ICS 网络安保

exida 帮助减轻安全风险和协助提供本质安全的产品.

ISA/IEC-62443/ISA-99 基于工业控制系统(ICS)的网络安保

       工业控制系统(ICS)的网络安保已经迅速成为过程和关键基础设施行业里专业人才要面对的一个严重问题.

       空前规模的安全漏洞已经在工业控制产品中显露,并且监管机构要求符合复杂和令人混淆的法规。实际上, 很少有行业是被监管的,而那些被监管的行业,监管机构要求遵守复杂和混乱的规定。那些不受监管的行业是处理各种各样的模糊和从多个来源而有时是冲突的标准.

       自动化专业人士可以使用已完好建立的策略和技巧来发现和减少安全隐患并提高产品和系统固有的安全。学习和采用这些策略将帮助企业领先于潜在漏洞. 

       exida是 ISA/IEC-62443/ISA-99 基于工业控制系统 (ICS) 和SCADA系统安全的咨询和认证机构,专注于工业自动化和过程控制系统的独特需求.

经验分享

       exida人员拥有超过30年的经验,在工业自动化和控制系统安全和网络安保的设计、实施与评价。 exida的经验在与评估和开发网络安保解决方案在运输油气电力化工污水处理和在很大程度上依赖于工业自动化和控制系统的使用的其他行业.

       在exida, 我们与 美国国土安全部 (DHS), 熟悉 运输安全局 (TSA), 美国国家标准与技术研究所 (NIST),和美国公共交通协会 (APTA) 的指导方针,建议的做法,和标准.

       exida也领导和参与网络安保标准的定义: 通过ISA 99委员会工作–ANSI / ISA / IEC 62443 (以前是ISA 99),该协会推荐铁路客运的做法 (在交通环境中的安全控制和通信系统), 和ICSJWG小组工作。

请求提案     ICS安全的7个步骤   

exida 是工业控制系统 (ICS) 和SCADA系统安全的咨询和认证机构,专注于工业自动化和过程控制系统的独特需求 .

服务

       exida参与每一步的网络安保生命周期从评估,设计到操作及维护。 我们提供一系列的ISA / IEC-62443 /ISA-99基础服务,定制您的实况地的要求,同时采用新的网络安保标准和指南。以下是我们所提供的一个大纲。

1.  评估

       你不会开始一个你不知道的旅程,直到你知道从哪里开始,你想去哪里,你将如何到达那里。

       规划旅程和确保您的控制系统是没有什么不同。它首先了解风险控制系统的安全(或不安全)对与你的业务。这就是所谓的风险评估,它是用来量化威胁构成的危险的业务。exida行列这些风险,以让你知道如何优先考虑您的安全美元和努力。

exida可以帮助您在以下的评估阶段:

  1. 评估和评价 (网络安保培训和意识)  - 看下面的课程列表
  2. NIST 网络安保框架差距评估  - NIST 采访,当前与目标层/配置文件分析,NIST框架差距报告,建议未来的步骤
  3. 网络安保项目范围定义和设置  - 分析当前配置和推荐的步骤, 分析和/或创建建筑绘图, 政策/程序发展和/或审查
  4. 网络安保脆弱性评估 (CVA)  -  执行网络安保漏洞评估,审查和评估架构图纸,评估现有的对策,网络架构和流量评估,政策/程序审查
  5. 高水平的网络安保风险评估 (HLCRA)  - 高水平的网络安保风险评估程序的开发,协助库存要求,关键任务,协助区域和管道和数据流信息, 培养员工对风险评估程序,方便和文档的风险评估, 初始安全级别(SL)分配,威胁建模
  6. 详细的网络安保风险评估 (DLCRA) -  详细级的网络安保风险评估程序的开发,协助库存要求,培养员工对风险评估程序,方便和文档的风险评估,文档评估结果,安全水平目标(SL-T)分配确认,威胁建模
  7. 过程控制网络防御深度审查 - 区域和管道建模,区域和管道-审查企业参考模型,区域和管道-高层次图,区域和管道-详细设计,区域和管道-设计审查,屏障设备的培训和调试

2.  设计

       设计阶段开始于一个结构评估你的安全系统的体系结构和配置。一个详细的研究与充分,最新的文件将被审查,以发现潜在的网络安保漏洞。 exida会和你一起研究具体目标设计与您当前的网络结构比较。路线图与技术细节和执行时间进度,会在这时定稿.

exida 在设计阶段进行以下工作:

  1. 网络安保要求规范 (CSRS)  - 技术写作模板, 要求的发展, 审查网络安保要求规范
  2. 网络安保设计规范 (CSDS)  - 咨询,审查,技术调查和建议
  3. 纵深防御分析  -  防御层效能分析,深度探测分析(监测层效能分析)
  4. 用户帐户管理、访问和授权哲学   - 政策/程序审查,政策/程序开发,ACL审查,设计评审
  5. 网络安保工厂验收测试 (CFAT)  - 网络安保工厂验收测试的开发、CFAT的执行和报告
  6. 网络安保现场验收测试 (CSAT)  -  网络安保现场验收测试的开发、CSAT的执行和报告

3.  操作及维护

       即使你的解决方案到位,exida可以协助你,以确保您的过程中保持了安全和可靠。

exida 可以帮助你以下的操作和维护阶段期间:

  1. 网络安保监控和维护  - 制定测井要求,评估监测方法,评估对策,评估安全水平(SL)的要求
  2. ICS 的修改或退役  - 影响分析综述
  3. 网络安保漏洞评估 (CVA)   -  执行网络安保漏洞评估,审查和评估架构图纸,评估现有的对策,网络架构和流量评估,政策/程序审查.

请求提案     ICS安全的7个步骤   

案例研究

       区域污水处理设施保证了网络的PLC与Belden-exida解决方案和培训.

       了解更多   

使用CyberPHAx™ 进行高效网络风险评估

       CyberPHAx™ 是基于PHA的工具,它可以被工程人员用于项目,过程安全,信息技术,过程控制,以及工厂管理和作业人员.

CyberPHAx™ 引领用户通过网络风险评估过程,有效地让用户专注于手头的任务,确定网络攻击类型,尽可能找出所能导致的危险事件及相关风险.

了解更多关于CyberPHAx™   

       “我们很自豪能在我们的行业和地区的工业控制系统网络安全的前沿,与我们所受的训练,我们的能力保持信心,排除在未来扩大我们的托菲诺系统,”

工厂电子技术员-城市水资源部

ICS 网络安保培训课程

       我们为今天的行业专业人士提供了一系列ICS的网络安保培训课程,从基本到先进的概念。我们可根据要求提供定制的培训课程.

       学员将受益于exida的深入知识和技能, 使他们能够充分了解网络安保和公司的实施程序,确保他们不会受到网络攻击.

Advanced Industrial Networking (CS 221)

Ethernet has become the predominant technology as the fieldbus for modern process and control networks. While this technology brings many advantages, it also brings with it many disadvantages. Among them is that Ethernet is a mostly unfamiliar technology for many Process and Control technicians and engineers. This 2-day course expands on the Introduction to Industrial Networking course and the knowledge to dive much deeper into Ethernet Technology. We will cover advanced topics such as VPN, NAT, Redundancy, etc. We will also discuss many more protocols, how they operate, and how they may affect a process and control network. Exercises are included to reinforce knowledge.

More Info    

IEC 62443: 7 Steps to Industrial Control System Cybersecurity (CS 101)

This course provides an introduction to industrial control system (ICS) cybersecurity and a practical 7 step process for implementation regards operating, maintaining, and integrating ICS/SCADA systems. We have simplified the material from numerous standards and best practice documents, such as ANSI/ISA 99, IEC 62443 and NERC CIP, and coupled it with our experience in assessing the security of dozens of industrial control systems to bring you this easy to follow process. This course was designed to get you up to speed quickly on control system security best practices by presenting the material in an organized, straightforward and easy to understand manner. Attending this course will get you started and on the right path in far less time than it would if you were to start diving in on your own.

More Info    

Industrial Control Systems (ICS) Cybersecurity Lifecycle (CS 102)

This course addresses integration of cyber security into the functional safety lifecycle. While cybersecurity introduced many unique activities that are specific to its technology, with respect to the industrial automation control system, including safety controls, alarms and interlocks, there is a synergistic efficiency to leveraging the functional safety lifecycle when implementing cybersecurity in the control world. Participants in this course will progress through the major phases of the Cybersecurity Lifecycle: Assessment, Design & Implementation, and Operation & Maintenance - identifying the necessary inputs and processes to achieve the required outputs for each phase.

More Info    

Introduction to Industrial Networking (CS 121)

Ethernet has become the predominant technology as the fieldbus for modern process and control networks. While this technology brings many advantages, it also brings with it many disadvantages. Among them is that Ethernet is mostly a unfamiliar technology for many Process and Control technicians and engineers. This 1-day course covers the basics of Ethernet Industrial Control Networks found in most process and control environments. We will cover foundation knowledge of Ethernet networks, communications, discuss different network devices and their functions and use, discuss and review a sampling of Industrial protocols. Labs are included to reinforce the knowledge.

More Info    

Security Development Lifecycle Training

The Security Development Lifecycle training course and workshop was created specifically for developers of industrial control system products with a particular focus on network-enabled embedded control system products such as PLCs, DCSs, SISs, RTUs, VFDs, etc. The objective of this course is to train R&D teams, through a combination of lecture and workshop, on how to properly and effectively integrate software security assurance practices and techniques into their existing software development lifecycle. The training covers all phases of IEC 62443-4-1 (Product Development Lifecycle Requirements) as well as IEC 62443-4-2 (Technical Security Requirements for IACS components), and the ISASecure™ Software Development Security Assurance (SDSA) certification program.

More Info    

© 2000 - 2017 艾思达(青岛)工业安全技术有限公司(版权所有) 备案号:鲁ICP备09052584号 技术支持:润商科技