Industrial Control Systems (ICS), including Supervisory Control and Data Acquisition (SCADA) systems, Distributed Control Systems (DCS) and Programmable Logic Controllers (PLC) are key components of critical infrastructures and industries in the fields of electricity, water, transportation, natural gas, oil, chemicals, pharmaceuticals, etc.
Modern ICS infrastructures have evolved from isolated systems running proprietary protocols, hardware and software, to IP-enabled devices implemented based on IT industry standard computers, operating systems and network protocols. This evolution significantly improves monitoring capabilities and productivity, but compromises the level of isolation of ICS from the outside world, introducing new vulnerabilities and risks, including cyber threats. According to The Global Risks Report 2016 (11th Edition) of the World Economic Forum, “Cyber security incidents affecting critical infrastructures are considered global risks that can have significant negative impact for several countries or industries within the next 10 years”.
ICS present significant risks to health and safety, environmental damages and financial losses and require high performance and reliability, thus cannot be treated like normal IT systems nor be protected by the same security controls:
- Complex authentication mechanisms and security controls are time-consuming and may compromise availability.
- Vulnerability and patch management may cause downtimes with high impact.
- Penetration testing may compromise the infrastructure and cause serious hazards.
However, due to their criticality it is essential to be able to proactively manage these risks.
Neurosoft offers industrial companies and organisations a set of solutions and services in order to address issues and requirements related to security and compliance of their ICS/SCADA systems and critical services, proactively manage vulnerabilities, govern systems on public and private networks and repel cyber security attacks.
Our experience focuses in the areas of:
- Design and architecture requirements of ICS/SCADA systems.
- Vulnerability assessments and penetration testing.
- ICS threat intelligence monitoring.
- Incident management.
Our highly-qualified professional team of security analysts and researchers will:
- Assess the security level of ICS/SCADA infrastructure and create the threat model of the Organisation.
- Provide continuous feed from security updates, zero-day vulnerability alerts, anomaly detection and remediation actions.
- Provide guidance on ICS security hardening guides.
- Audit compliance.