Cybersecurity for Control Systems
Cybersecurity for Control Systems
Operational Technology Cyber Threats
Today’s facilities have abundant control systems for monitoring and managing building operations from heating, ventilation, air conditioning, electrical power, fire alarm, and lighting to access control, telecommunications, and transport.
Those systems are interwoven with computer processors, firmware, network connectivity, and IoT-based monitoring. Without appropriate cybersecurity safeguards, the Operational Technology which makes your buildings smarter puts your organization at risk. This is especially true as IT and OT converge.
Pioneering a Cybersecurity Program
Recognizing the ever growing vulnerabilities and security threats, Chinook was one of the first solution providers in the industry to integrate cybersecurity into the commissioning and monitoring process for building control systems – our CyberCxTM program.
As a matter of best practice, Chinook proactively protects OT from cyber-attacks in accordance with DoD and NIST Standards. We develop policy and operational procedures, conduct risk assessments, prepare System Security Plans (SSP), and implement the six steps of the DoDI8510.01 Risk Management Framework (RMF). We also ensure building control systems are designed, procured, constructed, and commissioned in accordance with cybersecurity UFCs and UFGS standards and regulations.
Leveraging our strategic industry partnerships, Chinook utilizes cutting-edge cyber tools to continuously monitor and track information systems, and provide automatic alerts of changes.
Cyber Commissioning - Cyber CxTM
To help make facilities and Critical Infrastructure resilient, Chinook offers a full range of cybersecurity consulting services.
Planning & Design
- Develop security requirements.
- Review design and system architecture.
- Select security controls.
Testing, Development & Implementation
- Ensure design can withstand realistic threats.
- Test recovery tactics, techniques, and procedures.
- Implement OT system security controls.
- Verify system operates as intended and meets
RMF requirements.
Operations
- Develop configuration and change management plans.
- Continuously monitor system security, risk mitigation, and incident response and recovery.
Risk Assessment
Chinook works closely with our clients determine the overall risk of control systems to facilities and systems.
Level 1
Observations & Recommendations
- Observe existing facility and controls.
- Identify critical risks and issues.
- Review facility and IT data to classify
risk profile.
Level 2
Network Assessment/Passive Scanning
- Deploy OT passive directory tools to identify network vulnerabilities.
- Develop baseline threat assessment.
- Recommend risk mitigation techniques.
Level 3
Program Development/Threat Modeling
- Perform scenario-based active
penetration testing. - Develop controls system network topology.
- Establish Defense-in-Depth program.
Chinook Cybersecurity employs Critical Infrastructure Cyber Community (C3), NIST, and RMF processes to promote secure OT.
