 Critical
infrastructure is defined by the Department of Homeland Security as those assets, facilities, industries, and capabilities
that are needed to support commerce and our daily lives.
This includes energy, utility, oil & gas, financial,
communications, healthcare, and transportation.
Why
is Critical Infrastructure Security so important?
It
is the protection of our national security in terms of critical
systems and facilities. Many of these critical facilities such as power grids, nuclear plants, and oil refineries are run by systems that automate and control critical processes including maintaining our power, water supply, and oil supply just to name a few. These industrial systems are called Distributed Control Systems (DCS) and SCADA (Supervisory Control and Data Acquisition) Systems, and protecting both these facilities and systems takes a specialized skill set and unique consideration.
Around the mid 90's, these industrial systems began merging with more traditional
Internet Protocol (IP) networks such as corporate enterprise networks. Now, the threats
that these, once isolated, systems face are becoming increasingly more
complex, and alarmingly more common, as they are now exposed to viruses, hackers, cyber
terrorists, and other remote threats that can cause mass
system outages or even worse. In 2003, The Washington
Post reported that SCADA documents were found in Al Qaeda camps,
and Al Qaeda prisoners have disclosed their intent to target
these systems. Hacker conventions such as Defcon and Blackhat have introduced presentations specifically on hacking SCADA
and Control Systems, and an increasing number of industrial
system and network incidents are being reported.
As
if risk management wasn’t becoming difficult enough, now organizations
are challenged with complying with regulations and standards
such as NERC CIP 002-009, 6
CFR Part 27 (CFATS), and NIST SP800-53 among others. However, with the vast number of security standards and guidelines available throughout the industry, combined with their ambiguity, there is no absolution on exactly which standards to follow, which ones will be enforced, and if you will actually maintain security when it is all said and done. Furthermore, many of the current standards and guidelines available only seem to address cyber-security issues more than anything, leaving physical attack vectors and legal issues by the wayside. In many cases, current industry accepted processes actually create liability.
Who
is CIDG, Corp.?
CIDG
stands for Critical Infrastructure Defense Group. CIDG, Corp. is a Houston, TX based company specializing
in risk management and compliance for these industrial organizations. We are not just another company out there adding security assessment and "compliance" work to their existing list of service offerings or as a means to sell you a product. We are a highly trained team of specialized experts with one job... to secure your critical infrastructure. Security testing, assessment, analysis, and compliance is all we do.
We are comprised of highly trained and skilled personnel with experience
in all aspects of security (Physical, Operational, and Cyber) as well as SCADA, Process Control Networks, and Critical Infrastructure facilities. We understand the special caveats of both traditional enterprise environments as well as SCADA environments, and can effectively liaise between the two. We understand each critical infrastructure
component including the correct deployment and configuration
of technical assets such as perimeter devices, safeguards, industrial network devices, and their weaknesses. We understand physical security measures and weakness, operations, and industrial standards. We spend countless hours in our research labs learning about new vulnerabilities and the sophisticated techniques and methodology deployed by attackers to circumvent security measures.
Many CIDG staff members are well recognized in SCADA and Process
Control Systems circles as knowledge leaders in the industrial security field, and have published many white papers
on the subject. Some have been featured in articles for
many of the industry-leading trade journals and have presented
these concepts at many conferences and trade shows. CIDG
President, Clint Bodungen, is currently releasing one of the latest
books on SCADA security, "Hacking
SCADA."
Through a very strict, professional, and NSA compliant methodology, combined with extensive experience and highly
specialized expertise, our primary goal
is to improve an organization’s reliability, security,
and regulatory compliance with a complete holistic approach. From start to finish, we help define, assess, deploy, and maintain
secure and reliable assets and processes, while helping you achieve and maintain regulatory compliance.
SCADA/Process Control
- While most industry consultants focus primarily on cyber security, we take a comprehensive approach (cyber, physical, and operational) to risk management and compliance
- Our process is supported by seamless due diligence and legal consultation from industry attorneys.
- We perform our vulnerability assessments from a vulnerability focussed perspective as well as a controls focussed perspective.
- Our services are supported by the industries most powerful and comprehensive risk managment and compliance tool.
CIDG offers the most thorough risk management and compliance
program available and your organization
will benefit from our highly trained team of specialized experts and proven
methodologies,
resulting in a reliable, more secure, and regulatory compliant environment. |
|
