- Attackers
- Bot-network operators
- Criminal groups
- Malicious Insiders
- Spyware/malware authors
- Terrorists
- Industrial/State sponsored spies
- Policy and Procedure Vulnerabilities
- Platform Vulnerabilities
- Network Vulnerabilities
These vulnerabilities are introduced into the ICS due to incomplete, inappropriate, or non-existent security documentation, including policy and procedures.
Platform Vulnerabilities These vulnerabilities can occur due to flaws, misconfiguration, or poor maintenance of hardware, operating systems, and ICS applications.
These vulnerabilities in ICS may occur from flaws, misconfiguration, or poor administration of ICS networks and their connections with other networks.
Our team of experts follow a step by step procedure to do a thorough security assessment of your mission critical SCADA systems to find out how vulnerable they are against external attacks done by malicious users and how much they are compliant against the security standards such as ICS-CERT, DoE (Department of Energy), DHS (Department of Homeland Security), NIST SP 800-82 Rev 1, NIST SP 800-53 Rev 4, TR99.00.02 and ENISA guidelines for ICS systems, National ICS Security Standard, Qatar etc. We use the following tools for our assessment process such as AuditPro (our in-house developed Auditing tool), Nmap, Nessus, Super scan etc.
NII Methodology for ICS systemsAs per the criticality of the ICS, here is the brief snapshot of NII Methodology:
- NII follows NIST, DoE, DHS security guidelines for ICS risk assessment.
- NII will review existing policy and procedures, else will assist to develop the new policy and procedure as per the global best practices for ICS.
- NII will start project with site survey which will include onsite visit to the PDCs and PMUs sites on sample basis. This will help us to understand how ICS are being utilized.
- NII will perform network diagram review on site visit.
- NII will perform Risk based Assessment which will combine Automated and Manual assessment as ICS components are prone to be crash.
- NII will report immediately to the stakeholders about any critical issue found during the assessment process.
- Post assessment, NII will submit the drafted report to the management for their input.
- Once approved by management, NII will release the final report.
- The importance of system and configuration hardening mission-critical SCADA systems
- You will come to know these complex machines better and secure them accordingly
- You can be sure that your SCADA system is actually isolated