Cyber Security

Protect Your Plant Floor

It is crucial for manufacturers to have procedures and systems in place that help identify, eliminate, and mitigate industrial cybersecurity and networking challenges. Maintaining these procedures and systems requires the development and execution of a cybersecurity strategy. Since developing a comprehensive cybersecurity strategy can be difficult, we offer a variety of cybersecurity solutions designed for new and existing manufacturing environments and cybersecurity services for projects at any stage of the project lifecycle. Below is a summary of our cybersecurity capabilities.

Posture Assessments

Prior to creating or modifying your cybersecurity strategy, we recommend performing a cyber posture assessment to determine the current state of your organization’s cybersecurity efforts. Our cyber posture assessment involves conducting a best practice review and hosting a collaborative workshop that focuses on the end goal of implementing the right standards and strategies to get your organization where you want it to be. The end goal of this posture review is to unify efforts and expectations across stakeholders within the organization.

Requirements Development

For organizations that have not yet adopted cybersecurity standards and standard operating procedures (SOPs), we can work side-by-side with key stakeholders to advise on proper requirements development and create or modify standards and procedures. We also can advise on how these standards will apply throughout the system lifecycle and affect RFQ, requirement, and test documentation to ensure implementation of secure systems.

Assessment

When an organization already has a defined set of cybersecurity standards in place, we can perform a cybersecurity assessment on the manufacturing systems and networks to identify areas with excessive or unrecognized risks. During this assessment, we compare the actual systems operating to the agreed-upon standards as well. Assessment deliverables typically include a report documenting the current state, existing gaps, and prioritized recommendations for mitigating risks.

Mitigation Plans

After assessing an organization’s current cybersecurity practices, we can develop and help implement a mitigation plan that uses a variety of controls to alleviate or eliminate discovered cybersecurity weaknesses.

Design Services

For existing systems, we can consult on current designs and provide modifications as needed. For new systems, we also can include the following cybersecurity design services as part of a bigger project:

  • Network architecture design
  • Firewall planning and utilization
  • SOPs and policies
Cyber Security Controls Implementation

We regularly implement a wide variety of cyber controls as stand-alone cyber projects or within an automation project including the following:

  • Network design documents and/or modifications including:
    • Network segmentation for a “zone and conduit” design
    • Firewalls, routers, and “data diodes”
    • Active Directory servers
  • Role-based access level implementations, including automatic logouts where appropriate
  • Password security improvements, including:
    • Removing default passwords
    • Developing password complexity guidelines
    • Creating password rotation policies
  • Defense-in-depth coverage of both application and operating systems (OSs), as well as OT-specific hardware
  • Blocklist and allowlist methodologies
  • OS upgrades and/or patching
  • SCADA, HMI, and other software upgrades to support the above items
  • Operational Controls including:
    • Creating and updating engineering documentation
    • Drafting or modifying SOPs
    • Training
Testing/Validating Implemented Controls

Based on an organization’s needs, we can carry out system testing following a new controls implementation or other system modifications or as part of functional testing of a new system. The different levels of system testing we can perform range from simple configuration verifications to document generation to using tools such as Wireshark and Nmap to validate that systems conform to specification.