dubai cyber security 02 ics scada cyber security standards, solution tips and challenges v1.0
DESCRIPTION
ICS SCADA Cyber Security Standards, Solution Tips and ChallengesTRANSCRIPT
ICS/SCADACyber Security Standards, Solution Tips &
ChallengesAhmed M. Al Enizy
IT Security ManagerInternational Systems Engineering
04/10/20232
In the era of Cyber War, securing ICS and SCADA systems helps in protecting national infrastructure thus preserving steady national economic growth. But deploying the right technical and/or physical solutions is not enough.
There are too many Security Standards for each industry that can complement Technical Solutions.
There is no single Standard that covers everything. This adds to the increasing complexity of ICS/SCADA
Management, Governance, and Compliance.
Bottom Line
04/10/20233
Difference between Standards, Frameworks, and Best Practices
ICS/SCADA Security Standards Which One is Good? Solution Tips How Does ISO 27001 Works? General Challenges
Agenda
04/10/20234
Standards, Frameworks, Best Practices
Act
Regulation
Standard
Framework
Best Practice
Legal
Technical
04/10/20235
ICS/SCADA Security Standards
14 different standard for different Infrastructure Sectors (Energy and Power, Oil, Chemical, Defense, Water Treatment, Emergency Services, IT, Communications)
API - American Petroleum Institute IEC - International
Electrotechnical Commission IEEE - Institute of Electrical and
Electronic Engineers ISA – Instrumentation, Systems,
and Automation Society ISO - International Organization
for Standardization NERC - North American Electric
Reliability Council NIST - National Institute of
Standards and Technology
04/10/20236
Good standard◦ Incorporates the Plan-Do-Check-Act approach.◦ Mature and stable.◦ Not contradicting or in conflict with corporate or
international standards.◦ Clear and easy to understand.◦ Systematic.◦ Realistic and practical.◦ Solves all parts of the problem.◦ Well structured and organized.◦ Measurable. ◦ Has a clear accreditation and certification process.◦ Widely followed and adapted.
Which one is Good?
04/10/20237
There is no “silver bullet”, and definitely there is no single solution.
Avoid reinventing the wheel, we are using their technologies therefor it is best to use their standards and conceder consultation.
It is a result of collaborative efforts through shared responsibilities supported by commitment, resources, and consultation.
The right starting point is choosing the right standard. You can consider Corporate GRC program to adapt the
security standard you have chosen. GRC market solutions provide technical assistance and
automation in managing GRC program vertically and horizontally.
Solution Tips
04/10/20238
How Does ISO 27001 Works?
04/10/20239
General Challenges
Cultures
PsychologicalFactors
Commitment
Cost
Complexity
Limitation
Compliance
Flexibility Integration
People Tech.
Process
SupportAuthority
Awareness
04/10/202310
Overlapping and intersection between standards.
Overlapping and varying abbreviations and definitions.
Growing complexity of compliance both vertical and horizontal.
Limited compliant ICS/SCADA suppliers with Security Standards.
General Challenges – Cont.
04/10/202311
Thank youQ / A
http://sa.linkedin.com/in/ahmadalanazy
@SaudiSecurity