Systems Engineering Cybersecurity Measures

👍 The בנק ישראל Bank of Israel has published a directive addressed to “Banking Corporations and Licensed Payment Service Providers Chairman of the Board and CEO” on requirements related to cyber risks associated to the development of quantum computing. Highlights: 👉 It is important to prepare the banking system for information security and cyber risks related to quantum computing. 👉 Organizations are required, at a minimum, to: 📌 Raise awareness within the banking corporation, continuously monitor developments in quantum computing, and assess the associated cyber risks Inform all relevant parties within the banking corporation, including the board of directors and senior management 📌 This topic should be discussed periodically in line with technological developments, at least once every two years, and include a review of general developments in quantum computing 📌 Continuously monitor ongoing developments in quantum computing that may impact cyber defense 📌 Integrate quantum computing considerations into the cyber risk management process with the supply chain 📌 Avoid reliance on suppliers and manufacturers that are not preparing for the quantum era 👉 Mapping and Managing Encrypted Information Assets 📌 Map encrypted information assets and processes (Discovery and inventory) 📌 Create a transition plan 📌 Metadata to include in the inventory: - Type of encryption algorithm and key length - Information owner’s details - Systems and applications using the algorithm - Duration for which the encrypted information is valid and must remain encrypted - Sensitivity and criticality level of the information 👉 Development of skills and capabilities 📌 Start preparing to build an infrastructure that will enable the banking corporation to be adequately prepared: 📌 Train employees 📌 Define the resources that will be needed 📌 Assess the compatibility with PQC of the existing infrastructure 📌 Prepare for the transition 📌 Identify affected policy documents and procedures, and plan to update and validate them 📌 Define alternative solutions for cases where systems cannot be converted Organizations are required to develop an initial plan addressing these points. The plan should be discussed by the board of directors and management. 📅 This preparedness plan should be submitted to the Banking Supervision Department within one year from the date of the directive (January 7th, 2025).   This directive reminds the advisory published by the Monetary Authority of Singapore (MAS) on February 2024, although it is more execution oriented, including a deadline. Bank of Israel directive: https://lnkd.in/dQj-dyce MAS advisory: https://lnkd.in/dSbpTuYK #cybersecurity #pqc #quantum #cryptography

Goodbye RMF. Hello CSRMC! The Department of War just announced RMF's replacement - the "Cybersecurity Risk Management Construct." They say that the RMF "was overly reliant on static checklists and manual processes that failed to account for operational needs and cyber survivability requirements." CSRMC shifts from "snapshot in time assessments to dynamic, automated, and continuous risk management, enabling cyber defense at the speed of relevance required for modern warfare." CSRMC organizes cybersecurity into five phases aligned to system development and operations: 1. 𝐃𝐞𝐬𝐢𝐠𝐧 𝐏𝐡𝐚𝐬𝐞 - Security is embedded at the outset, ensuring resilience is built into system architecture. 2. 𝐁𝐮𝐢𝐥𝐝 𝐏𝐡𝐚𝐬𝐞 - Secure designs are implemented as systems achieve Initial Operating Capability (IOC). 3. 𝐓𝐞𝐬𝐭 𝐏𝐡𝐚𝐬𝐞 - Comprehensive validation and stress testing are performed prior to Full Operating Capability (FOC). 4. 𝐎𝐧𝐛𝐨𝐚𝐫𝐝 𝐏𝐡𝐚𝐬𝐞 - Automated continuous monitoring is activated at deployment to sustain system visibility. 5. 𝐎𝐩𝐞𝐫𝐚𝐭𝐢𝐨𝐧𝐬 𝐏𝐡𝐚𝐬𝐞 - Real-time dashboards and alerting mechanisms provide immediate threat detection and rapid response. They say that CSMRC has 10 foundational tenets: 𝐀𝐮𝐭𝐨𝐦𝐚𝐭𝐢𝐨𝐧 - driving efficiency and scale 𝐂𝐫𝐢𝐭𝐢𝐜𝐚𝐥 𝐂𝐨𝐧𝐭𝐫𝐨𝐥𝐬 - identifying and tracking the controls that matter most to cybersecurity 𝐂𝐨𝐧𝐭𝐢𝐧𝐮𝐨𝐮𝐬 𝐌𝐨𝐧𝐢𝐭𝐨𝐫𝐢𝐧𝐠 𝐚𝐧𝐝 𝐀𝐓𝐎 - enabling real-time situational awareness to achieve constant ATO posture 𝐃𝐞𝐯𝐒𝐞𝐜𝐎𝐩𝐬 - supporting secure, agile development and deployment 𝐂𝐲𝐛𝐞𝐫 𝐒𝐮𝐫𝐯𝐢𝐯𝐚𝐛𝐢𝐥𝐢𝐭𝐲 - enabling operations in contested environments 𝐓𝐫𝐚𝐢𝐧𝐢𝐧𝐠 - upskilling personnel to meet evolving challenges 𝐄𝐧𝐭𝐞𝐫𝐩𝐫𝐢𝐬𝐞 𝐒𝐞𝐫𝐯𝐢𝐜𝐞𝐬 & 𝐈𝐧𝐡𝐞𝐫𝐢𝐭𝐚𝐧𝐜𝐞 - reducing duplication and compliance burdens 𝐎𝐩𝐞𝐫𝐚𝐭𝐢𝐨𝐧𝐚𝐥𝐢𝐳𝐚𝐭𝐢𝐨𝐧 - ensuring stakeholders near real-time visibility of cybersecurity risk posture 𝐑𝐞𝐜𝐢𝐩𝐫𝐨𝐜𝐢𝐭𝐲 - reuse assessments across systems 𝐂𝐲𝐛𝐞𝐫𝐬𝐞𝐜𝐮𝐫𝐢𝐭𝐲 𝐀𝐬𝐬𝐞𝐬𝐬𝐦𝐞𝐧𝐭𝐬 - integrating threat-informed testing to validate security You'll see that the attached lifecycle graphic does align CSRMC's 5 phases to RMF's steps. And there are still references to RMF documents like Information Security Continuous Monitoring (ISCM). I'm assuming they'll continue to use the NIST 800-53 security controls. If so, I'm sure they'll create additional overlays. CNSSI 1253 documented the security control baselines for RMF. If they still leverage NIST 800-53, I would think that the resulting baselines will be much smaller in the revised version. I'm very much in agreement with the tenets and applaud the shift in focus! I'm interested to learn how different this will be from the RMF process. I do know this, sometimes you need a rebrand to shake things up. It will be very interesting to see how this evolves! #csrmc #nist #rmf

Industrial Cyber Security—Layer by Layer OT environments can't rely on repackaged IT security checklists. Frameworks like IEC 62443 and NIST SP 800-82 demand a defence-in-depth strategy tailored to physical processes, real-time constraints, and integrated safety systems. This layered defence model visualizes the approach, moving from the physical perimeter to the core data: ✏️ Perimeter Security: Starts with physical controls like site fencing and progresses to network gateways that enforce one-way data flow. ✏️ Network Security: Involves segmenting the network (per the Purdue model), using industrial firewalls, and securing all remote access points. ✏️ Endpoint Security: Focuses on locking down devices with application whitelisting, ensuring secure boot processes, and using anomaly detection to spot unusual behavior. ✏️ Application Security: Secures the software layer through code-signing for logic downloads and hardening engineering workstations. ✏️ Data Security: Protects information itself with encrypted backups, PKI certificates for authenticity, and integrity monitoring. This entire strategy rests on two pillars: 1. Prevention: Proactive measures like architecture reviews, role-based access control (RBAC), and disciplined patch management. 2. Monitoring & Response: OT-aware security operations, practiced incident response playbooks, and the ability to perform forensics on industrial controllers. Why it matters: The data is clear. Over 80% of recent OT incidents exploited weak segmentation or unmanaged assets. Conversely, plants with layered controls have cut their mean-time-to-detect threats by 60% (Dragos 2024). Which of these security rings do you see most neglected in real-world plants? #OTSecurity #IEC62443 #NIST80082 #DefenseInDepth #IndustrialCyber #CriticalInfrastructure #CyberResilience

Building on our exploration of 'The Brownfield Challenge,' it’s imperative for manufacturers to implement robust cybersecurity strategies to transform their facilities into secure, modern hubs. A key component of this is vulnerability management, which, while well-established in IT, is gaining attention in OT environments where systems have traditionally been less frequently updated.   Vulnerability management can be approached through three tiers: manual, semi-automated, and automated processes. Manual processes involve creating detailed OT asset inventories and subscribing to vulnerability notification systems like the National Vulnerability Database (NVD). Semi-automated systems can identify vulnerabilities and assist in managing remediation efforts. Fully automated systems, common in IT, can automatically detect and deploy fixes but require careful adaptation for OT due to the need for quality control and testing.   In addition to vulnerability management, manufacturers should adopt a defense-in-depth strategy. This involves multiple layers of protection, such as deep packet inspection (DPI) firewalls, network segmentation, and intrusion detection systems (IDS). These measures collectively contribute to a robust cybersecurity posture, ensuring that each layer of security can compensate for potential weaknesses in others.   Ultimately, manufacturers must integrate these strategies into their operational fabric, ensuring their facilities are not only competitive but also secure and resilient. By prioritizing comprehensive cybersecurity measures, they can protect their assets and foster sustainable growth in the face of evolving threats.   #BrownfieldChallenge #VulnerabilityManagement #ManufacturingExcellence #Siemens

Integrating ISA/IEC 62443 Cybersecurity throughout Project Lifecycle How to integrate cybersecurity in project phases is a million dollar question, let's explore together! >> integrating Cybersecurity in the project life cycle provides many benefits: > Proactive risk mitigation to prevent vulnerabilities. > Compliance with industry standards and regulations. > Cost savings by addressing security early. > Ensures operational reliability and safety. >> The IEC 62443 framework provides a structured approach to secure systems throughout their lifecycle—from conceptualization to ongoing operation. >> Relevant Standards: > ISA/IEC 62443-2-1, > ISA/IEC 62443-2-4, > ISA/IEC62443-3-2, and > ISA/IEC62443-3-3, >>These standards cover > cyber security management, > risk assessment, and > technical requirements. 1. Concept Phase: Define project goals, scope, and requirements. >> Key Activities: > Define scope of work and requirements. > Develop strategy and methodology. > Assign roles and responsibilities. >> Relevant Standards: IEC 62443-2-1 and IEC 62443-2-2. 2. FEED Phase: Front-End Engineering Design >> Key Activities: > Identify Systems under Consideration (SuC). > Conduct a high-level risk assessment. > Partition zones and conduits. > Perform detailed risk assessments. > Specify cybersecurity requirements. >> Relevant Standards: IEC 62443-3-2. 3. Project Phase: Execute the design, build, and testing activities. >> Key Activities: > Conduct detailed engineering. > Perform Factory Acceptance Testing (FAT). > Commission systems. > Hand over systems to operations. >> Relevant Standards: IEC 62443-3-3 and IEC 62443-2-4. 4. Operation Phase: operations and Maintenance >> Key Activities: > Maintain systems. > Monitor cybersecurity performance. > Manage change. > Respond to and recover from incidents. >>Relevant Standards: IEC 62443-3-3 and IEC 62443-2-4. #icssecurity #otsecurity

Post Quantum Computing and Post Quantum Cryptography for 5G TLC a white paper by 5G Americas Organizations are recommended to develop plans for migration to PQC now, if they have not already started. Start by educating and informing key executives and stake holders on this topic and its urgency. Develop organizational roadmaps and migration plans, create a cryptographic inventory (including security protocols & versions) and perform quantum risk assessments. Prioritize assets most at risk of the “harvest now, decrypt later” attack or those assets that can cause the most damage if compromised. Investments into performance and interoperability testing, as well as cryptographic agility tools are recommended. Begin having conversations on quantum resistance with vendors, to understand and align your supply

The #1 cyber security control in ICS/OT to stop attackers? Secure network architecture. It might be one "control," but it has many parts. 1. IT-OT DMZ Most ICS/OT networks have some communication with the IT network. A DMZ with two layers of firewalls implemented between the IT and OT networks. The DMZ helps limit the flow of traffic between the two main networks. Forcing the traffic through systems that act as intermediaries. Intermediaries that can help enforce security. Ultimately, the DMZ limits the damage that can be done WHEN an attacker gains access to the IT network. The main goals here are to: -> Prevent an attacker from moving into the OT network from IT -> Limit communication from the OT network to IT side -> Ensure DMZ hosts are hardened against attack -> And monitor for potential attacks 2. OT Network Segmentation Besides the IT-OT DMZ, further network segmentation should be performed within the OT network. As a starting part, many reference the expanded Purdue Model. Even though this was not its intent (and you should jump to "Zones and Conduits" below). An attacker could gain access to the IT network, but placing additional segmentation through firewalls and ACLs on switches can limit them. The goals here are to: -> Provide necessary communication for the plant to operate -> Limit damage in the event an attacker gains access -> Give systems the ability to spot malicious activity -> Slow down an attacker in the OT network 3. Zones and Conduits As organization mature, they look to ISA/IEC 62443 as the gold standard for building an ICS/OT cyber security program. A main focus of ISA/IEC 62443 is to break up the OT network overall into zones. Zones are logical groupings of assets that share the same function and/or security requirements. Conduits help reflect the paths of communication between assets in different zones. Zones help segment the network further and allow operators to wrap Access Control Lists around those zones. Only allowing required traffic to communicate between zones. That HMI needs to talk to that PLC? Great! That HMI doesn't need to talk to anything else? Then don't let it! Give your assets what they need. No more. No less. If you give more, an attacker will take advantage of it one day! 4. Further Microsegmentation Zones can help limit communication between parts of the network. But they do not limit traffic between hosts within the same zone. Just like above, we want to limit pathways an attacker could use against us. If an attacker gained a foothold in the DMZ, would they have access to the other hosts? And then the pathways accessible to those hosts? Perhaps they cannot directly access a PLC or DCS from the DMZ. But is there a pathway through other zones and hosts from the DMZ that would allow it? Is there a pathway that would allow access to your SIS? P.S. What else would you include or change? #CyberSecurity #Automation #Engineering #ICS #Technology

Enhancing SCADA Security Over Long-Distance Communications Security in Industrial Control Systems (ICS): More critical than ever! In previous posts, we explored how Modbus RTU pairs with spread spectrum radios for reliable, long-distance SCADA links, alongside strategies for polling and communication. Today, let’s tackle a topic that underpins them all: Security. Why ICS Security Demands Attention Industrial Control Systems power critical infrastructure. A breach can ripple into safety, environmental, or economic crises. Wireless SCADA communications, spanning vast distances, introduce unique vulnerabilities. That’s why fortified cybersecurity is non-negotiable. The Challenges in Securing Wireless SCADA 1. Bandwidth & Latency Constraints: Adding encryption or authentication can strain limited bandwidth. Striking the right balance is key. 2. Resource-Limited Endpoints: Remote PLC/RTUs or field devices often lack the hardware for advanced security. Feasibility matters. 3. Interference & Jamming Risks: Spread spectrum helps, but intentional jamming persists. Detection tools and physical layer security are essential. 4. Long Update Cycles: Geographically dispersed assets complicate updates. Secure Over-the-Air (OTA) mechanisms are a must-have. Best Practices for a Secure SCADA Environment 1. Encryption & Authentication ---->Encrypted Data Transport: Use industry-standard encryption (e.g., AES-256) or secure VPNs. ---->Mutual Authentication: Ensure devices and servers authenticate each other to prevent spoofing. 2. Network Segmentation & Zoning ---->Defence-in-Depth: Treat wireless links as untrusted. Segment the network using ISA/IEC 62443 standards. ---->Access Controls: Limit who and what can access polling masters and remote devices. 3. Monitoring & Intrusion Detection ---->Traffic Baselines: Know what "normal" looks like. Anomaly detection tools can spot intrusions. ---->Comprehensive Logging: Maintain logs and regularly audit them to detect tampering early. 4. Physical Security Measures ---->Secure Field Installations: Use locked enclosures, tamper-evident seals, and even surveillance cameras. ---->Tamper Detection: Deploy PLC/RTUs with sensors that notify operators of unauthorized access. 5. Regular Audits & Updates ---->Security Assessments: Conduct penetration tests and tabletop exercises to expose vulnerabilities. ---->Patch Management Plans: Streamline updates with secure OTA mechanisms and contingency plans. Balancing Performance and Protection Cybersecurity in ICS is a delicate act. You’re balancing risk mitigation against SCADA’s core reliability and performance. A clear threat model is your first step to identifying vulnerabilities and tailoring cost-effective, ongoing solutions. How have you strengthened cybersecurity in your SCADA long-distance communication environment? How have you solved the challenge of patching remote endpoints? P.S. Share this post to help others in the community. ♻️ Thank you!

A secure and cost-effective design for industrial control system #ICS cybersecurity starts with an accurate assessment of the actual cyber risks. However, the entities performing the risk assessment are often different from those doing the design, which can lead to misaligned expectations and missed requirements. That’s why a proper handover supported by clear documentation plays a vital role in achieving the desired cybersecurity specifications. One of the key deliverables at this stage is the zone and conduit diagrams and their characteristics which are part of cybersecurity requirement specifications #CRS. The more detailed and structured these specifications are, the better the design phase can address the identified risks. The ISA/IEC 62443-3-2 standard provides useful guidance in the form of zone and conduit requirements, and using standardized templates can further streamline the process and make it repeatable. #ICS #iec62443 #otcybersecurity #icscybersecurity #industrialautomation #cyber #cyberawareness #automation #cyberriskmanagement #TahseenSaber

Most would agree that building a brand-new house is significantly easier than carrying out a major renovation on an old one. The same principle applies to control systems. Setting up a new system is often much simpler than upgrading an existing one. When it comes to major upgrades, especially for Distributed Control Systems (DCS), there are 8 elements that must be carefully considered to ensure a successful implementation: 1. System Compatibility & Integration • Legacy System Interface: Ensure new DCS can interface with older field instruments, I/O modules, and control logic (if retained). • Protocol Mismatch: Compatibility between old and new communication protocols (e.g., HART, Profibus, Foundation Fieldbus, Modbus). • Third-party System Integration: SCADA, PLCs, SIS (Safety Instrumented Systems), historians, and asset management tools must seamlessly integrate. 2. Downtime Minimization • Phased Migration Plan: Design must allow partial switchover to maintain plant operations. • Hot Cutover Capability: Ensure some systems can switch without shutting down the entire plant. • Backup Systems: Redundant systems and fallback strategies in case of failure during the upgrade. 3. Cybersecurity • Hardening the New System: New DCS introduces network exposure; firewalls, segmentation, and intrusion detection must be included. • Patch Management: Choose systems with secure patching and vendor support. • Compliance: Meet standards like ISA/IEC 62443. 4. Safety Systems Interface • SIS Independence: Ensure the DCS upgrade doesn’t compromise the independence and integrity of Safety Instrumented Systems. • Interlock Revalidation: All interlocks and safety logics must be retested and validated post-upgrade. 5. Data Migration & Configuration • Control Logic Transfer: Rewriting or translating existing logic into the new system format without losing functionality. • Historian & Alarm Data Migration: Maintain data integrity during transfer. • I/O Mapping Accuracy: Critical to ensure correct connections between field devices and control logic. 6. Hardware & Network Architecture • Redundancy Design: Controller, power, and network redundancy for high availability. • Scalability: Room for future expansion in the control system design. • Segmentation: Proper zoning of control and field networks for performance and security. 7. Operator Interface & HMI Design • Operator Familiarity: Reduce the learning curve with intuitive graphics and control layouts. • Alarm Rationalization: Avoid alarm flooding; ensure alarm priorities are re-evaluated. • Simulation & Training: Include an operator training simulator for commissioning and operational transition. 8. Compliance & Validation • Documentation: Thorough as-built and functional documentation for audits and training. • Regulatory Standards: Compliance with API, OSHA, ISA, and local regulations.