Cyber Security Solutions for Critical Infrastructure Protection (CIP)

smart grid a

 

HOLISTIC Risk-Driven Management Platform, for Cyber-Security & Compliance 

Critical Infrastructure (CI) Sectors such as energy, transportation, health and telco among others can reap benefits from a security & compliance management platform that is adapted to their distinctive needs.

WCK and its enhanced risk assessment framework EESA™ (End-to-End Security Assessment) are designed to provide Critical Infrastructure Protection (CIP) to organizations that use a combination of both IT and OT (Operational Technology includes control systems, embedded systems, advanced metering infrastructures and end devices).

The WCK solution is proving increasingly essential, as security threats grow and regulatory tightens. Enterprises need a comprehensive security management solution, which covers the enterprise’s Infrastructure (IT, OT, Physical) as well as its vendors.

Security assessments and compliance verifications activities are growing within Critical Infrastructure sectors. Such efforts are costly, and due to the shortage of experienced specialists, may be timely. An automated solution suitable for the telco sector will save costs and time and will provide a clear security posture in a simple language that will enable management to take informed decisions.

The WCK platform provides:

Immediate virtualization of complex architecture

OT/IT/ Physical & Dependencies Correlations 

Risk assessment automation:

Systems, human input, dynamic threats

Aggregation and correlation of thousands of risks

Investigation tools:

Overall risk/compliance view

Identification of global operational/business risks

Root cause, business priorities, costs

Actionable decision support tools:

Overall Risk visibility in a business language

Remediation prioritized, based on business – What to do, when, etc.

Remediation management  – On-line status updates, overdue alerts

Supply Chain Protection:

Full coverage for the organization and its suppliers

Next Phase:

Integrated security assessment and threat intelligence alerts

WCK Eco-System- Overall security-management for Enterprise and its 3rd Party Vendors

WCK’s Ecosystem includes a rich offering of different modules. The same technology is implemented within two main solutions:

On-premise platform for Enterprises- The solution provides security analytics that assess cyber risks and compliance gaps. It provides overall clear visibility for managers, and enables actionable security management.

Self-Assessment Portal for Vendors -These vendors, which are part of the supply chain of those enterprises. Composed mostly of small to medium enterprises, they are usually not protected against cyber-attacks. According to Zurich, 42% of supply chain disruptions are caused because of vulnerabilities within the suppliers. WCK enables the integrated security management of these suppliers.

The solution provides self-assessment capabilities, with a set of integrated security services: monitoring, watchdog, and cyber-intelligence (which can be implemented selectively in a phased approach). WCK thus enables the enterprise to reduce the risks coming from its providers. The WCK portal can also provide cyber-insurance underwriting analytics, which automatically convert the security information gathered into underwriting and actuary data; a process that reduces the cyber Insurance costs.

These two products can be implemented separately, or as an integrated solution.
The integrated solution enables to link the cyber-security risks of enterprise vendors to the overall supply chain process of the enterprise that they serve.

WCK’s interdependency mapping adds a new dimension to the actionable management of the cyber-security risks, and enable boards and senior management to know the real business risk of each of their vendors and take the needed steps to mitigate them.

The information below is focused on WCK’s Platform for Enterprises. Information regarding the other components of WCK are provided in an additional document.

An asset-based approach supports a diversity of assets

Asset-based risk management is at the core of the WCK platform and not just another dimension, as is the case in most GRC tools.  Virtually anything can be defined as an asset, and WCK’s Risk Engine can be assigned to sector, asset type and attributes, based on the required security concern.

Assets can be: Business services, critical processes, systems, devices, etc.
Value for CIP  The asset-based approach provides value for IT environments, but is of particular value for critical infrastructure, where the diversity of IT, non-standard systems and devices is high.
Vertical market blueprints WCK and its partners have developed blueprints for different vertical sectors (medical

systems, water stations, etc.), which include each market’s unique assets and policies.  Such blueprints can be used out of the box and significantly save time and human resources.
Collecting and analyzing risk Information from any type of external system - 
This is  simple and intuitive thanks to the asset approach.  Findings are easily correlated around assets, eliminating the time-consuming and complicated mapping-per-finding required by other solutions.

Asset-driven policies simplify complex infrastructures security

Organizations with complex environments cannot use a single, standard policy.  They require multiple cyber and security policies. This is especially true for critical infrastructure organizations with non-standard systems.

WCK enforces multiple asset-driven policies based on:

  • Type of asset – IT, embedded, SCADA…
  • Asset Zone – control, production, safety…
  • Other asset properties – outsourced, DMZ, cloud, any parameter needing a set of controls.

Example for asset-based security requirements in Critical Infrastructures:

C5MS

 

 

Applying compensating controls for CIP is a must, as it is often impossible to implement standard IT security solutions for non-standard assets.  For example, if you can’t implement patch management in a production zone, then you need to strengthen your perimeter defense.
Industrializes unique know-how of vulnerabilities and controls for critical infrastructure. Malicious attacks can target little-known vulnerabilities of non-standard assets such as centrifuge controllers, core routers, etc.  Such attacks cannot be found by standard security solutions since their attacks lack known signatures and patterns.

The only way to protect against such targeted attacks is to set specific, asset-driven security requirements (policies) that are driven from an understanding of the unique vulnerabilities of these specialized assets.

But this knowledge is typically hard to find, and resides with only a small group of individuals.  WCK’s asset –

driven policy support enables capturing this know-how and attaching it to its relevant asset type.

The software enables multiple policies that are customized for each asset and seamlessly enforced by the security teams of the organization.

Risk Analytics reduce time and costs of risk management

WCK risk analytics and algorithms reduce the time and cost spent on senior and specialized consultants.

Objective, fact-based questionnaires are created automatically by blending the right mix of controls from multiple policies.  As a result, even less experienced consultants and employees are able to collect factual answers.

Automated risk assessmentWCK analyzes these answers and performs an automated risk assessment, further reducing the need for a higher level of expertise during much of the review lifecycle.

Streamlined workflows. The software automates many of the mundane, operational tasks of audit management and mitigation management. WCK includes workflows that automatically send emails, alerts and escalations.

Cost savings and faster ROI on risk management processesWCK risk analytics results in more efficient utilization of senior experts and consultants. Their valuable time can be used where it counts, to build the complex policies required for critical infrastructure security and to study and expose hidden vulnerabilities.

Decision-support tools driven by business processes and priorities

One of the challenges of risk management for critical infrastructure is getting a clear understanding of how multiple, technical risks from diverse systems affect the business. WCK provides a wealth of customized dashboards, reports and analysis tools that enable management insight into risk and compliance.

Uncover hidden vulnerabilities with visual toolsthat model the complex dependencies between IT assets, non-standard systems, physical devices and logical assets that serve critical business processes.

WCK Dependency Maps enable business impact analysis by tracing how risks propagate across organizational processes and complex environments.

Perform smart risk aggregation from multiple perspectives.  WCK’s aggregated risk assessment is based not just on risk criticality, but also on its business impact and the dependency analysis between business assets and the technical components that serve it.

Analyze risk from different business perspectives such as safety, legal, productivity, brand and finance.

Perform root-cause analysis in 3 clicks.  A manager can zoom in and find the root cause of a business process or service at risk, down to the specific technical risk finding.

SDLC – Secured Development Life Cycle. For designing: Plants, Systems, and Solutions

WCK Platform provides an SDLC module that supports design, development and implementation processes. It enables users to define a phased approach for each project, to set their own security requirements and to follow its fulfillment in an automated way.

The module can be used to design plants including all of their components and systems, and even to define security requirements for installation of sophisticated solutions.

The requirements will not be considered as a risk as long as the project is not active. If a project is completed without meeting all the security requirements and is moved to “production” phase, all the unfilled requirements will be notified for approval to the risk manager of the project. They will be converted to risks and a grace period will be given to mitigate them.

Next Phase Developments, for wider risk visibility and better response to cyber threats

Cyber Intelligence alerts, mapped to vulnerabilities: Issuing threat alerts, based on cyber intelligence feeds. Analyzing the threats in relation to the vulnerabilities found during the assessments. Setting priorities of required remediations. Sending immediate alerts for needed actions.

Integration with Threat Intelligence Solutions:

Due to the asset approach, integration with threat intelligence solutions is simple. Currently we can gather all findings from automated tools and show their dependencies and the aggregated overall risks, based on findings from manual reviews and automated tools. In the next phase we will add BI and additional analytic tools, to identify risk patterns, and dependencies between findings from different sources.

Integration with SIEM: WCK’s asset approach enables us to correlate alerts (identified by the SIEM), with the robustness level of an asset, and their business criticality. . In such case, assets that are critical, vulnerable, and has alerts, will be highlighted, and the relevant remediation activities will be prioritise.

Specific Critical Infrastructure Cyber-Security Challenges and how WCK’s unique technology can help

Critical Infrastructure challenges are typically caused by a variety of assets, IT/OT components, etc., but also by the services they provide. The following use cases will outline example from several leading sectors:

Telco:

Challenge1: The multiplied-danger of Mobile Devices. Mobile providers are exposed to millions of end users via their mobile devices, each of which can become a threat source.

WCK’s Solution: Automated implementation of hybrid security policy. WCK enables the easy implementation of security policy for “Hybrid Architecture of zones”, where mobile devices and their supporting infrastructure are separated from the core infrastructure of the enterprise. The user can then set different security requirements for such zones, based on type. All the user needs is to set the zone tag to the component that they assess and their security requirements will be set accordingly.

Challenge 2: The criticality of the CDR process.The CDR (Call duration Record) is one of the most critical processes for mobile providers, as it provides the records that are essential for billing. Attacking this process could be critical to the mobile providers. As this process is “in-band” – integrated within the infrastructure itself, it is important to make sure that it is protected from end-to end. But, that challenge persists due tothe complexity of the CDR process.The CDR is composed of a combination of IT/OT/Physical devices, from the antenna, via the communication gateways and up tothe enterprise billing systems. The security policy and the risk assessment should be able to deal with such complexity.

WCK’s Solution: End-to-End Security Assessment (EESA ™) for the CDR Process. By implementing the EESA ™ solution that is embedded within the WCK portal, it is possible to set basic policies and requirements for the telco infrastructure and its CDR process, as well as all underlying components including OT, IT and physical components, all within one solution.

Energy Smart Grid:

Challenge 1: Providers can be an integrated component of its internal infrastructure.Some of the providers of the Energy Smart Grid are not just basic service companies. They can be part of the value added chain and the services that the Smart Grid offers to their customers. In this case the protection against cyber threats from them is very critical as they can have direct access to the crown- jewels of the Telco provider.

WCK’s Solution: WCK’s Eco System is the only solution that enables the implementation of a complete and integrated approach. The 3RD Party assessments can be integrated within the Enterprise assessment, via the evaluation of the dependency-impact of a vendor to a critical process. This allows vendors to increase their own security, or at the very least the enterprise is able to add safeguards in the specific areas that are used to interconnect with these risky vendors.

Challenge 2: Risk management for AMI (Advanced Metering Infrastructure) requires specialized knowledge of infrastructure equipment and control-systems security. AMI is a complicated environment composed of IT systems, control systems and smart meters.  Many standard IT security solutions are not suitable for the smart meter domain.   Also, most information security professionals are not familiar with AMI systems and their unique security vulnerabilities and requirements.  In fact, this knowledge is typically hard to find and costly, familiar to a small group of individuals.

AMI risk assessments must incorporate this unique know-how and be available to the security assessors in order to successfully expose vulnerabilities

WCK’s Solution: Pre-built AMI risk blueprint reduces the cost and time of assessments

The WCK software provides an out-of-the-box blueprint that contains:

  • A complete set of AMI assets including critical processes, IT systems, control systems, embedded components and end devices.
  • The unique security requirements of the control environment, in addition to those for IT systems
  • The relevant critical infrastructure and information security standards, as well as specific control sets for specialized equipment and meters.

Customizing the built-in WCK AMI blueprint for each new project is quick and simple.

In addition, by using the knowhow of the AMI environment that is built into WCK, companies can perform risk assessments with regular IT security professionals and minimize reliance on senior, costly consultants with specialized CIP and AMI knowledge.

As a result, WCK significantly reduces the time and cost of preparing, running and analyzing AMI risk assessments.

Blue Print of AMI Assets within WCK Platform:

cip blue print of AMI

Risk Dependencies Analysis, Based on the Blue Print Architecture:

cip risk dependencies analysis