Cyber Physical Systems Security

As Industry 4.0 expands, Security Risk Advisors (“SRA”) believes improving the security of Cyber Physical Systems (“CPS”) is paramount to digital success. Weaknesses in security posture and broader IT transformation initiatives have increased the need to protect Operational Technology, Internet of Things, Internet of Medical Things, Industrial Internet of Things and Robotics ecosystems by improving site and system security capabilities.

Join us at ManuSec USA!

ManuSec’s 8th annual Cyber Security for Manufacturing Summit will bring together IT & OT security leaders from across the American manufacturing industry. This is a unique opportunity to build partnerships with senior cyber security professionals from America’s FMCG, Food & Beverage, Machinery, Automotive, Aerospace, Chemical, Pharma & Transport industries, while participating in the discussions shaping the American cyber security landscape in 2023 and beyond.

Event Details: https://usa.manusecevent.com/

Date: October 3-4, 2023

SRA Presentation: OT/IT Convergence, Cybersecurity Sweet Spots

What matters the most to cybersecurity when you’re facing a planned or unplanned convergence of OT and IT? In this era of competing priorities, a few basic underlying cybersecurity truths still exist. Join this session to cut through the noise and understand the true ballast points of cybersecurity that will help you plan and act accordingly in a converged environment.

Reduce OT, IoT, IoMT, IIoT and Robotics Cybersecurity Risk

We work collaboratively with you to execute Cyber Physical Systems Security (“CPS Security”) security programs and initiatives using our industry experience, cross-vertical best practices and technical subject matter expertise.

Our CPS Security practice provides advisory expertise and operations support throughout your CPS security program. Our team of specialized practitioners brings industry leading strategy, assessment, enablement of trusted technology solutions and 24×7 MSSP capabilities.

Strategy & Framework

For organizations starting or expanding their Operational Technology or Internet of Things security journey, our industry experience and expertise helps you adopt security standards like ISA/IEC 62443 and NIST, establish your own organizational framework and create a long-term roadmap or path to programmatic enablement.

Key Focus Areas

  • Demystify global industry standards and regulatory requirements to create a consumable framework
  • Communicate cyber-physical systems security capabilities to the business and customers
  • Provide foundational requirements that enable continuous improvement and security risk reduction
  • Align CPS security maturity improvements to a tactical plan with roadmap of activities
  • Develop a business-based strategy for implementing or improving CPS security

 

Security Risk Assessment

A Security Risk Assessment identifies the capability and maturity of security controls at site and global levels. Our assessment methodology focuses on the people, process, and technology with recommendations for immediate security risk reduction efforts as well as long-term financial and resource planning for controls maturity.

Key Focus Areas

  • Site and global capability maturity level characterization of critical Cyber Physical Systems security controls that can prioritize strategies to reduce production downtime risk from cyberattacks
  • Decompose cyber-physical systems to application and component levels to identify logical and physical threats and in-place controls
  • Classify asset and environmental risks to identify critical systems impact on safety, operations, and intellectual property
  • Observations and remediation recommendations along with a prioritized roadmap

Site Assessments

Our OT site penetration testing is carefully planned and executed to safely uncover cyber physical system security threats and vulnerabilities. Our testing is executed by trained and experienced professionals using proven methodologies for OT, IoT and robotics-based environments.

Key Focus Areas

  • IT/OT convergence points​
  • Asset Inventory, including key attributes such as connectivity, location, and value​
  • Secure remote access​
  • Insecure configurations, such as default credentials and insecure protocols​
  • Identity and Access Management, such as excessive permissions​
  • Physical access to OT devices​
  • OT Wireless, including Wi-Fi and proprietary protocols​
  • OT-specific security tooling

Purple Teams

Our industry leading approach refined in Fortune 50 engagements tests expected controls, identifies ways to improve reliable OT security detection, and maximizes knowledge transfer from our team to yours. Our test plans map to MITRE ATT&CK for ICS and use VECTR™, our free industry-recognized tool for tracking and reporting Threat Resilience Metrics site-by-site and improvements over time.

Key Focus Areas

  • IT/OT convergence points​
  • OT, IoT and IT offensive and defensive security working together
  • Simulated cyber threats to discover attack paths and recommended security controls to identify, detect, and respond
  • Threat Index built on the top threat actors identified by industry leading organizations in your vertical

Deployment & Enablement

Security Risk Advisors’ (“SRA”) OT and IoT security control and tool deployments focus on security control enablement in cyber physical system environments. We specialize in tool deployment and optimization, relationship building with sites and operational process improvement while also taking care for supplemental system qualification and validation processes.

Key Focus Areas

  • Advise, design, build and implement pragmatic cyber-physical systems security solutions
  • Engage and work with key stakeholders across the organizations, often bridging global cybersecurity and site teams
  • Conduct impact testing on security solutions to ensure people, process, and digital dependencies are not impacted
  • Realize return on investment (“ROI”) through capability enablement and deployment metrics
  • Integrate with existing organizational processes, such as qualification to enable smooth deployments

SCALR™ XDR Monitoring and Response

Security Risk Advisors’ (“SRA”) SCALR™ XDR monitoring platform extends to security detection and response in OT and IoT environments. Our people and technology driven XDR is a cost-efficient, turn-key security analytics ecosystem which can ingest Armis, Claroty and other “OT/IoT Security Visibility” platform event data.

Key Focus Areas

  • Monitoring & Notification – We perform 24x7x365 real-time monitoring of your OT and IoT environments. Our team of Defenders will correlate and investigate security events in our transparent workspace (you can see what we are doing).
  • Threat Hunts – Based on threat intelligence feeds including SRA TIGR threat feed and other threat feeds you subscribe to; SRA will conduct and document threat hunts. Hunts are designed to identify anomalies and suspicious events which may have eluded detection rules.
  • Purple Teams – SRA will simulate adversaries with a set of benchmarked test cases and use the outputs to prioritize use case development/improvement and to present effectiveness metrics. We will make recommendations for improved alerting and validate and benchmark your alignment to the MITRE ATT&CK framework or ATT&CK for ICS if appropriate.
  • Operated and Managed 24x7x365 – SRA solves your staffing problem with our talent process. Hiring, training and retaining CyberSOC consultants is our core competency.

Tabletop Exercises

Security Risk Advisors’ (“SRA”) facilitate OT and IoT security tabletop exercises (TTX) to reflect real-world attacks which could disrupt critical processes that drive business objectives. We review your incident response plan (IRP) and procedures to identify potential gaps in roles, processes, decision trees and communications protocol and recommend enhancements.

Key Focus Areas

  • Industry-specific scenarios constructed around your organizations critical assets, processes, and documentation
  • Cyber physical system security incident lifecycle review from alert to remediation
  • Cyber physical system security incident response observations, recommendations and enhancement opportunities

Software Bill of Materials Enablement

Software Bills of Materials (“SBOMs”) provide opportunities to enhance several core Cyber Physical Systems (“CPS”) security practices. SRA takes a wholistic, hands-on approach to enable SBOM value potential to component suppliers, original equipment manufacturers (“OEMs”), and end users. Using manual techniques and openly available tools, we build standards-based, enriched SBOMs and help you to operationalize them within your organization or deliver them to your customers. We see this as a valuable capability which we apply in our CPS security assessments, vulnerability management, supply chain risk management, device testing and more.SRA can empower you and your team to perform these techniques and develop this rudimentary capability.

OT Vulnerability Management Program

Security Risk Advisors’ (“SRA”) OT Vulnerability Management programs are designed to work within the unique constraints of OT systems and environments. We work with your Vulnerability Management team and OT stakeholders to create a risk-based approach to OT Vulnerability Management. Using custom decision trees, we help you focus on remediation of vulnerabilities that meaningfully reduce risk to your organization and deprioritize those that do not.

Key Focus Areas

  • Documented workflows and agreed upon roles and responsibilities for each step in the OT Vulnerability Management lifecycle
  • Vulnerability identification capabilities (passive tooling, software bill of materials [“SBOMs”], machine readable vendor advisories)
  • Standardization of crucial OT asset characteristics to be captured by the organization
  • Meaningful risk reduction through OT vulnerability remediation prioritization process

Supply Chain Risk Management Program

Security Risk Advisors’ (“SRA”) Cyber Physical Systems (“CPS”) Supply Chain Risk Management programs provide a continuous process to evaluate your supply chains and better understand your risk exposure. We consider your existing supply chain processes and procedures, understanding your roles as a customer, supplier, or both.

Key Focus Areas

  • Evaluation of risks within the CPS Supply chain and integration with existing risk management process.
  • Roles and responsibilities for each step in the Supply Chain Management process
  • Supplier vulnerability disclosure/information sharing process

Hardware Device Assessment Program

Security Risk Advisors (“SRA”) recognize that modern cyber physical systems are often implemented as systems and even systems-of-systems, complete with integration interfaces and cloud-based infrastructure. Because of this, our hardware assessment methodology differs from more traditional hardware testing in that we consider not just the device itself, but the entire ecosystem including the product lifecycle starting from development.

Key Focus Areas

  • Review device hardware implementation including data storage elements, device boot process, and hardware security features such as Trusted Platform Modules/Hardware Security Modules and physical security
  • Identify third-party software components (e.g Software Bill of Materials) for potential vulnerabilities
  • Evaluate physical and logical communication interfaces for potentially
  • Examine system update process (software, firmware, and patching)
  • Assess operating system and user interface hardening
  • Review handing of sensitive data, such as device identity, Personally Identifiable Information, and cryptographic keys

Detailed Documentation

CPSS Overview

Strategy & Framework

Security Risk Assessment

Site Assessment

Purple Teams

Deployment & Enablement

24x7 OT CyberSOC

Tabletop Exercises

SBOM Enablement

Vulnerability Management

Supply Chain Risk Management

Hardware Device Assessment

Get Started!

Let us know if you would like us to provide CPSS services for you by completing the contact form.

Specialized Skills

We have a tailored ICS/OT skills development program for our team. We have ICS/OT security leadership, strategy, framework, standards, architecture, engineering and operations expertise.

Trust and Credibility

We know that credibility with sites is key to establishing successful working relationships and have a proven record of gaining their support of security programs and projects.

Holistic and Embedded

We embed and operate as part of your team and within your environment. This allows us to execute on behalf of internal stakeholders and strategy more effectively.

ISAGCA Founding Member

Security Risk Advisors is a founding member of the ISA Global Cybersecurity Alliance (www.isa.org/isagca). Made up of more than nearly 50 companies representing 33 different industry segments, the ISAGCA works to expand awareness, adoption, and application of the ISA/IEC 62443 series of standards to advance cybersecurity readiness and awareness in manufacturing and critical infrastructure facilities and processes