JAN-FEB 2018

Issue link:

Contents of this Issue


Page 33 of 53

H ow secure is your industrial control system (ICS)? Con - ventional wisdom says a comprehensive security assessment is required to answer this question. A detailed assessment may be over - kill if you are just trying to get a first look at where you are on cybersecu - rity. Although a security assessment is a valuable tool, it is most often used for an in-depth look at threats, vulnerabilities, losses, and potential countermeasures. So, what if you only want a check- up, not a full physical? There are 10 vi- tal signs for self-checking your ICS— representing security capabilities that address common ICS threats, such as network attacks, connection of unau- thorized devices, malware, and threats from inside the organization. This self-check is like a checkup you get from your doctor, with the exception that there are no empirical measurements, like temperature or blood pressure, for an ICS. Because of this, and because this self-check is for your own use, scoring is left to you. Each vital sign is presented as a question (in no particular order). You can simply answer with "yes" or "no," but most answers will be a matter of degree, so scaling your answer (e.g., 0 to 10) may be more useful. Use 34 INTECH JANUARY/FEBRUARY 2018 WWW.ISA.ORG Checking cybersecurity vital signs Industrial control system cybersecurity By Lee Neitzel

Articles in this issue

Links on this page

Archives of this issue

view archives of InTech - JAN-FEB 2018