Cyber Security in the Era of Industry 4.0 and Smart Manufacturing

The revolutionary Industry 4.0 initiative plays a significant role in shaping the smart manufacturing paradigm. This emerging paradigm supports and orchestrates smart factories by utilising the benefits of technologies such as Industrial Internet of Things (IIoT) which enables the interconnection of the cyber (also known as digital) and physical worlds. IIoT creates a smart network that autonomously connects shop floor Industrial Control Systems (ICS) in order to achieve a real-time communication. Thus, continuous alignment between physical and digital worlds is achieved. However, increasing the connectivity makes these ICS more exposed to cyber-attacks the consequences of which can compromise safety, productivity, profit and reputation of the targeted firms. Therefore, there is an urgent need to address the security of smart manufacturing systems.

New Manufacturing Architecture and New Threat Landscape

Manufacturing systems that adapt the Industry 4.0 vision and other similar initiatives follow a new manufacturing architecture, although this proposed architecture differs from the well-known Purdue Model. Unlike the Purdue Model, this new architecture aims to decentralise the ICS in order to create smart and connected machines. Therefore, the integration between the IT and OT via IIoT technologies is achieved throughout the production line.

Adoption of smart manufacturing technologies will enormously increase the attack vector and create a new threat landscape for the ICS environment. Hence, implementing a cyber security strategy at the early design stage can attain greater benefits and eliminate greater risks. Any strategy is required to consider people, processes and technology throughout the ICS lifecycle.

To design a secure ICS within smart factories, threat sources and threat actors need to be addressed and understood accordingly. Cyber-attacks can be launched from different sources through the network layers (IT and OT). However, there are common attacks that should be considered for smart manufacturing systems such as; Denial of Service (DoS) attacks, which aim to deny the availability of the OT assets. Man-in-the-middle attacks, where the adversary sits between the communicating industrial systems, aims to send false information to the operators or to the communicating ICS. Eavesdropping attacks that aim to gain information by passively monitoring the traffic for unsecured industrial protocols. Replay attacks, where an adversary replays false information from a legitimate traffic to the operator. Spoofing attacks that gain access to credentials. Zero day attacks by exploiting unknown vulnerabilities. Ransomware attacks that aim to prevent the accessibility of OT assets and Physical attacks, where the adversary gains physical access and is able to manipulate the OT assets directly.

The Approach

In order to address all of these challenges and the risks associated with Industry 4.0/IIoT technologies, a new strategy and approach for cyber security needs to be considered. This approach has to address the entire lifecycle of the production system, and all involved stakeholders. The cyber security approach for smart manufacturing can be developed in three main phases: Assessment, Implementation and Management. Assessment of plant threats and vulnerabilities by identifying all assets, networks, processes and people. Map them to business processes, conduct a comprehensive risk assessment, and then develop the countermeasures for all identified risks. Implementation of these countermeasures based on the business goals and risk priorities is the second phase of the approach. Finally, Management is required to monitor and update all security measures, and to detect and respond to any new threat or vulnerability.

However, applying this approach on a smart factory is not a simple task. Therefore, Regency IT Consulting has developed a consultancy tool called icsModel to help carry out this task in a systematic manner. Our icsModel consultancy tool simulates the target factory in a graphical representation (BPMN diagram) by modelling the factory’s technologies, processes, and people. The model then simulates all risks that are associated with plant components such as assets, networks, policies, etc. Lastly, the icsModel automatically runs and investigates different scenarios in order to identify the critical assets (or critical paths), prioritise the implementation of the countermeasures and manage these risks. Using the icsModel tool, customers can get the benefit of;

  • Asset Inventory and analysis
  • Vulnerability management
  • Countermeasures implementation roadmap
  • Risk management

To conclude, manufacturing systems in the era of Industry 4.0 are exposed to new risks. Factories are assumed to be temporarily safe due to the lack of experience for the adversaries in this domain. However, this state will not remain for long and manufacturing firms have to consider a long-term deployment for a cyber security programme to protect their manufacturing systems from any potential cyber-attack.

If you have any questions on smart manufacturing cyber security governance or would like to explore how Regency / Airbus CyberSecurity can help your organisation, please contact us on our office number 01242 225699 or email us at enquiries@regencyitc.co.uk

Artificial Intelligence Replacing Human Jobs

The challenges of AI in the public sector

Artificial Intelligence (AI) is a growing topic of interest within the public sector. Government entities are showing increasing interest in using the capabilities that AI brings, to improve efficiency and deliver policy in volatile environments. At the forefront of these reforms are the healthcare sector and law enforcement organisations where the intention of enhancing operational speed and reducing cases of human error are vital. Despite this, collaboration between public, private and non-profit entities can bring complexities in AI delivery as opposing values and management strategies overlap.

Healthcare

The NHS is primarily interested in digital technologies to empower patients to actively participate in their own care. Its strategy emphasizes three key areas to direct its incorporation:
• Utilizing new tools to interpret patient data and deliver personalised self-management and self-care treatment strategies;
• The adoption of technology which gives more time for care and enhances the patient-clinician relationship;
• Treatment based on robust research evidence which aligns purpose with an ethical governance framework that patients, public and staff can trust.

An organisation may face significant barriers in AI adoption. Dedicated resources are required in order to develop machine-learning tools and train the workforce in their use. Possibly one of the biggest concerns affecting AI implementation is the protection of sensitive health data. Bespoke applications will be needed to handle complex patient data, alongside approval mechanisms to properly authorise its use by other healthcare providers, patients and regulators.

Confidence in this matter has already been shaken last year after the NHS experienced a data breach involving the medical data of 150,000 patients. The software developer TPP was blamed for a coding error found within its SystmOne application¹.  Whilst a national data opt-out programme was introduced to stop all patient data being used in research, these instances have had a detrimental effect on patient trust. The NHS must prioritise addressing patient confidence with AI to ensure a positive transition for machine-learning tools through the adoption of data handling and security principles.

Another issue is the impact that AI-driven diagnostic and treatment software has on doctor and patient relationships. Growing reliance on systems with a greater degree of direct-to-patient advice has led to fears that public trust in clinician advice may be diminishing. It has raised the question whether practitioners should inform patients on the technical design behind these applications. Without clarity over how treatment recommendations are made, patients are left to interpret automated results without the benefits of a consultation. Combined, these factors could pose ethical challenges over the accuracy of AI that leaves patients less confident on their appropriate treatment options.

Law Enforcement

AI has also had an influence on law enforcement as predictive policing continues to develop its processes².  The term originated from California’s police chief William Bratton who is a strong advocate of data-driven policing³.  Analytical tools have been applied to these institutions to forecast when and where crimes will take place in an attempt to optimize scarce resources. These include strategies such as:
• Predictive crime mapping to target efforts based on crime type, location, expected date and time;
• Forecasted risk assessments to identify priority individuals at risk of reoffending or engaging in serious crime.

Concerns have been raised over the use of algorithms for criminal justice purposes as there is potential for untended or indirect consequences to occur. An example is the stratification of data such as age, race, postcode or socio-economic groups which has led to cases of discrimination. Analysis of over 7000 arrestees by the investigative journalists ProPublica argued that there was a systematic bias against black defendants in an offender management algorithmic risk score tool. This can be caused by algorithms that use data sets which may have either been incorrectly recorded or influenced by its owner’s cultural bias. Avoiding these inaccuracies requires a framework to be established that outlines data gathering and verification policies.

Insufficient data may lead to discrimination as prediction accuracy is only as strong as the amount of data available. Larger data sets are available for the most commonly recorded crimes such as theft and violence making more accurate forecasting. Concealed offences such as sexual assault, fraud and cybercrime are more difficult to predict as the data collection process is far more complex and resource intensive. This poses a challenge for predicting policing tools as algorithms will have to make decisions based on a smaller range of data over when underrepresented crimes are likely to occur.

Furthermore, establishing accountability is another problem as there is uncertainty over who is responsible for algorithms when mistakes are made. False predictions can cause several legal challenges for law enforcement where individuals can be wrongly detained and accused. Whilst officers may take actions based on the guidance of analytical tools, misconfiguration or faults can be seen as the responsibility of designers, manufacturers and operators. The original developer of an algorithmic tool may not be involved with the subsequent implementation which can leave the installation to those with only limited exposure. Organisations need to establish a policy framework that defines the responsibilities and procedures to be followed when faults are discovered in AI tools.

Our Recommendation

Regency recommends that organisations should consider incorporating policies and procedures on the handling of data associated with the use of AI tools. We can provide consultancy support to help your organisation establish:
• Security and data handling principles to preserve information continuity;
• Data verification and collection practises to reduce occurrence of bias and inaccuracies;
• An organisational framework to outline individual responsibilities and points of contact.

For more information please contact enquiries@regencyitc.co.uk

References:
¹ BBC, NHS data breach affects 150,000 patients in England, 2 July 2018. 
² Andrew G. Ferguson, ‘Policing Predictive Policing’, Washington University Law Review, 94, no.5, 2017.
³ Janet Chan and Lyria Bennet Moses, ‘Can “Big Data” Analytics Predict Policing Practice?’, in Stacey Hannem, Carrie B. Sanders, Christopher J. Schneider, Aaron Doyle and Tony Christensen (eds), Security and Risk Technologies in Criminal Justice: Critical Perspectives (Toronto: Canadian Scholars, 2019).

Nine consecutive years – Regency maintains ISO 27001 certification

We’re pleased to announce that our 2019 ISO/IEC 27001:2013 Surveillance Audit was, again, a resounding success. It was another example of a zero-nonconformity audit and the result is testament to excellent business balanced with first class information security throughout the company. This was our ninth consecutive successful audit by the Kitemark service quality trademarked British Standards Institution (BSI), a UKAS-accredited certification body.

For more than 13 years, it’s been Regency’s business to advise and help our customers in achieving certifications/accreditations against Information Security and Assurance Standards in both public and private sectors, and as such we see it as imperative that we act in a manner that echoes our advice.

The last few months in the Regency calendar have been very busy with the move from our offices in Cheltenham, to take up our new residence on site with our parent company Airbus in Newport. The move has tested our change and project management, our business resilience and our formal arrangements with suppliers. Our physical and environmental security has been transformed, and so it has been a timely opportunity to review our information security posture more generally. With the move complete, we were ready and eager to undergo the surveillance audit which examined our entire scope. Although we anticipated a positive result we welcome the independent assurance given by the external auditor.

GDPR (the European General Data Protection Regulation), closely tied with the UK Data Protection Act 2018, was in focus in this year’s audit (ISO 27001 requires the organisation to comply with all relevant legislative requirements), but as an information security consultancy we’ve taken additional steps to validate our knowledge by qualifying our ISO 27001 Lead Auditors as certified GDPR practitioners. Their knowledge has been and will continue to be indispensable for our own data protection compliance requirements and for our continued ISO 27001 certification.

For our Customers:

ISO/IEC 27001:2013
We can help you to unravel ISO 27001. If you’d like to embark on a brand-new ISO 27001 certification journey – we’ve done this ourselves, and we’ve done it for clients – we can help you too. Perhaps you already hold certification but you’re about to undergo organisational change – we can help you to prepare, perhaps project manage the change, but ultimately ensure that your ISO 27001 requirements are stabilised before, throughout and after the change. Perhaps, as an organisation, you just dread annual audits as you know certification continuation is far from guaranteed – in this position you need a friendly consultant with a fresh pair of eyes and audit experience to provide expert but pragmatic steerage.

GDPR & DPA 2018
The same applies for compliance with GDPR and DPA 2018. We know that many organisations see GDPR, in its current and largely untested state, as a minefield. With the exception of fines for not paying the data protection fee, there have been no civil monetary penalties in the UK against DPA 2018 / GDPR since its introduction in May 2018. Penalties awarded since May 2018 have been in relation to legacy DPA 1998 investigations only. However, we are led to believe that we will start to see the first DPA 2018 / GDPR penalties very soon. We know that CEOs throughout Europe are scanning their GDPR supervisory authority newsletters to learn of the latest penalties, to find out how organisations in similar sectors may be infringing and to what extent they are being fined. We can help you to comply, or simply give you assurance through audit that you are complying, ultimately taking the confusion and worry out of the GDPR minefield.

If you would like to explore how Regency can help your organisation, please contact us on our office number 01242 225699 or email enquiries@regencyitc.co.uk

Who is really responsible for the Information Security Management System (ISMS)?

A Common Problem

We often find organisations where the Information Security team believe the next external audit could mean the demise of the ISMS. They know that the necessary stipulations have not been fulfilled during the last 12 months or longer. They also know that this is likely to be due to disjointedness within the organisation, and ultimately, a lack of clear leadership. They have struggled to persuade colleagues to comply with the requirements of the ISMS. They see the Certifying Authority threat of discontinued ISO certification from the as the only way to change attitudes, especially at the top of the organisation.

The International Organization for Standardization (ISO) suggests that in some businesses “leadership from the business owner” ¹  is required. However, this is slightly confused in vocabulary standards such as ISO 9000 and ISO/IEC 27000, where the following language is used: “If the scope of the management system covers only part of an organization, then top management refers to those who direct and control that part of the organization” . ²

Many organisations prefer to start on the ISMS journey by limiting the scope to the organisation’s Information Technology / Information Management. Taking such a literal approach from the guidance, however, can lead to a scenario where business owners (CEOs / MDs) believe they are absolved of their responsibility for the ISMS as they come to believe the management system is in safe hands under IT/IM management.

There is a simple test in this scenario to establish if the ISMS is in the right hands. Imagine the IT Director approves a technical process that involves taking down operational systems during normal business hours. If there is somebody else in the organisation who can overrule the IT Director and prevent the process from taking place, then the ISMS is in the wrong hands.

This scenario is likely to lead to further undesirable consequences:

  • The IT Director’s information security leadership will be brought into question and may even be considered weak;
  • The external auditor will record their concerns around leadership as part of the audit, and will likely instigate further investigations;
  • Any negligence in the area of leadership would normally be reported as a Major Non-conformity as it represents a major stipulation within the Standard.

A Better Approach

We recommend establishing board-level ‘accountability’ for the ISMS. ‘Responsibility’ for its management may be delegated, but accountability must rest with those at the top of the organisation.

Most ISO management systems (certainly all those which follow Annex SL; 9001, 14001 and 27001) have a stipulation for Management Reviews. We recommend that Management Review meetings are held regularly (e.g. twice a year) and include board-level representation. They will be in the best position to report on any changes in external and internal strategic matters that could be relevant to the ISMS. They will need to be made aware of, and perhaps could report in to the meeting any feedback on, the organisation’s information security performance. They will need to be informed of information security nonconformities and the results from monitoring, measurement and audit activities. They may know why the nonconformities have come about, or they may be in the best position to propose the most effective corrective actions.

Policy for the ISMS needs to be written (signed off) by the head of the business in full knowledge of the requirements of the business, but with observance of all information security risks and mitigation options. The CEO/MD will be forgiven for not being the most IT-aware member of the business, but this doesn’t mean they cannot be counselled, where necessary, by the organisation’s IT experts. Contrary to popular belief the ISMS is not all about IT, it’s about leadership with an information security flavour.

In conclusion, the ISMS should be overseen by organisational leadership who know the organisation’s strategy, are aware (or can be made aware by their experts) of the ever-changing risks to the ISMS and the risk mitigation options, and should be the ones setting policy, based on the strategy, in balance of those risks.

How Regency Can Help

Regency ISO/IEC 27001 Lead Auditor consultants have a long track record in helping customers meet and maintain ISO/IEC 27001 requirements both in the UK and abroad. From initial assessment, through designing a pragmatic and effective ISMS, to audit support and ISMS maintenance, we provide a low-risk approach to achieving and maintaining ISO/IEC 27001 certification.

We won’t leave you with a library of standard templates that need experts to decipher. We will be with you every step of the way, including during your Certification Audit, confirming our support meets with the expectations of the Certifying Authority. We’ll be there to get you over the initial line but will be on hand for guidance, if you need us, in the months and years to follow as your ISMS matures.

If you would like to explore how Regency can help your organisation, please contact us on our office number 01242 225699 or email enquiries@regencyitc.co.uk

¹ Source: https://www.iso.org/management-system-standards.html
² Source: ISO/IEC 27000:2018

Regency helps the Wanderers Keep Warm this Winter

Regency are delighted to have been asked to provide support to the FC Highnam Youth Football Club U8 Boys (aka “The Wanderers”). One of our very own Regency consultants, Stephen Bottomley, not only coaches the team but also helps out as goal-erector, lace-tier, sub-rotator and (most importantly) is Dad to one of the players. A few months ago, Stephen presented this rather sad photo to the Regency Management Team, showing the boys looking wet and obviously freezing after one of their games last October…

BEFORE

… so we decided to buy them something to keep warm and dry for the harsher winter weather.

AFTER

Happily “The Wanderers” are having a successful 2018-19 season in both the Severn Valley Youth Football League and U8 Challenge Cup, with the boys growing in confidence, improving as individual players, and as a team throughout their first season together.  We wish the team all the very best for the remainder of the season, and for their footballing futures.

Cyber Security Consultant

Regency has a numbr of exciting opportunities for experienced Cyber Security Consultants to join our growing team.

The role involves:

  • Providing customer-facing Cyber security advice and guidance potentially across multiple client assignments simultaneously;
  • Working within multi-disciplinary teams against tight deadlines;
  • Delivering both tactical and strategic solutions focused around customer priorities;
  • Supporting the customer’s overall information risk management function to ensure they have a comprehensive understanding of their risk landscape;
  • Producing detailed risk assessments to the customer’s identified area of focus;
  • Producing risk management/accreditation artefacts across the full risk management lifecycle;
  • Developing innovative and novel approaches to mitigate risks in technically complex business areas;
  • Devising and recommending options for cost-effective security controls;
  • Conducting security compliance assessments against recognised best practice and industry standards as appropriate to the organisation;
  • Developing and implementing new security policies to address any deficiencies identified.

The Individual

  • You will be an experienced Cyber Security consultant comfortable with delivering into a variety of different, public and private sector client settings;
  • You will be a self-starter capable of taking a proactive approach to understanding customer requirements and responding by providing effective inputs that add tangible value to the customer’s business;
  • You will recognise that there can be many contributory factors to cyber security/information risk that require you to be aware of the wider technical, physical, and procedural context;
  • You will be an advocate for positive change and able to help the customer appreciate the benefits of challenging the status quo;
  • You will be able to tailor your delivery approach as appropriate to the requirements of the assignment, whether the work is within an established security/assurance team or working independently;
  • You will be capable of producing high quality deliverables to tight timescales;
  • You will be an excellent communicator, able to translate between business and technical requirements, and interpret these requirements back into relevant and insightful security advice at all levels of the organisation;
  • You will be expected to actively participate in all aspects of the business development lifecycle and support ongoing customer relationship management.

 Essential

  • A minimum of three years consulting experience providing Cyber security advice, audits and guidance;
  • Experience of working within a recognised Information Security governance framework (HMG SPF, ISO-27001 or similar);
  • At least one of the following recognised IT Security certifications. (CISSP, CISM, CISA, ISO 27001) with demonstrable experience;
  • At least one of the following recognised Risk Assessment or Risk Management certifications or training. (HMG IS1&2, CRISC, COBIT, ISO27005, Octave) with demonstrable experience;
  • Experience of producing comprehensive information risk assessments;
  • Hold a Full UK Driving Licence;
  • Current HMG security clearance (or ability to obtain).

Desirable

  • NCSC CCP certification in one of the following. (Accreditor, IA Architect, IA Auditor, ISSO, SIRA);
  • Membership of a recognised Information Security professional body (e.g. IISP, BCS);
  • Demonstrable knowledge of data privacy legislation (e.g. DPA, GDPR);
  • Experience of using recognised project management methodologies;
  • Experience with using enterprise architecture modelling approaches such as ArchiMate;
  • Military/MoD experience within the Air, Land or Joint domains (preferably with a cyber security dimension).

Remuneration

  • Salary and package will be highly competitive commensurate with experience and qualifications.

If interested, please email your CV and a covering letter to recruitment@regencyitc.co.uk

Incident Response Planning

“Plan to Fail, don’t Fail to Plan”

It might be a difficult message for some in our industry to hear, but the reality is that at some point there will likely be a security incident in your OT system. Whether it is some forgotten about remote connection for maintenance that was never properly secured, or an inadvertent (or malicious) operator action that causes an event, the key to whether it brings your process down or is managed and contained in an orderly way will be down to your Incident Response Plan (IRP).

Whilst most businesses will have a response and recovery plan for their IT infrastructure, it does not necessarily follow that this plan can also be utilised in an OT context. There are key differences in the requirements and operation of Industrial Control systems that mean having a dedicated OT IRP will pay dividends when things go wrong.

For example, the loss of a part of your Industrial Control System (ICS) could mean the plant or process will stop, so you will need to ensure that Control Systems engineers and technicians should be on the key contacts list, rather than just IT focussed staff. Also, recovery from an incident can be more difficult because often ICS are within validated systems, so there needs to be some process to manage & revalidate the workstations and databases servers which have been reimaged from backups, before operations can start. Not to mention that Distributed Control Systems (DCS) and Programmable Logic Controllers (PLCs) can’t be reimaged in the same way that PCs can.

Another point to note is that if you have an incident, but the systems are still operational, then one can’t simply remove and replace the affected items. Availability is crucial in ICS, so managing the running process is just as much of a concern as managing the security incident.

What are the key considerations you should be looking for when designing your OT IRP?

First, there are lots of good sources of information to help you to get started. Government agencies are typically a good place to start. The US ICS-CERT has published a document with recommended practices (https://ics-cert.us-cert.gov/Abstract-ICS-Cyber-Incident-Response-Plan-RP ).

In the UK, the new NIS Directive has a clear objective (D1. Response and Recovery Planning) to ensure that Operators of Essential Services have put some thought into their Incident Response Planning. The NCSC CAF (https://www.ncsc.gov.uk/guidance/caf-objective-d) has a list of Indicators of Good Practice (IGP) for response and recovery. These recommendations are useful not only for the operators who will be directly affected by the NIS regulation, but are also good advice for any company with ICS looking to develop and mature their own incident response plan.

Key areas to look at:

Planning – Plan the IRP, brief everybody who has a role, and make sure that the plan is tested in a table-top exercise or some other simulated scenario. Understand the most critical areas of your system, so a graded response can be enacted depending on the location of the incident.

Communications – how will you co-ordinate with team members in the event of an incident? If your internal network is unavailable due to the incident, then an alternative to email will be required, such as text messaging, WhatsApp etc. Make sure you have an up to date record of everyone’s phone numbers and other contact details.

One important area to consider as part of the IRP is the collection/storage of the system forensics to allow full analysis of the security event to take place, to understand how it happened which will enable the correct mitigations to be put in place to prevent future occurrence. Dedicated ICS tools are available that can detect these incidents and store all the system logs. Such tools can also push the information into a Security Incident and Event Management (SIEM) system which could be part of a dedicated OT Security Operations Centre (SOC), or a shared Enterprise SOC. (There are lots of additional questions on this topic: whether to go for a combined IT/OT SOC, or dedicated for OT; whether to go in-house or to a manged SOC service provider, etc etc. These will be the focus of a future blog post).

Sharing information within the community – you may be able to find answers to your problems, plus you can warn similar organisations of the incidents you are experiencing, the indicators of compromise etc, to help the community become more robust. In the UK, forums such as the CiSP (https://www.ncsc.gov.uk/cisp) are invaluable for this type of information sharing.

If you have any questions on Incident Response Planning or would like to explore how Regency / Airbus CyberSecurity can help your organisation, please contact us on our office number 01242 225699 or email us at enquiries@regencyitc.co.uk

By Ben Worthy (Security Consultant – OT Cyber Consulting Team)

Cyber Security Monitoring Solutions for Industrial Control Systems

How to Select the Correct Cyber Security Monitoring Tool for Your Organisation

Critical National Infrastructure (CNI) typically relies on Industrial Control Systems (ICS) to provide the core operational function that our society relies upon. Previously, these control systems were isolated and run on special hardware and software, where cyber security was not considered in the design. In time these systems have become more complex, more connected, and use a high level of communication: this can increase their vulnerability and increase the likelihood they become a target for cyber-attacks. A typical industrial control system consists of Programmable Logic Controllers (PLC), Supervisory Control and Data Acquisition (SCADA) systems, Distributed Control Systems (DCS) as well as IT assets such as Windows computers, Historian Databases, printers, etc. ICS are connected via different industrial protocols which were initially designed to achieve the communication task without considering the cyber security requirements.

In recent years, many cyber-attacks have targeted industrial sectors and critical infrastructure such as Stuxnet, BlackEnergy, Industroyer, and TRITON. The result of these attacks led to major impacts on safety, availability, operation, the organisations reputation and ultimately a financial impact. Thus, there is a pressing need to monitor and secure these critical infrastructures.

Many tools (or solutions) are available in the market to monitor the cyber security posture of ICS/OT infrastructure, where alerts are triggered in case of any threat or vulnerability detected. These tools are connected to the OT network using either hardware appliances (such as network sensors), or software agents in order to monitor all network traffic. This enables the tool to detect the anomalous activities and, in some cases, block the traffic to prevent a cyber-attack. However, selecting a suitable solution that meets all requirements for each specific industrial application is a very challenging task due to the wide variety of features and supplier vendors. Also, the way these features can be deployed at customer site to gain the full visibility and resiliency of all critical and non-critical assets requires specialist knowledge and experience.

Many criteria should be considered when selecting a cyber security monitoring tool. Noting that this blog focuses on the technical criteria only, these criteria are:

  • Asset and network discovery,
  • Real time network activity monitoring and threat detection,
  • Vulnerability management,
  • Alerting system, and
  • Tool interoperability.

The selected tool needs to be able to discover all OT assets and inventory passively without affecting the operation of the ICS; identify the network topology and extract the asset artefacts such as: model, part number or serial number, firmware version, OS version, IP or MAC address, open ports, and installed software. Furthermore, some tools can also model or arrange these assets to zones or layers which reflect the actual network architecture.

Additionally, the selected tools should have the capability to monitor and detect all threats and suspicious activities using detection techniques such as signature-based detection, statistical anomaly-based detection, protocol deep packet inspection detection, and operational risk detection. The tool also needs to detect all vulnerabilities for each asset, prioritize these vulnerabilities using a scoring system, alert the operator and provide a remediation recommendation. It should then be able to generate a report for all security measures and provide different Key Performance Indicators (KPIs) tailored to suit different stakeholders’ requirements. Finally, the tool needs to provide connectivity with other tools such as SIEM, backup server, Historian server, SCADA and other third-party service tools.

Regency IT Consulting can provide targeted research to customers in order to support them in selecting the most appropriate cyber security monitoring tool for their environment. Different tools can be recommended according to the industrial application requirements in energy, oil & gas, water and waste water, manufacturing, transportation, nuclear and other critical infrastructure. Regency’s methodology for selecting cyber security monitoring solution follows four phases:

  • Define end customer site requirements,
  • Perform market research and identify all tools (solutions) that fit customer requirements,
  • Conduct evaluation for each identified solution based on research, vendor meetings and test bed deployments.
  • Report the findings and propose recommendations based on the outcome of the study.

In summary, cyber security monitoring tools are recommended to be used to enhance the cyber security posture for CNI, the correct selection and implementation of these solutions can minimise the downtime and increase the overall cyber security resiliency of industrial plants. However, selecting the correct solution and tool is a crucial step to achieve these targets, and ensures the ICS system availability, integrity and confidentiality.

For more information on how Regency can help your organisation, please contact enquiries@regencyitc.co.uk

Regency IT Consulting Continues its Sponsorship of Royal Signals Course

Regency IT Consulting has sponsored the Royal Signals,’ Foreman of Signals (Information Systems), course since approximately 2010. Continue reading “Regency IT Consulting Continues its Sponsorship of Royal Signals Course”

Protecting Modern Manufacturing from Modern Cyber Risks

The whole concept of Industry 4.0 is one of  “super-connected plants” with product and service on demand and instant access to real time data. The principle it embodies include the creation of interoperable manufacturing environments, integrated sales and delivery data sets, real time plant management data and remote and autonomous service and maintenance management. It is the embodiment of the future that was imagined in the science fiction of the seventies and eighties.

However with this all connected, autonomous and self managed industry environment come a set of risks and threats and the potential for system breakdown that the same science fictional world relied on for its story lines. Continue reading “Protecting Modern Manufacturing from Modern Cyber Risks”

Developing the cyber security profession – have your say!

Whilst wading through all the social media items that I had marked as interesting and should read futher, I came across this blog article from the NCSC describing some of hte work being performed by DCMS and NCSC around the future of the cyber security profession and requesting comments on the proposal.

https://www.ncsc.gov.uk/blog-post/developing-cyber-security-profession-have-your-say

The blog article goes on to explain that there are plans to create a Cyber Security Council and to  integrate and harmonise the existing schemes (including CyBOK, NCSC and CCP) and asks for your thoughts (which can be submitted as an individual or company) which need to be submitted by 31 August 2018.

The public consultation document can be found at https://www.gov.uk/government/consultations/developing-the-uk-cyber-security-profession and thoughts can be submitted via https://dcms.eu.qualtrics.com/jfe/form/SV_5uxqglvphWTsYUl

Please note that Regency does not take any responsibility for the content of any of the links contained within this article.  The links have been directly copied from the NCSC blog article.