A successful cyber attack on a plant’s Industrial Control Systems (ICS) can be catastrophic. It can impact the plant’s operations, finances, damage reputation and even threaten lives. A resilient cyber security programme is essential in order to mitigate against potential cyber attacks.
78 percent of security officials were expecting a successful attack on their ICS/ SCADA systems within the next two years*
To help ensure that your plant is fully prepared to defend against potential cyber attacks, we provide a range of ICS Cyber Security services, each customised for your plant’s unique requirements, based on the latest international cyber security standards and best practice. Pöyry is active in designing, assessing and supervising the implementation of ICS cyber security programmes to both operating and greenfield facilities.
- 1: Assessment (review)
- 2: Concept (foundation)
- 3: Programme (implementation)
- 4: Training (awareness)
- 5: Annual review (continuous)
- Design and Engineering (configuration management)
- Holistic approach
The first step in determining your current level of protection is a walk-through assessment of your facilities, along with interviews with your Operation Technology (OT) and IT managers. An Assessment Report with recommendations will be delivered and discussed in an evaluation meeting with the Plant Management.
Next, a concept is developed that is tailored to the realities of your organisation and the level of protection already achieved. In most cases the ICS cyber security will be the “final piece of jigsaw” and complement the existing Plant IT Security and Physical Security Concept.
A detailed flow chart for the ICS Cyber Security processes is then created by your Pöyry Cyber Security expert, along with the defined roles and responsibilities for the implementation.
Pöyry then acts as Project Manager and reviewer of the ICS Cyber Security procedures. As your OT and IT personnel are best placed to understand the business processes, and the network and automation architecture of your facility, they will write all necessary operating procedures together with Pöyry ICS Cyber Security specialists.
In order to build a resilient ICS cyber security into your plant, all relevant personnel will be trained by Pöyry Cyber Security experts.
In the event of a cyber attack or another type cyber incident, your personnel will have clear instructions on how to minimise the physical and economic damage to the plant and to initiate the recovery according to the Resiliency Plan, enabling the plant to promptly return back to production.
After the classification of Assets, creation of the ICS Cyber Security Concept & Programme, and Training the plant personnel, an extensive field audit may be considered in order to obtain intensive reports concerning the level of cyber security of your plant at a point in time.
We recommend that an annual ICS Cyber Security review should be done. Over time, new cyber security threats will continue to appear and find ways to exploit vulnerabilities of Industrial Control Systems. Therefore cyber security requires frequent reviews and updates of current threats, and a regular gap analysis is necessary in order to maintain a continued level of required security.
The first design phase starts with a structural assessment of your plant security systems architecture and configuration. A detailed study together with full, up-to-date documentation will be reviewed to discover potential cyber security vulnerabilities.
Together with Pöyry Experts, the target design is compared in detail with your current network architecture. Then a road map with technical details and execution time schedule are finalised.
The ICS active devices, firewall and cabling systems with detailed connections will be engineered to ensure a swift installation and commissioning. Your engineering package includes all the information required. If a gradual update strategy is chosen, then intermediate documentation will be delivered, and for a comprehensive upgrade, the complete final design will be provided. The complete documentation of your ICS network configuration and architecture will be kept up-to-date after each update in order to maintain grip of your robust ICS cyber security.
In addition to cyber security, the physical security of the facility and its surroundings also needs careful consideration. For existing facilities, a security audit covering all engineering disciplines provides an understanding of the current situation and identifies existing gaps.
It also allows the creation of a road map to fix any identified issues. Pöyry provides plant owners with risk based planning services for security. We specify the required emergency response from the plant processes and systems.
Your trusted ICS Cyber Security services partner
To help us support your specific needs, why not contact our ICS Cyber Security team now? Or download our free guide: "ICS cyber security key considerations: how prepared are you?" to test how well protected your plant is from cyber attack.
*Source: 2014 Ponemon Institute study, Critical Infrastructure: Security Preparedness and Maturity