Control System Cyber Security Audits
Ensure the cyber safety of your ICS with a cyber security audit
Over the last year, the number of Industrial Control System (ICS) cyber security vulnerabilities has increased by 29% according to a study by Symantec.
To ensure your ICS is protected from the ever changing cyber threat landscape a ICS cyber security assessment should be carried out across a business’ assets, network and data flows to determine how safe a system is and where the vulnerabilities lie.
CS Risk Management has nearly two decades experience of auditing and assessing companies’ ICS to recognised standards, such as ISO27001:2013, ISA/IEC 62443 and HMG IA Standard Numbers 1 and 2 to assess the ICS Cyber Security in place. Speak to our expert team today to find out more.
How ICS Cyber Security Audits Can Benefit Your Company
A Cyber Security Audit of your Industrial Control Systems (ICS) conducted by one of our Cyber Security Consultants will provide a clear picture of where any weaknesses may be within your ICS Cyber Security measures. Our audits can be conducted to comply with legislation from the HSE, NIS Directive, Industry specific legislation or as a best practice initiative. Once complete, we will be able to make recommendations and provide advice on how to rectify the weakness.
Our Approach To ICS Security Assessments
Our approach to conducting a Cyber Security Audit is to initially identify the threats to the system(s) both of a physical and logical nature. We then conduct a vulnerability assessment using controls from industry recognised standards such as ISO27001:2013, ISA/IEC 62443 and HMG IA Standard Numbers 1 and 2 to assess the ICS Cyber Security in place. From this the Cyber Security Consultant can produce a report defining the vulnerabilities, the impact if the vulnerability was exploited and the priority for remediation.
A Control System Security Assessment from CS Risk Management involves three stages:
Design of Assessment Process
With changes in legislation and more inter-connectivity of control systems, the importance of assessing the risk of an ICS cyber security attack occurring and the impact of the attack is becoming increasingly important. Designing an effective Industrial control system (ICS) cyber security risk assessment process will mean that a completed vulnerability assessment will define the level of risk present in relation to your company’s risk appetite.
Design Review of System
Performing a vulnerability assessment of a new control system implementation at the design phase can save time and money. If a vulnerability assessment is performed by one of our cyber security consultants at the design phase the ICS cyber security vulnerabilities can be identified and resolved prior to system implementation making changes to the system easier and more cost effective.
A Cyber Security Audit of your Industrial Control Systems (ICS) conducted by one of our Cyber Security Consultants, whether conducted to comply with legislation such as from the HSE, NIS Directive, Industry specific legislation or as a best practice initiative, will provide a clear picture of where any weaknesses may be within your ICS Cyber Security measures and recommendations and advice on how to rectify the weakness.
Our Previous Experience of ICS Audits
Our Cyber Security Consultants have conducted over 100 reviews of Industrial Control Systems across the UK, both at design phase and during operation, and hold many industry recognised qualifications. Having worked in highly regulated industries, they are aware of the complexities of ensuring security of control systems whilst not preventing operations and can provide practical advice and guidance.