Page 34 - Cyber Defense eMagazine for September 2020
P. 34

Typically, the SCADA system functions as an active operation’s nervous system, notifying operators of
            failed activities, errors and equipment that is functioning out of tolerance. Data from a comprehensive
            SCADA system permeates an organization’s business processes by:

               •  driving maintenance and safety programs
               •  informing operational efficiency assessments
               •  providing details for capital investment decisions
               •  incorporating the data into the Enterprise Risk Management function

            Because  SCADA  systems  provide  such  foundational  and  pervasive  data,  if  it  is  inaccurate  or
            compromised, the impact on a business can be dramatic.


            CISA’s vision is to achieve a collective approach with industry and government that will:

               •  Empower the ICS community to defend itself
               •  Inform ICS investments and proactive risk management of NCFs
               •  Unify capabilities and resources of the Federal Government
               •  Move to proactive ICS security
               •  Drive positive, sustainable, and measurable change to the ICS risk environment

            While taking responsibility for leading the initiative, CISA calls on the private sector to participate. In the
            first of four pillars that will guide its efforts, CISA aims to “Ask more of the ICS community, and deliver
            more to them.”

            The initiative places significant emphasis on developing and implementing joint ICS security capabilities,
            mapping and identifying the degree to which specific national critical functions (NCFs) depend on ICS,
            and elevating and prioritizing ICS security around a unified “One CISA” strategy.

            Over the next several years, CISA will work with other government agencies at the federal, state and
            local level as well as private partners in the ICS community. Working together, the goal is to achieve
            sustainable ICS security and to drive wise ICS security investments in the future.


            Organizations should view this is an opportunity to take a fresh look at the overall security strategy for
            ICS  and  SCADA  devices  and  networks  and  ensure  plans  have  been  updated  to  meet  current
            expectations.



            About the Author

            Trip Hillman is Director of Cybersecurity Services at Weaver, a national accounting
            firm. He has nearly a decade of hands-on experience evaluating IT security in a
            broad range of environments. He has performed and led over 200 substantial audits
            across  hundreds  of  unique  IT  environments  and  is  called  on  regularly  to  help
            organizations  evaluate  their  overall  security  posture  and  to  develop  prioritized,
            balanced  roadmaps  for  increasing  security  maturity.  Trip  can  be  reached  at
            [email protected] and at our company website: www.weaver.com.





            Cyber Defense eMagazine – September 2020 Edition                                                                                                                                                                                                         34
            Copyright © 2020, Cyber Defense Magazine.  All rights reserved worldwide.
   29   30   31   32   33   34   35   36   37   38   39