Hexagon Infocenter

Identify, Evaluate, and Prioritize Industrial Cyber Risk

A SANS First Look

Written by Dean Parsons | October 2023

 

Introduction

Industrial control system (ICS) and operational technology (OT) security—protecting the systems that monitor and control manufacturing, transportation, water-management systems, and electric power grids—represents one of the more challenging areas for security professionals. These critical systems are increasingly being attacked by sophisticated attackers, including ransomware gangs who focus on ICSs and, worse, nation-state actors capable of causing engineering system disruption, physical damage to engineering equipment, and even harm to personnel.

 

ICS/OT Cybersecurity Challenges

ICS/OT and traditional IT systems, though often compared to one another, have different missions and objectives and require different security controls. Traditional IT security focuses on digital data at rest or in transit, whereas ICS/OT systems manage, monitor, and control real-time engineering systems for physical input values and control output for physical actions in the real world. Adversaries targeting an ICS necessarily use different tactics and techniques for access, execution, collection, and persistence in their attempts to degrade safety, manipulate controls, damage physical engineering assets, or harm personnel or the environment.



First Look

In this SANS First Look, we review PAS Cyber Integrity®, an updated version from Hexagon designed to address key ICS/OT security vulnerability management challenges, provide engineering and cyber resiliency against modern ICS cyberattacks, and help ensure regulatory compliance.

PAS Cyber Integrity has capabilities in multiple critical ICS/OT security domains, including engineering-asset vulnerability management, configuration management, visibility into asset configurations, and backup and recovery (See Figure 1)

PAS Cyber Integrity

Figure 1. PAS Cyber Integrity ICS/OT Security Capabilities