With cyber risk growing in prevalence and sophistication, cyber security has become a necessity for commercial, industrial and even residential applications. It has become necessary to protect our businesses, workplaces and our supply chains. While addressing the problem can seem daunting, many solutions are actually easy to deploy, have no negative impact on your operations and are inexpensive. Some simple measures can go along way toward managing your cyber risk exposure.
High profile cyber attacks are occurring with regularity in recent years with the Colonial Pipeline incident recently leading headlines. The majority of attacks are financially motivated. Less sophistication is required and there are many applications available on the dark web for purchase to disrupt the operations of industrial or commercial clients. An attacker does not need to know the inner workings of your business. All they know is that you would like to keep it running uninterrupted and you may pay a ransom to do so.
Cyber attacks are also conducted with the intention of causing societal disruptions. A water treatment facility in Florida was recently hacked with the intention of poisoning municipal drinking water. Nuclear facilities have been infiltrated and attacked with the intention of causing large scale destruction. While most of these headline grabbing attacks are either state actors or compromised employees with bad intention, many businesses handling dangerous materials or operating close to the public are at risk.
Industries handling dangerous goods are often experienced with process risk management. Participants of process risk assessments may notice a significant portion of identified hazards originate from potential automated failures. Protection against automated failures are also likely automated since human intervention are often deemed less reliable or too slow. These common "hackable" points of failure require extra scrutiny to ensure automated systems are not compromised by hostile actors.
The first step on the road to a successful risk mitigation strategy is to document the current or future infrastructure design. When a philosophy is compared against the design, improvements can be quantified and digested at the management level for funding. Independent consultants can help provide insight on industry best practices and to help benchmark measures taken against industry peers.
Gap assessments can be applied to current infrastructure to plug any holes as a short term solution. Virus protection services are a useful part of a protection strategy as they can head off any vulnerability before the next assessment.
Industry end-users are able to consolidate their well established process risk management activities with cyber risk management activities. By feeding this cyber risk data into internal work processes , synergies emerge. It is easier to manage change to automation infrastructure that has undergone a cyber risk assessment (i.e. CHAZOP).
The need to manage cyber risk is getting the attention of industry risk management standards. IEC 61511-1 notes that cyber security measures are needed to ensure the communications of system instrumented systems are made secure.
With the help of our partners at CyberLucent, we are able to support our clients with tools that provide continuous cyber risk monitoring, with a focus on proactive risk mitigation, enterprise grade advanced threat detection, and protection. Lucid is a secure, risk-managed, network segment that operates within any host network, even a hostile one. Simply plug-in and connect to the included gateway via Ethernet or WiFi, and your private, secure network is up and running in minutes. Work in a corporate-like secure network from anywhere: your home, your small office, at the local coffee shop or in your remotely connect control room. Lucid is Fast, Easy, Portable, Secure and Affordable.
"Better Than a VPN"
Lucid replaces VPNs of old, enables a Zero Trust security model, and creates an isolated network for you or your business, regardless of network location. Lucid uses biometric authentication for secure and seamless access into your private network from almost anywhere.
No login, no software, no license, no conﬁguration, no hassle
New to cyber security concepts? Feeling a bit overwhelmed, reach out to your Watchmen contact about where to start.
In the interim, here are things you can do to minimize the risk of attacks:
And here are some risky behaviors to avoid:
And some general advise and words of wisdom:
Watchmen Instrumented Safety Experts (WISE) is a Functional Safety Engineering company with specialized expertise in preventative and mitigative instrumented safety. Our expertise includes HAZOP Facilitation, LOPA Facilitation, SIL / SIS Calculations and Consulting, Alarm Management, Fire and Gas Systems Engineering, Cyber Risk Management. Consult one of our experts for your instrumented safety project today.
Copyright © 2018 Watchmen Instrumented Safety Experts - All Rights Reserved.