Why should you include Safety Instrumented Systems when assessing your network?
While Safety Instrumented Systems (SIS) are crucial components in protecting […]
Share This Article:
While Safety Instrumented Systems (SIS) are crucial components in protecting personnel and assets in an operational environment, by nature they are a prime target for attack by adversaries.
Why is that?
This is due to their authority by design to override controls and stop processes applying fault tolerance. If hackers are looking to cause great impact to an operational environment and bypass any protective controls in place, Safety Instrumented Systems can stop machinery from acting recklessly. A system designed to bypass these measures and manipulate systems however it pleases is high value from an offensive standpoint.
How can I ensure my SIS is secure?
Regular auditing of network segregation and testing assists with this. A segmented network restricts – but may not necessarily prevent – lateral movement and pivoting through a network (think social engineering, phishing, insider threats). However it increases the time needed to successfully apply these techniques. Penetration testing is a sign of maturity and a requirement depending on your organisation. It can help identify misconfigurations, forgotten ports and information disclosures online that can lead to initial access from a threat actor. A penetration test doesn’t just look at your environment, it includes open-source intelligence gathering based on the customer such as looking at previous data breaches, harvesting email addresses and more. Utilising this information can discover weaknesses such as password reuse and lack of separation of duties.
If you’re interested in securing your operational technology further, reach out to Anchoram Consulting and have a conversation today!
While Safety Instrumented Systems (SIS) are crucial components in protecting […]
Share This Article:
Categories
Subscribe
Subscribe to our newsletter and get the latest news and information from Anchoram.