracking all changes across all automation assets over time by any source – user or intruder.  Damage Assessment is just a web report away.

Add to this the long-term historical configuration record of every automation asset in the plant, and now you have the basis for a complete and correct Recovery and Restoration effort.

If you haven’t yet put a CyberSecurity policy in place, now is the time to do that.

But don’t stop at Intrusion Detection or your only report to plant management will be that you caught and stopped the attack.

And when asked about how widespread the attack was, over what period of time it took place, what was affected and how you plan to restore normal operations….

well, let’s just say that you’d rather not be in that position.

Integrity. 

Because your plant and your company need it.

Your next step:  attend a new or recorded webinar and learn more to protect your plant, your career and maybe even your life!

© Copyright PAS 2006.  No part of this blog is to be copied in full or in part without the express written permission of PAS; but references and web links are more than OK!