ARC View: Cyber Integrity Helps
Secure Industrial Control Systems
According to ARC Advisory Group, many industrial operations remain at risk of costly, disruptive cyber incidents. Despite significant investments in defensive technologies, most companies are not doing a good job of maintaining them due to an imbalance between investments in security technologies and the people, processes, and security management technologies needed to sustain them.
ARC analysts discussed the current state of industrial cybersecurity with PAS to understand how Cyber Integrity™ helps industrial companies overcome these obstacles. The solution’s capabilities support execution of critical tasks in the Secure Systems and Incident Management processes in ARC’s Industrial/OT Cybersecurity Maturity Model. This includes functionality for: developing and maintaining asset inventories; identifying, evaluating, and managing system vulnerabilities; detecting and managing unexpected system changes; and, analyzing and visualizing system security risks.
This “ARC view” outlines how Cyber Integrity improves the efficiency and effectiveness of people responsible for maintaining plant security.
Security Requires an Accurate, Comprehensive Asset Inventory
Lack of a trustworthy, up-to-date asset inventory is a major problem in most plants, especially those with legacy systems. Manual efforts to address this situation often fail because of the costs and downtime requirements of plant walk downs. When walk downs are performed, unrecorded changes to hardware and software still erode information quality. Automation is the only answer for this critical activity.
Automation Enables Efficient Vulnerability Management
Plants need an effective vulnerability management program to achieve the security goals of the first three steps in ARC’s model. There is a continuous stream of vulnerability alerts for control system products and the security technology used to protect them. Promptly addressing these notices is essential to protect assets from cyber-attacks.
Automatic Detection of Sophisticated Attacks and Changes
While vulnerability management is essential, plants can still be at risk of safety, environmental and operational incidents related to cyber asset integrity. Sophisticated attackers can leverage other weaknesses like undocumented vulnerabilities (zero-days) and stolen credentials to overcome defenses. Staff members can also make configuration changes to OT assets that inadvertently create unsafe conditions. Rapid detection of these situations is essential to minimize the impact.
Cyber Integrity Risk Analytics Provides Critical Visibility
Identifying at-risk cyber assets, understanding their role in the process, and visualizing how risks can propagate is critically important for effective security defense maintenance and incident management.