Critical Services at High Risk for Attack

While technology convergence can improve efficiencies, enrich customer service, and reduce operating costs, it also dramatically increases the risk of critical services falling victim to a cyberattack.

Consider this: while conducting an ICS research study, the experts at Positive Technologies were able to remotely access more than 200,000 solar power stations because of a weak password encryption algorithm in the web server of one smart-grid manufacturer.

Security shortcomings like these are all too common. They leave your utility vulnerable to the full range of IT security risks, including cyberwarfare, and put entire populations at risk of losing basic services.

Common security problems that Positive Technologies has identified based on its experience performing ICS security assessments include:

• Uncontrolled connections—ICS components that should have strictly limited access are made vulnerable by unauthorized or unreported links to corporate networks or portable devices, often resulting from operators bypassing security settings on human machine interface (HMI) stations.
• Threats to system availability—non-ICS-specific malware or viruses are introduced to ICS components, causing system damage or downtime by triggering machine reboots or changing basic configurations.
• Password policy violations—when ICS systems become accessible via the Internet, default or weak passwords leave them exposed to cyberattacks.

Find Your Weaknesses

To keep your control systems both secure and operational, Positive Technologies can help you to proactively identify vulnerabilities and potential attack vectors, assess and prioritize threats, and remediate weaknesses, with a top-to-bottom approach that includes:

• ICS-specific security assessments from researching user activity to penetration testing, audits, and compliance checks; we take into account the very different security assessment goals, threat models, operational procedures, and organizational complexity that set utilities apart from other enterprises.
• Close cooperation with such leading ICS vendors as Honeywell, Schneider Electric, and Siemens. The regular security audits we conduct on these large-scale systems give us a full understanding of how to detect vulnerabilities and how to work with the vendor community to permanently eliminate them.

Get Smarter About Protecting Your ICS Investments

Smart grids and smart homes may be the future, but "smart" means that your services are always available, and therefore outages and interruptions from cyberattacks are unacceptable. When your ICS is exposed to a network, it is open to all of the network’s risks. ICS security cannot be effectively managed in isolation as separate segments or technologies, so you must consider a unified approach across all systems.

Positive Technologies helps many large manufacturing, petrochemical, utility, and transportation companies meet their ICS security challenges head-on. With unrivalled expertise in critical infrastructure protection backed by one of the world’s top research teams, Positive Technologies is the ideal partner to help you secure your ICS networks from bad actors so you can "keep the lights on".