|
Control centers with their installed instrumentation and control systems are used for monitoring and controlling a wide variety of industrial installations and networks. Due to the increasing use of "commercial off-the-shelf" products, the utilization of standardized internet protocols and the growing integration into the IT landscape of companies, control centers lose their current protection (decoupling, isolation). A multitude of incidents and malfunctions have become known since, which were triggered by attacks launched with intent against network and process control centers or by accidental maloperations. The result of this situation is the necessity to further protect instrumentation and control systems and control centers by additional measures.
Our Service
- Testing and assessment of control centers and control products according to national and international rules and regulations such as:
- BDEW Whitepaper "Requirements for Secure Control and Telecommunications Systems"
- NERC CIP
- Cyber Security Procurement Language
- ISA S99
- IEC 62443-3
- NIST SP800-53
- Certification of control centers and control products and publication of the certificate on the TÜViT website
- Project management aund coaching
Benefits/Usefulness to you
An inspection and certification concludes with an exact evaluation of the security level reached and generates trust on the basis of a 'Third Party Inspection'. This results in benefits such as:
- cost-efficiency, as vulnerabilities are identified early on and do not have to be eliminated later, which would involve additional efforts as regards development, patching and implementation,
|
- security awareness prior to project start when new control technology projects are awarded and the certification forms part of the tender,
- proof of trust towards third parties (internal audit, clients as well as supervising institutions), as the issuance of a certificate documents the particular efforts with regard to security measures which can be emphasized as a competitive advantage,
- quality assurance and improvement,
- in case of periodical verification the certainty that your control system is the latest state-of-the-art, as the development process for security requirements continues, as well as
- positive influence on the rating of a company and thus possibly a better starting point for the raising of capital and for insurance terms and conditions.
The procedure
For identifying the existing vulnerabilities of the control technology, TÜViT has developed a methodology which comprises the following activities:
- determination of the control technology to be examined,
- development of an assessment plan,
- configuration of the test equipment,
- identification of vulnerabilities,
- exploitation of the vulnerabilities identified as well as
- preparation of a report.
The objective
- final report which includes all the vulnerabilities detected during the course of the project together with the corresponding recommendations on improving the security
- issue of the certificate following positive conclusion of the tests and publication on the TÜViT website
- entitlement to use the Trusted Site Security or Trusted Product Security test mark
|
