The potential of an undesirable or unfavorable outcome resulting from a weakness or gap that has been exploited by threats due to a given action, activity and/or inaction.
Key and critical infrastructure supporting the day-to-day operations of the country are controlled by industrial control systems (ICS). ICS and supervisory control and data acquisition (SCADA) equipment represent a significant risk to not only the organization, but to the public at large. ICS equipment is designed for a single purpose and operation, and any deviation from the expected input may cause a disruption to the system.
In accordance with Presidential Mandate 21 (PD 21), organizations supporting the Nation’s infrastructure should perform a SCADA risk assessment in order to evaluate the controls and security of all ICS networks ensuring adequate security controls, policies and procedures exist to protect from possible cyber or terrorist attacks.
SCADA risk assessments allow an organization to assess, identify, and modify their overall security posture and enable security, operations, organizational management, and other personnel to collaborate and view your organization’s ICS equipment and SCADA network from an attacker’s perspective.
Significant differences in both approach and risk considerations exist when performing a SCADA risk assessment compared to an enterprise risk assessment. The risk surrounding ICS systems and networks perpetrate beyond the organization and may pose a risk to public safety.
The Mako Group has helped many companies work towards a more mature ICS and SCADA environment. We begin by gaining an understanding of your company’s existing environment and review the security controls and capabilities already in place. We use this information to create a control mapping to encompass all relevant controls to SCADA risk management. This mapping leads to a roadmap we will create for your company to follow to increase your security.