Safety Monitoring SCADA / OT / IOT
The implementation of monitoring systems in a continuous mode provides one of the basic pillars of security – the visualization of the state of networks and systems. Without it, we are blind to all the threats that certainly appear in our network.
These systems also support incident response. Providing information about the resources involved in the incident, assessing their criticality and communicating with other security systems, for example to prepare policies to block traffic “to and from” a given device.
Continuous monitoring systems are:
- Visibility of assets and network status
- Support in managing vulnerabilities
- Identification of ATP attacks
- Support in the automation of safety responses
Very important in SCADA safety monitoring systems is their maximum passivity. In practice, interference in the original designs of automation systems comes down to configuring appropriate mirror ports or installing TAP class devices to draw a traffic sample to monitoring systems.
Sometimes, in larger installations, packet broker tools are used to provide an appropriate sample of traffic to the monitoring probes.
What will monitoring the security of SCADA / IoT systems give us? I know if we still manage our SCADA infrastructure ourselves, or if someone does it for us …
How can we help?
In the selection of solutions, design, implementation and proper arrangement of SCADA / IoT systems management processes.
Often our role is to complete a complete project, turnkey, and sometimes to supervise the implementation, or the implementation of the system in the infrastructure maintenance processes?
In each implementation of security systems, including monitoring of SCADA systems, it is not the most important to buy a license and install the system. Correct connection and configuration is just the beginning. A continuous monitoring system must be turned into a natural extension of our SCADA maintenance processes. Make employees, automation engineers and subcontractors use them on a daily basis and use all the benefits of this class of systems.
These benefits include monitoring the efficiency of systems, process data, or simply identifying security incidents. These systems are a great support in the vulnerability management processes. A passive approach to vulnerability is often the only option.
The key issue in monitoring SCADA systems is the choice of where to collect traffic. There is no simple answer to this, and the answer “it depends” with the addition of “very many different factors” may offend many engineers.
We know the answers to these questions – as close to the actuators as possible. In practice, after analyzing the SCADA system diagrams and data flows, Blue Energy engineers will select both the tool itself as optimal for use in a given company and the appropriate place of connection.
The PoC carried out with the SCADA systems monitoring tool turned us on a yellow light. Why such strange traffic in our theoretically sterile networks? A pilot implementation glowed red indicator lights. We have made a decision about full implementation and only now can we say that we manage the SCADA network in a way that guarantees continuity and security.
The biggest challenge with the act on the national cybersecurity system was the implementation of tools that could effectively monitor the security of both IT and OT infrastructure.
The decision to implement monitoring of OT systems was simple. Worse with the choice of the optimal solution. Each of the producers praises exactly what they are best at. We decided to use a consulting company that presented various solutions from an independent perspective, developed a SWOT analysis of the implementation, and thus we chose the most optimal and useful solution for our company.
Related blog articles
Krajowy System Cyberbezpieczeństwa to wymagania dla operatorów usług kluczowych oraz usług cyfrowych. Czym są te wymagania opisane w dość oszczędny sposób w Ustawie? Co mówi sama ustawa o tym jak zapewnić bezpieczeństwo i ciągłość realizacji usług kluczowych?
Częstym problemem organizacji jest zapewnienie efektywnego i gwarantującego właściwą rozliczalność kanału komunikacji wewnętrznej, np. związanej z realizacją praw podmiotów danych, czy zgłaszaniem i obsługą naruszeń ochrony danych osobowych
Ile faktycznie zajmuje identyfikacja i realizacja praw podmiotu danych? Czy nasz rejestr czynności wspiera realizację praw? Czy potrafimy automatyzować procesy realizacji praw podmiotu danych?