Page 36 - index
P. 36
Modern Cyber Defences
These examples demonstrate that network intrusion can leave an organization open to more
sophisticated threats that range from the theft of valuable information to full access/control of
operations. Therefore, governments and organizations must improve their threat intelligence
through both industry-leading technology and processes.
BAE Systems Applied Intelligence launched IndustrialProtect with these challenges in mind
to allow organizations to monitor, protect and secure intelligence and operations amid the
ongoing convergence of Operational Technology (OT) and enterprise Information
Technology (IT).
IndustrialProtect works by verifying the identity of the individual or system sending
information, that the information is received as it was sent and also that the content is
intended and appropriate for the receiving system through five key features:
Network segmentation without breaking critical business process,
Prevention of unauthorized systems from exchanging information,
Assurance that the integrity of information is preserved from source to destination,
Transparency to existing systems and a very low attack surface, and
Full remote management from a central console.
Critical systems, thereby, are protected from access, manipulation and control by
those intending to carry out harm through disruption and sabotage.
Additionally, BAE Systems Applied Intelligence has a four-step process to test and assess
the security of ICS for energy and utilities:
Step 1: Key stakeholder engagement
Working with key engineers and IT staff helps organizations understand the systems,
environment, their function and platforms upon which they are hosted. In this first phase, it is
important to identify if there are any test environments which could be used for the
assessment. To provide a strong assessment of the production environment, organizations
need to determine how close these test environments are configured with the production
system.
Step 2: System sensitivity mapping
The information obtained in the key stakeholder engagement can be used to develop system
mappings and group the systems based on sensitivity and criticality. This lets organizations
understand the systems and determine which ones are good for testing and which systems
entail a high risk of compromising the operational availability. This system knowledge can
then be used as a working tool for all future implementations in the environment.
! " $
! # ! "
