This is the first in a series of blogs and papers on the benefits of cyber certification. Certification provides you with the opportunity to work with an experienced cyber team here at exida,. It also allows you to gain access to our network of cyber experts worldwide codified in the IEC 62443 family of standards.
The following chart came from a Symantec publication in 2018. While it shows that financial and government sectors are experiencing the highest level of attacks, there still is a significance presence in industrial and infrastructure sectors (Energy, Construction, Telecom, Petrochemical). Where ever you fall in this spectrum, cyber certification can help significantly reduce the likelihood of being successfully attacked.
Certification can occur at many levels from an entire set of plant operations to individual control system products. The infamous Black Energy attacks that shut down power grids in Ukraine started with poor management of authentications and poor management of removable media. Spoofing existing users has always been a fertile ground for attacks, but the next step is a more general training that needs to be in place to improve the organization “cyber hygiene” The IEC 62443 standards provide guidance and requirements in many areas related to competency and management of removable media. It is highly beneficial to have a knowledgeable partner with the wisdom of cyber experts from around the world help to set up policies and procedures in the workplace. The requirements in the standard are specific and the process is straightforward. So next time you go through a post mortem after a breach, and still have your job, you have a clear path to reducing the likelihood of the next attack.
Industrial Control Systems that have been through cyber certification significantly reduce the likelihood of the two forms of attack discussed above. Watch for future articles that continue to discuss specific threats and how cyber certification can help.