Cyber Security Brochure

SCADA System Cybersecurity Services

Ongoing Maintenance and Monitoring Assessment Phase
• Asset Inventory
Once your SCADA system has been secured, the cyber- • Documentation Review
security process is not complete. Threats are changing • Vulnerability Assessm
and multiplying by the hour, and the safeguards in place - High level (i.e. gap a
to counteract them must be audited on a regular basis - Passive Vulnerabilit
to ensure their viability. Woodard & Curran performs - Active Vulnerability
periodic audits of security measures and policies to - Penetration Testing
identify areas for improvement. • System Zone and Cond
• Cybersecurity Risk As
The long-term safety • Cybersecurity Require
and integrity of your
SCADA system depends Develop & Implement P
on intentional and • Design Cybersecurity
thoughtful planning - System Access Cont
and execution. - System Hardening
- Patch Management
As part of this process, Woodard & Curran can assist - Malware Preventio
your organization to develop a cybersecurity policy - System Backups
that addresses the major areas of concern and provides - Physical Security
guidance on important aspects of security. These areas - Intrusion Detection
include access control, password management, incident - Log Monitoring
response and recovery, change management, and patch • Design other means of
management. In addition, we can design training and • Install, Commission an
awareness programs to educate your staff to identify Validate Countermea
social engineering and avoid attempts to
Maintain Phase
Helping You Secure Your System • Periodic Test & Auditin
• Incident Response and
The long-term safety and integrity of your SCADA • Cybersecurity Policy D
system depends on intentional and thoughtful planning • Cybersecurity Trainin
and execution. Whether you have a large system with
hundreds of devices, or a small system with just a few, COMMITMENT & INTEG
Woodard & Curran will work with you to develop an
approach that intelligently addresses the risks posed woodardcu
in connected, ‘always-on’ world we now live in. 

w and Development SCADA
ments
assessment) System
Cybersecurity
ty Assessment
y Assessment
g
duit Determination
ssessment
ements Specification

Phase
Countermeasures
trol

t
on

n

f Risk Reduction
nd
asures

ng
d Recovery
Development
ng and Awareness

GRITY DRIVE RESULTS woodardcurran.com

urran.com COMMITMENT & INTEGRITY DRIVE RESULTS

SCADA System Cybersecurity or adding security-related eq
system without first identify
Is Your SCADA System Secure? areas could cause unneeded
significantly reducing your a
From a small dam in upstate New York to a large pow-
er utility in the Ukraine, the number of cyber-attacks A comprehensive cybersecu
impacting Supervisory Control And Data Acquisi- includes an asset inventory,
tion (SCADA) systems is on the rise. Even untargeted and characterizing your risk
malware, like ransomware that locks your files and critical areas to address. Wo
prevents you from accessing them, can infect a control ploys both passive and activ
system computer if it is not properly protected. As the potential vulnerabilities. Thi
equipment and instruments we use in control systems existing safety and security
becomes increasingly more connected to the Indus- where ‘non-technical’ soluti
trial Internet of Things (IIoT), the risks associated with organization’s cybersecurity
this connectivity grow along with the benefits. assessment will be presented
identifies the areas of greate
Municipal water and wastewater utilities need to be unique characteristics of you
prepared to protect their SCADA systems, electronic
assets and infrastructure from the effects of malware Woodard & Cu
infections and cyber-attacks. In recent years, nation- both passive a
states, criminal organizations and the hacking com- approaches to
munity as a whole have identified industrial control potential vuln
systems (including SCADA) as an area that can be
easily exploited. It’s important to improve your orga- Developing & Implem
nization’s defenses against these entities and other Countermeasures
sources of cyber threats.
Once you have a strong und
Cybersecurity Risk Assessment sources of risk in your SCAD
is to develop countermeasur
Assessing your SCADA system is a critical part of abilities. There are 4 ‘T’s’ to r
your cybersecurity risk management effort. A better mining how to mitigate cybe
understanding of the specific risks inherent in your (know there is risk and accep
system will lead to more cost effective solutions to risk to a third party); Termin
counteract the cyber risks. Simply making changes process causing the risk); an
the threat is or the resultant
We will use these to determ
the risk mitigation within yo

quipment to your existing Cyber security is a journey, Assess
ying the most vulnerable
d expenditures without not a destination.
attack surface.
DegtEaeSCprsemtaocaastnuinbaPsndraerleeiiuglstrsyayesifhstomptLsisrZspee(moZr(vneon&etrxpeliCaisrssnik)ta&ditneg)
urity risk assessment
vulnerability assessment, Maintain ImplementachiDeLVveeetvaedelrilSdSmeaeitctcnoueuerrmaDtiitntheeyyedesLittgeetnvasetrZlgs&eCts

ks to identify the most peTreIismotadCsp&sioeclsecnedvmu(dseuirfsueplinmntcnlyetoeterycmanaedtpbessdaisaliaitsttcruiyohyrn)eeassl
oodard & Curran em-
ve approaches to identify We will utilize industry-standard
is process will also review solutions to address the risks within
policies and identify areas your system, including the following:
ions may strengthen your
y. The findings of the risk w Network hardening
d in a manner that clearly w Operating system hardening
est need, tailored to the w Device hardening
ur organization. w Access control configuration

urran employs w Firewall addition and configuration
and active
o identify w Intrusion detection and
nerabilities. prevention systems

menting w Remote access

derstanding of the greatest
DA system, the next step
res to the existing vulner-
remember when deter-
ersecurity risk: Tolerate
pt it); Transfer (pass the
nate (remove or stop the
nd Treat (reduce how likely
t impact of a cyber event).
mine how best to approach
our system.