At the second Omsk International IT Forum, Mikhail Smirnov, Head of Industrial Control System (ICS) Protection Practice, told the audience about the establishment and operation principles of this new business practice. As part of the ICS Information Security seminar supported by SKB company, Mikhail shared InfoWatch’s comprehensive approach to the creation of ICS protection systems, including requirements engineering.
The ICS Protection Practice offers a set of services designed to ensure data security at any ICS lifecycle stage; InfoWatch ASAP, a hardware and software suite adapted to production networks and featuring firewall, intrusion detection, and object security analysis modules; as well as suites for wireless network analysis and protection against targeted attacks.
“We offer end-to-end security at the level of programmable logic controllers, sensors, and controlled mechanisms”, said Mikhail Smirnov. “Our system significantly reduces the ICS cybersecurity risks, prevents any impact of newly implemented protection tools on production processes, and ensures regulatory compliance.”
InfoWatch’s ICS protection services include ICS audit, security design and requirements engineering, development of cybersecurity management system, as well as design, implementation, maintenance, and decommissioning of ICS protection systems.
The scope of work comes from the ICS parameters, maturity, and structure, as well as data protection tools, their creation dates, availability of source information, maintenance window schedule, and customer’s tasks, deadlines, and budget.
“As part of any project, we elaborate technical requirements to the protection system being a key enabler of ICS cybersecurity,” noted Mikhail Smirnov. “At this stage, we estimate the protection system creation cost and prepare data required for a feasibility study, system design, requirements specification, local regulations, standards and methodologies, as well as enterprise personnel training.”
In addition, Mikhail told the Forum attendees about the proofs of concept completed and the technology partnership program aimed to increase the number of supported Russian-made solutions.
The seminar participants also discussed the effective Russian laws on cybersecurity of critical IT infrastructure, as well as existing approaches to and solutions for information security of industrial sites.