Guest Post | Advt. | Query: info@techrecur.com

New report from CREST highlights the need to improve cyber security in Industrial Control Systems


A lack of standards-based technical security testing is putting industrial control environments and critical national infrastructure at risk

29 June 2017: There is a pressing need to improve cyber security in Industrial Control System (ICS) environments to avoid future breaches that could impact critical national infrastructure concludes CREST, the not-for-profit accreditation body representing the technical information security industry, in its latest position paper, ‘Industrial Control Systems: Technical Security Assurance’. The report highlights a number of challenges and suggests that more technical security testing has a significant role to play in ensuring higher levels of security assurance are met.

CREST logo
The report draws on the diverse views of the Industrial Control Systems and technical security communities and proposes a model for gaining greater assurance in ICS environments. It was based on the findings of a research project – which looked to set out the main challenges and POSSIBLE solutions for protecting Industrial Control Systems, many of which are based on legacy technologies.

One of the key findings in the report is the absence of periodic standards-based technical security testing that is commonplace in many other industries. Because of this, ICS environment owners and operators have no objective way of knowing whether cyber risk is being adequately managed and at present there is no definitive standard for testing ICS environments that is mandated by regulatory bodies. The fact that ICS environments are rapidly changing also leads to a higher degree of exposure.

“ICS environment owners require assurances that risk is being identified, assessed and evaluated. Above all else they need to know that there are appropriate measures in place to manage and mitigate risk,” explained Ian Glover, president of CREST. “Research on the project has helped to identify the high-level characteristics of a practical technical security testing approach and organisations should consider how this could add value and protection. It is clear that ICS environments are more sensitive than conventional IT environments and any penetration testing of systems needs to be planned and undertaken with a high degree of trust, skill and caution.”

“This position paper is supporting the work CREST is doing in many parts of the critical national infrastructure in the roll out of intelligence led penetration testing,” added Glover.

The UK National Cyber Security Centre (NCSC), commented. “We believe this paper provides a valuable contribution to the current thinking on this challenging topic and we look forward to working with CREST, as well as ICS operators and the cyber security industry in order to make the UK the safest place to live and do business online.”

The position paper is for organisations in both the private and public sector and is mainly targeted at IT managers, information security managers and technical security testing specialists. It will also be of interest to process engineers, safety specialists, business managers, procurement specialists and IT auditors.

CREST is now looking to expand on this initial ICS research to develop detailed guidance material that can be used by specialists to help secure ICS environments and in particular those that make up the Critical National Infrastructure. You can look at the full report here: http://www.crest-approved.org/wp-content/uploads/CREST-Industrial-Control-Systems-Technical-Security-Assurance-Position-Paper.pdf


About CREST
CREST is the not-for-profit accreditation body representing the technical information security industry. CREST provides internationally recognised accreditation for organisations and individuals providing penetration testing, cyber incident response and threat intelligence services. All CREST Member Companies undergo regular and stringent assessment; while CREST qualified individuals have to pass rigorous examinations to demonstrate knowledge, skill and competence. CREST is governed by an elected Executive of experienced security professionals who also promote and develop awareness, ethics and standards within the cyber security market.

For more information contact: Allie Andrews, allie@crest-approved.org or Sam Morgan, sam@prpr.co.uk

Have any Question or Comment?

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

::::::::::::::::::::::::::::::::::3451:::::::::::::::::::::::::::::::::;;

::::::::::::::::::::::::::::::::::6733:::::::::::::::::::::::::::::::::;;

:::::::::::::::::::::::::::::925:::::::::::::::::::::::::::::::

TRIO STEEL IS ONE OF THE MOST TRUSTED BRAND AND LEADING EXPORTER AND SUPPLIER OF CARBON STEEL, ALLOY STEEL & STAINLESS STEEL PIPES & PIPE FITTINGS MATERIAL. Triosteel is one of the leading Suppliers and Exporters of API 5L Pipe in Singapore. Triosteel also Exports to many countries like Indonesia, Iran, Saudi Arabia & many more. An API 5L pipe is manufactured by adhering to the specifications laid down by the International Organization for Standardization (ISO) 3183.

::::::::::::::3453:::::::::::::

2780

buy! buy! CHEAP! Telefonie VoIP CHEAP! buy! buy! CHEAP!

2781

buy! buy! CHEAP! Telefonie VoIP CHEAP! buy! buy! CHEAP!

——————————————–

For the 2012 MLB period, we found an totals forecast Joao’s Renowned Over/Under João Zorro Gonçalves, Zcode Totals Pro, System of the time with progressions that have been successful over 98 98% ... We eventually perfected our over/under program ( Zcodesystemexclusive ), although it h-AS has brought years of investigation. Five Steps to Making a Winning MLB Method: 1. Execute appropriate cash management tools. 2. MLB rules that are comprehend. 3.Extensive testing back to make sure successful longterm results ...

——————————————–

There is always a challenge when you're dealing with the Foreign Exchange Market. That's just the nature of the beast. The best thing you can do is to learn about how the market operates as a whole so that you will be ready to meet these challenges. iq option penipu Never be misled by any profit gains in binary options. This is the number-one way traders end up losing their money and ultimately failing. Remember that the same things that make you laugh can make you cry in this market, and you can lose that $700.

——————————————–

Learning Polish has never been this fun and easy as with our podcasts Learn Polish with Polishpod101 Start today and become conversational in Polish in no time

——————————————–

The Best Website Agen Poker Resmi www.sakupoker.com Terpercaya come join

——————————————–

Do you need edmonton phone systems service ? Call complete communications today!

——————————————–

High-tech solutions for easy start-up of your IPTV/OTT-business

——————————————–

——————————————–

If you want to purchase not only one item, you have a chance to enjoy privileges. There is a sale’ tab on the site which offers a fantastic range of reduced counterfeit watches and accessories, such as sunglasses, cufflinks, watch straps and pens. Luxury Jewelry Replica At MCA.MN On Sale You get a 5% discount if you buy two pieces, this discount increases to 10% if you buy 4 pieces or more. There is free international shipping on all orders on this site. We also offer customers a free return anytime with a 100% money back guarantee.

——————————————–

:::::::::::::::::3452:::::::::::::::::::