25 Oct Facts about Independent ICS Cybersecurity Assessments
Due to the Colonial Pipeline cybersecurity incident in 2021 that led to a massive pipeline shutdown, the TSA now requires an annual independent review of ICS cybersecurity. As of July 19, 2021, TSA issued a second directive requiring the owners and operators of any pipelines designated as critical by TSA, and transporting hazardous liquids and natural gas, to implement additional protections against cyber-attacks. What’s the bottom line? Here’s the facts about independent ICS cybersecurity assessments.
ICS cybersecurity programs are an integral part of any pipeline company’s comprehensive ICS safety and reliability programs, as an attack on these systems can have devastating consequences for the economy, commerce, and national security. The National Institute of Standards and Technology (NIST) has recommended specific protocol for the application of security controls and control enhancements for ICS cybersecurity.
The most effective way to ensure that your ICS is secure is to engage in proactive, collaborative planning and assessment sessions with systems management, your IT organization, your controls engineer and operator, and an independent ICS cybersecurity expert to provide third-party analysis and testing.
An independent review by a qualified consulting firm that specializes in ICS infrastructure can eliminate hostile threats from a variety of outside sources, including groups with harmful intent and former employees. It can also identify deficiencies that may lead to malicious or accidental infractions by current employees. Most pressingly, it can reduce the risk of damage or destruction due to natural disasters and accidents.
The primary objectives of a formal ICS cybersecurity review are restricting access to the ICS network, both physical and logical; protecting individuals from exploitation; early detection of unauthorized security events, restricting unauthorized data modification, maintaining functionality of the system during an emergency, and restoring the system after a critical incident.
When choosing a consultant to use for an independent review of your ICS cybersecurity, it’s crucial to use a company that will not only identify areas of deficiencies and recommend corrective actions but also will stay on site to assist with the implementation of such corrections.
UTSI provides an independent assessment of your ICS cybersecurity through a multi-phase process that includes offline reviews, vulnerability assessments, penetration testing, and forensic investigations in the event of data breaches. We can ensure recommended practices are in place that have been vetted by experts, in order to reduce your risk of cyber-attacks.
With decades of professional ICS experience, UTSI’s recommended practices are a result of deep study and understanding of system vulnerabilities, attack paths, and secure architecture design.
Contact us to speak with one of our consultants about your specific ICS cybersecurity needs. Happy to delve further into the facts about independent ICS cybersecurity assessments.