Network & Cyber Security

Network & Cyber Security

Modern networks generate data that describe current and change of status within a device. Un-configured this data remains hidden, simply logged away internally until over written. In the event of a network compromise whether intentional or not, this data holds the key to the source and extent of the compromise.

When the world changed

It is widely accepted that the world changed on September 11th 2001. Nation state threats, the convergence of enterprise and industrial network technologies on Ethernet and TCP/IP and the emergence and continued development of the Cyber Threat has led to new and potentially game changing challenges for automation systems and Engineers alike. Add in to the mix the fact that legacy ICS technology – PLCs/Controllers/ RTU has proved to be extremely reliable and these assets are being well and truly sweated! Nearly 20 years on, strategies are being developed at the highest levels of Government to assist industry in addressing these challenges. The recently formed National Cyber Security Centre (NCSC) provides excellent guidance on these matters one recent set of papers Security for Industrial Control Systems (SICS) is a must read for those given responsibility for finding solutions. At the plant level has that much really changed? Is the automation network now being treated as a critical fully managed OT utility or still the simple connectivity replacement for those legacy serial networks of the past?

OT =/= IT

Operational Technology (OT) aka SCADA differs from Information Technology (IT) in a variety of ways. OT systems are typically distributed with a fundamental reliance on the automation network for basic operation. The OT system will typically operate 24/7/365 and comprise a wide range of networked devices, many of which are ‘weak’ in terms of modern IT system standards. This can make them particularly vulnerable to mis-configuration, misuse of other cyber related challenges – a soft target! Furthermore traditional defences of Anti-Virus (AV) and Anti Malware may not be activated because of potential impact to the primary OT operation.

Cyber information overload

What will become apparent after the first few hours of research is there is so much that could and may need to be done; it will be deciding upon what should be done first, by who and when that needs to be defined. A challenge that seems too big at the outset needs to be broken up into smaller achievable objectives.

Time to partner?

IT4A can help OT managers responsible for network security focus on the activities that will bring the most significant return in a reasonable timeframe and budget. Starting with a network review, in cyber talk this would be a ‘blue team’ exercise. IT4A can identify the gaps between good practice and the installed system. With the key network design and security challenges documented, activities can be scheduled to fast track remediation of the high priority activities posing the greatest risk to the business. The information gathered during the network review will form the basis of the next steps towards any Cyber certification – Cyber Essentials through to ISO27001. Let IT4A help you secure and optimise your OT infrastructure.

GET IN TOUCH FOR ALL YOUR AUTOMATION NETWORKING, CYBER-SECURITY, & PROTECTIVE MONITORING REQUIREMENTS

24/7 System Monitoring

Networked assets and firewalls are monitored 24/7 for alerts and events; faults are fixed and issues of security managed.

Technical Support

The only constant is change, IT4A will support your business process and the networks that underpin them. we manage change without compromise.

System Maintenance

High availability networks benefit from regular maintenance to ensure they perform as well today as they were when installed.

crowdstrike - What happened?

The article on IT4Automation’s website details a catastrophic incident involving a faulty software update from CrowdStrike, affecting over 8.5 million devices worldwide. This malfunction caused system crashes and significant disruptions across various industries, including airlines, healthcare, finance, media, emergency services, and retail. The event highlights the crucial need for robust cybersecurity measures. IT4Automation emphasizes their commitment to protecting business operations with comprehensive solutions, rigorous testing, validation, and contingency planning to prevent such widespread issues.