SCADA

Secureitlab uses and follows internationally formulated and accepted standard of CPNI to conduct a SCADA security assessment. CPNI's recommendations for process control and SCADA security are essentially contained within the below eight good practice.

Understand the Business Risk

Only with a good knowledge of the business risk can an organisation make informed decisions on appropriate levels of security and required improvements to working practices. Processes must be established to continuously reassess business risk in the light of ever changing threats.

Implement Secure Architecture

Based on the assessment of the business risk, organisations should select and implement technical, procedural and management protection measures to increase the security of process control systems.

Establish Response Capabilities

Implementing security mechanisms across process control systems is not a one off exercise. Threats to the security and operation of process control systems develop and evolve over time and organisations should therefore undertake continuous assessment of process control system security.

Improve Awareness and Skills

A holistic approach to security includes technical, procedural and social appreciation – the success of any technical or procedural security protection measure is ultimately dependent upon the human component. Employees are both the most important resource and the biggest threat to security.

Manage Third Party Risk

The security of an organisation's process control systems can be put at significant risk by third parties, for example, vendors, support organisation and other links in the supply chain, and therefore warrant considerable attention.

Establish Ongoing Governance

Formal governance for the management of process control systems security will ensure that a consistent and appropriate approach is followed throughout the organisation. Without such governance the protection of the process control systems can be ad-hoc or insufficient, and expose the organisation to additional risks.

Customer Benefits

Customer can benefit from regular assessments.

Denial of service attacks
Unauthorized control of the process
Loss of integrity
Loss of confidentiality