Safeguarding Industries Against Cyber Threats
Published on : Sunday 01-08-2021
How Arishti Info Labs is providing cost-effective digital security solutions to Indian industries.
Industrial organisations are moving rapidly to take advantage of information technology (IT) in their operational technology (OT) environments to become more competitive. Digital Transformation, Interconnected Systems, Data Analytics, SCADA, Industrial Control Systems (ICS), Industrial Internet of Things (IIoT), and Smart Sensors are now being added into the manufacturing process to improve productivity, profitability, and reduce costs with the support of these advanced technologies. Along with the benefits of an increase in efficiency and data sharing come mounting OT security risks to their infrastructure.
How concerned are industry leaders with the security and safety of their systems and data?
A security guard at the entry point of any factory or office is very important. Many businesses have installed CCTV in the factories and offices for general safety purposes. What about the safety of our digital system? Devices like SCADA, PLC, HMI, Server, PCS, etc. Is installing just anti-virus or firewalls sufficient to safeguard the whole system? An absolute NO.
In October 2020, Mumbai suffered the worst blackout in decades. Local train services were disrupted due to a power outage at 10 am and the power supply was restored only for essential services like trains and hospitals at around 2 pm.
The power disruption halted trains and shut down stock exchanges and hospitals for hours. Several areas in suburban central Mumbai faced outages for almost 10 to 12 hours.
Maharashtra Energy Minister Nitin Raut affirmed that a news report by the New York Times (NYT) claiming that the massive power outage in Mumbai last year could have been due to a cyber-attack on the Mumbai power grid.
The threat of such cyber-attacks is real. Is the industry prepared to counter such attacks?
There are counter measures available against cyber-attacks
It is against this backdrop that Arishti Info Labs offers a portfolio of OT security services to help establish an automation security guard for the enterprise.
Why is an Automation Security System required? Is it required even for MSMEs?
Nowadays in an industrial environment, almost all organisations use some kind of Industrial Control System (ICS). ICS is a general term that encompasses several types of control systems and associated instrumentation used for industrial process control. There are hardware and software systems that detect or cause a change, through the direct monitoring and/or control of industrial equipment, assets, processes and events.
There are various types of Industrial Control Systems:
1. Programmable Logic Controllers (PLCs)
2. Distributed Control Systems (DCS).
3. Intelligent Electronic Devices.
4. Supervisory Control and Data Acquisition (SCADA).
5. Programmable Automation Controllers.
6. Human-Machine Interface (HMI).
7. Industrial Automation and Control Systems (IACS)
8. Remote Terminal Units (RTU), and
9. Computer Numerical Control (CNC) systems, including computerised machine tools.
One of the most dangerous misconceptions companies harbour is, ‘Our OT systems are still safely air-gapped because our manufacturing line isn’t connected to the Internet’. It is highly unlikely that any manufacturing control system is truly isolated. Just one user who can access the production system while logged on to the Internet, or who connects to the system with a notebook or tablet, creates security vulnerabilities. These vulnerabilities may result in loss of production or important data, loss of business secrets, money or the reputation of the organisation.
Cybersecurity for ICS
Despite the threats of a cyber-attack on computer-controlled industrial systems, industrial users of these systems are hesitant to adopt common security technologies. The reason either may be lack of knowledge of risk factors associated or lack of awareness of the suitable technology. In recent years, sophisticated malware that specifically targets weaknesses in ICS is on the rise, posing a significant threat to the security of your plant and business. Especially in our country, due to the lack of resources and proper security control measures, industrial control systems and information have become an easy target for hackers.
At Arishti we help companies identify threats and implement cybersecurity approaches to protect from such attacks.
We provide support and services in the following ways to safeguard your systems:
1. Security Assessment
We start with the Security Assessment to assess the current state vs security best practices. We do an extensive risk analysis of ICS systems along with the infrastructure for security posture. In the end, we submit our findings with recommendations to help enhance security levels.
2. Vulnerability Assessment & Penetration Testing of ICS/SCADA
Our team of experts is well versed in handling complex and large-scale OT networks in any ICS environment. We follow the 3-step process to assess the ICS security posture:
1. Securing the industrial automation infrastructure from the network.
2. Testing your enterprise infrastructure
3. Assessment of selected industrial control devices to diagnose the vulnerability of industrial infrastructure.
Our penetration testing is a simulation of tactics used by the attacker to compromise the ICS system, which is well-aligned with the industry standards.
3. ICS/SCADA Audit Services
Regular security audits of your ICS, SCADA, and OT networks play an essential part in defending your systems against cyber-attacks. Our security audit is conducted based on internationally accepted industry standards.
Our team analyses the effectiveness of anti-virus protection, 3rd party software if any, firewall rules, and many other areas of your OT networks.
4. ICS/SCADA Security Advisory & Risk Assessment
This is to bring out any possible flaw in large-scale OT networks. Our team will identify threats that could adversely affect critical operations and harm your OT networks. We document the risk and develop an appropriate action plan. The action plan includes cost-effective solutions to help mitigate cyber threats and risks.
5. ICS/SCADA Security Incidence Response & Forensic
In case of a cyber-attack, a quick and effective response is necessary. Our team of experts immediately isolate the problem area and help resume business operation with alternative methods. Our cybersecurity masters are trained in rapid incident response to identify, eradicate, or contain the attack for minimal impact on business and OT networks. Our rapid incidence response team can immediately come up with an action plan to protect the system from further damage.
Industrial segments catered to
Industry 4.0 revolutionised and transformed the connected computerised systems in industries and how they can effectively collaborate to work together. The adherence to these standards is critically important for diverse industrial verticals.
We are dealing with the following major industry sectors including MSMEs in the respective segment:
a. Power
b. Water
c. Manufacturing
d. Chemical
e. Transport
f. Healthcare
g. Oil & Gas, and
h. Pharmaceuticals.
Our mode of operation
Our experts are capable of handling small to large scale clients and simple to complex projects. We give proper attention to detail and assign nimble-fingered security experts capable of delivering security services.
We operate in a phased manner as follows:
Phase-1: Infrastructure Identification
We carry out infrastructure identification to accumulate information about critical business processes, Cyber Assets, Cybersecurity Controls, and incoming/outgoing dependencies.
Phase-2: Assess/Evaluate Vulnerability/Threats/Risk
Then we perform assessment/evaluation of security controls identified in the above phase. We also evaluate past reports of vulnerability threats and risk assessment. We evaluate architecture used in OT networks, any international standards applied, and compliance with security controls implemented for correctness, consistency, and completeness.
Phase 3: Implementing Security Controls
Based on the assessment of OT networks we will plan and implement new security controls for enhanced cybersecurity of your ICS.
Phase 4: Verification of Implemented of Security Controls
Once implementation is done, our team conducts verification checks to ensure the proper functioning of those controls. We use numerous verification techniques that help identify the effectiveness of security controls. In the end, we submit a report of verification checks to the client.
Phase 5: Ensure Compliance to Audit
At last, we diligently conduct compliance with cybersecurity audits. We thoroughly monitor clients' OT networks and properly document every minute detail. Finally, the compliance audit report is submitted to the client for future records.
Who are we?
Arishti Info Labs works to safeguard the industrial civilisation from cybersecurity threats and risks. Arishti is an adaptation from Sanskrit that means security or safety. Arishti Info Labs is an Indian technology company founded by young entrepreneurs who have specialisations in the field of Cybersecurity, Incidence Response and Digital Forensics Investigation.
In the world of rising cyber threats, we help organisations with large-scale OT networks mitigate any security threat to their systems before any incidence. Arishti works to secure the IIoT (Industrial Internet of Things)/ICS and other system networks in OT environments of manufacturing, water, oil gas, power, chemical, automotive, transport, pharmaceutical, healthcare sectors. We are well equipped with the knowledge, skills, and technological advancements to provide cybersecurity solutions for organisations with complex IIoT /ICS infrastructure.
Our team members are qualified technology professionals with MTech in Cybersecurity and Incident Response from the reputed institute National Forensic Science University, Gandhinagar, India. We have a team of certified experts on ICS (Industrial Control System), SCADA (Supervisory Control and Data Acquisition), OT (Operational Technology), and cybersecurity. Our cybersecurity masters have extensive experience in the field of Incidence Response, capable of bringing your industrial networks online after a cybersecurity incident in the least amount of time possible, reducing your losses significantly due to unexpected downtime. We work to establish trust in industrial society by solving mission-critical cybersecurity issues.
Why Choose Arishti Info Labs?
Arishti Info Labs is registered under the Companies Act, 2013 and headquartered in Gandhinagar, Gujarat. The wholly Indian company is concerned about providing cost-effective digital security solutions to Indian industries. Founded by young Indian technocrats, the company is interested to make our country Atma Nirbhar in cybersecurity.
Arishti Info Labs Pvt Ltd. Website: https://arishti.com/
(Tech-Focus is a marketing feature of Industrial Automation. Contact: [email protected])
