Page 37 - index
P. 37
Step 3: Vulnerability assessment
Once systems are cleared for testing, they need to be subjected to penetration testing. This
process is similar to conventional penetration testing, but with these industrial control
systems organizations need to make sure that they are not saturated and not denying
service to legitimate users.
Step 4: Threat modeling
With the information obtained from testing performed on the ICS environment, a threat
model can be developed and risks can be determined. This process is generally performed
when a conventional penetration test is impossible. Threat modeling allows the organization
to understand how the systems in the environment will be attacked, the types of
compromises that will occur and the likelihood of attacks.
Conclusion
The threat landscape is constantly changing, and with it, modern cyber defences must
evolve even more quickly. An enterprise approach to these challenges supported by
technology, process and cooperation across the organization will help improve threat
intelligence and stay one step ahead of cyber criminals in this age of digital criminality.
About the author
James Clark is an executive manager at BAE Systems Applied
Intelligence, where he is responsible for managing and delivering cyber
security services to clients in the energy and utilities sectors. James has
significant experience within the industry, having served as an IT
consultant for various major systems integrators. Since 2000, he has
mainly focused on the energy, utilities and government sectors.
! " $
! # ! "
