The world's most capable, rugged and secure
industrial control system...
Introducing Bedrock OSA® Remote
- Intrinsically-secure PLC and RTU control
- 10 or 20 channels of universal I/O
- Free IEC 61131-3 engineering software
- -40ºC to +80ºC temperature range
- Rugged, all-metal case 5.4 in x 8.9 in x 2.3 in
NEWS RELEASE: Bedrock Automation Releases Comprehensive ICS Cyber Security Best Practices White Paper
January 16, 2018
San Jose, Cal. – January 16, 2018 – Bedrock Automation, the maker of the world’s first Open Secure Automation (OSA®) platform, has released an informative white paper on the cyber security vulnerabilities and defense of industrial control systems. The 20-page document, Securing Industrial Control Systems – Best Practices, covers the threat landscape and presents a holistic approach to defending it, including assessing risk, physical security, network security, workstation and server security, as well as the fundamentals of OSA.
“As we discuss cyber security with users of automation, we find that many are aware of the threat potential but are not sure if they are doing enough to protect themselves. We saw the need for a technical paper that explains both the mindset and motives of an attacker, as well as the tools and technologies of defense. This paper defines the issues in a practical, holistic way while providing recommendations on how to begin and sustain best practices for cyber defense,” said Albert Rooyakkers, Bedrock founder and CEO.
The first half of the paper covers conventional cyber security practices that apply to all industrial control systems. It provides an assessment of the threats, including drive-by attacks, advanced persistent threats (APTs), espionage, process attacks, and ransomware. It also looks at assessing the related risks, with an introduction to Process Hazards Analysis (PHA) and Hazards and Operability (HAZOP) methodologies used to identify malfunctions that might harm people, the process, or the environment.
To assist with risk assessment, the paper provides an overview of conventional protection practices. This includes network segmentation, firewalls, and DMZs; managing workstations, servers, end-users, and applications; and implementing active defense measures, including security event monitoring and management.
The second part of the paper is devoted to more recent techniques, based on the application of intrinsic cyber security advances that have been applied in military, aerospace, and ecommerce, and are now being used to protect industrial control systems. These create a hardware end-point root of trust that combines advanced cryptography, digital signing techniques, an industrial certificate authority, and public key infrastructure (PKIs) built into the control system to create an infrastructure for user defense.
The paper also presents the features of the Bedrock Open Secure Automation platform, which embraces the best practices discussed and details the process by which they can be applied to legacy and new systems.
Visit www.bedrockautomation.com/revolution to download the new white paper, Chapter 4: Securing Industrial Control Systems – Best Practices, and preceding chapters in the white paper series.
About Bedrock Automation
Bedrock Automation, based in San Jose, California, is the maker of Bedrock®, the world’s most powerful cyber secure automation platform. From Silicon Valley, Bedrock Automation has assembled the latest technologies and talents in both the automation and semiconductor industries to build an unprecedented automation solution for industrial control based on three prime directives: Simplicity, Scalability and Security. The result is an open yet secure system with a revolutionary electromagnetic backplane architecture and deeply embedded cyber security, which delivers the highest levels of system performance, industrial cyber security, and reliability at the lowest cost of ownership.
For more information, contact Bedrock Automation at +1-781-821-0280, send an email to firstname.lastname@example.org, or visit www.bedrockautomation.com.
August 27, 2020
The National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) have urged critical infrastructure facilities to take […]
August 27, 2020
A second bit of ransomware code designed to target industrial control systems has emerged. Similar to the Megacortex malware that […]