Industrial Automation & Control Systems (IACS) are an essential part of most critical infrastructure and critical services, but they are also vulnerable to cyber threats that can disrupt operations and compromise sensitive information. The term IACS refers to all the components (SCADA, PLCs, HMI etc.,) that are integrated to critical infrastructures and industrial production establishments. 

Our team of cybersecurity experts has extensive experience protecting IACS networks from a range of threats, including hacking, malware, and other forms of cyber attack. We offer a range of services to help organizations secure their IACS systems, including:

Gap Assessment 

• Most often organization fail to perform the Cyber Security audit /assessment of the integration layer between the IT and OT Network. The hackers enter the OT/IT network through the crack of the network bridge layer or at the point of integration between IT and OT Network. The undefined clear demarcation of ownership between these segment leads to major vulnerabilities in the IACS Network. IARM shall conduct a detailed assessment of IACS infrastructure to identify vulnerabilities and recommend solutions which is relevant for the organization

Cyber Factory Acceptance Test (CFAT)

• Upgrades or new facilities being included into the current network architecture of the IACS facilities, often seems like a plug and play. With no prior cyber factory acceptance test conducted for the assets that may be added to the existing environment may prove disastrous for the critical network. IARM’s time tested approach for FAT – Factory Acceptance Test more like a litmus test would help organizations identify the risk prior to integration to current architecture. The Factory Acceptance Test ensures that the suppliers of the hardware and Application have adequate cyber security controls to suit the merging network prior to integration. The minimum acceptable criteria are a “PASS” in the FAT. There is no midpoint score in this evaluation system.

Cyber Site Acceptance Test (CSAT)

• Prior to integrating the new hardware or application or design change into the production environment of OT/IT Network, it is mandatory to have the Site Acceptance Test performed. The results of the Cyber Security Sit Acceptance Test shall act as the stage gate for the management to accept the design into the Production Network. The known risk is identified for which the compensatory controls are defined and implemented. CSAT is not a default test, this needs to be designed based on the current network architecture and merging in to proposed architecture.
• The FAT is an important part of the IACS cybersecurity process because it helps to ensure that new equipment and facilities do not introduce vulnerabilities into the network. By conducting a FAT, organizations can reduce the risk of cyber attacks and protect their critical infrastructure
•  

Segregation of Computing Asset Audit

• The cyber profile of each computing asset in the IACS Network irrespective of whether they form part of IT or OT Network must be mapped and risk score validated for the interfaces and flow of information. Mapping of computing assets along with the information flow and segregating them based on the function and information that the asset can process, store, retrieve is critical. An audit of the computing asset and the mapping of the information flow to identify if any leak of data to unauthorized segments is vital to eliminate possible information breach. The result may also help in adding the computing asset to either the SIEM of OT Network or to IT Network based on the Critical Infrastructure value.