Security architecture decisions are critical. A poor security architecture can make it difficult or impossible to secure your DCS or SCADA system and require continuing costly investment in security products and services. Digital Bond’s Industrial Control System (ICS) security architecture service focuses on defining technical security controls for the client’s control system LAN’s, WAN’s, servers, workstations and field devices that build upon the existing infrastructure, systems, and policies. The focus is on a consistent and appropriate level of security that can be deployed and maintained over time.
Digital Bond has three primary goals in the security architecture design:
- Prevention: keeping the adversary from reaching and compromising an ICS. Prevention applies to both internal and external threats, as well as networks, hosts and applications.
- Detection: recognizing specific instances of improper or unauthorized activities before extensive damage is done. Prompt detection allows the client to isolate an adversary, analyze the probable intent of the attack, and limit the damage when deployed in conjunction with a response.
- Response: initiating specific actions to isolate or prevent further unauthorized activity and to recover from whatever damage has occurred. Response includes the containment of the compromise, repair of the vulnerability, recovery, and evidence collection for pursuing the attacker.
Our network security architectural approach will address the key aspects of the ICS. These are likely to include:
- Network interfaces to the enterprise network and other non-ICS networks
- Remote access for system administrators, support vendors and others
- Underlying network components that form the transport infrastructure
- Redundancy and recovery
- Network and security management
- Security monitoring and attack detection
- User authentication and authorization management
- Secure your network, applications and information to the appropriate level
- Identify a clear plan to securing future control system needs
- Save money in security product and life cycle costs
Digital Bond will provide a security architecture document, technical and executive presentations, and a solutions matrix that will identify how the architecture provides the required protection for current and planned systems, applications and information.