Control System Security Services
Control System Security Lifecycle Services
(for Control System End-Users and Integrators)
Control System Cyber Security Review and Gap Analysis
These popular, low-cost assessments provide plant staff and management with a review of a facility’s existing industrial automation and control systems environment compared with industry best practices such as ISA 99.02.01-2009. The client is presented with a report that identifies and prioritizes the gaps found during the assessment and provides recommendations to assist the organization in addressing these gaps.
NERC CIP Review and Gap Analysis
The NERC (North American Electric Reliability Corporation) CIP (Critical Infrastructure Protection) standards establish the requirements needed to secure the Bulk Electric Systems in North American from cyber security threats. A NERC CIP Review and Gap Analysis provides NERC Registered Entities with an assessment of their present level of compliance with the NERC CIP standards. Similar to the Control System Cyber Security Review and Gap Analysis the client is presented with a report that identifies and prioritizes the gaps found during the assessment and provides recommendations to assist the organization in addressing these gaps. Compliance with these standards is mandatory and affected organizations must be “auditably compliant” by December 2010.
Control System Security Assessment Brochure
Cyber Security HAZOP
Cyber Security Hazard and Operability Study (CS-HAZOP) is a procedure for conducting a cyber security analysis of existing or planned Control and Computer systems. The technique is similar to, and has been adopted from the Hazard and Operability analysis (HAZOP) procedure that is widely used and is very successful for process plants. With CS-HAZOP we review security vulnerabilities that can impact the operation of Control and Computer systems.
Zone & Conduit Modeling
Proper Industrial Automation & Control System (IACS) security begins with solid network architecture design, including proper zone & conduit modeling as defined in the ANSI/ISA 99.01.01-2007 standard and the draft standard ISA 99.03.02. Exida offers services to assist clients in the design or redesign of their automation system networks and in the proper modeling and analysis of these systems into zones & conduits.
Security Assurance Level (SAL) Determination
The amount of risk reduction that the Industrial Automation & Control System (IACS) is required to provide is specified by the Safety Assurance Level (SAL). exida provides procedures and tools to help you select and document your SAL selection process, and offer expert review for selection of a SAL for each zone and conduit.
Control System Cyber Security Workshops
One of our qualified control system cyber security experts will visit your company and conduct a workshop with your management and staff updating them on the latest status of cyber security regulations and standards and instructing on the requirements applicable to your facility. The workshops will focus on your systems and your current practices in order to assist in developing a control system security action plan for your organization.