The Cyber Risk Assessment is a non-invasive high-level assessment service performed by Schneider Electric’s cyber security experts that results in the provision of recommendations and a roadmap for achieving a given organisation’s cyber security objectives. The process is completed in less than one week.
With damages from cyber crime expected to reach $6 trillion this year, a small chink in a company’s armour can result in substantial financial and reputational losses in today’s business landscape.
In essence, the new service allows Schneider Electric to remotely assess its customers’ operations and provide them with an understanding of their cyber security risk posture by dint of identifying gaps and key risk areas that need to be remediated.
Schneider Electric has already applied this process to its own Flint smart factory during the digital transformation of the facility, which is over 30 years old.
“Assessing all of the cyber threats a company faces can be a daunting task, but as attacks become increasingly common, firms simply cannot afford to bury their heads in the sand,” explained David Pownall, vice-president of services at Schneider Electric for the UK and Ireland. “We’ve created the Cyber Risk Assessment service to be the first step towards building a reliable and robust cyber security programme. This assessment process should then serve as the starting point when applying cyber security requirements in an operational technology (OT) environment.”
The Cyber Risk Assessment service is a non-invasive high-level assessment performed by Schneider Electric’s OT cyber security experts. The service aligns to control categories found within industry Best Practice and standards.
To ensure a complete and actionable summary report, Schneider Electric collects information about businesses’ OT systems before conducting interviews. This includes current cyber security policies, cyber programme objectives, applicable standards, existing cyber security tools and technologies. This is all in addition to an OT network diagram, which displays the location of critical assets on the network.
Personnel data is also used, including identifying those personnel most familiar with the OT network layout (ie OT/cyber knowledge) and stakeholders who can answer detailed technical questions regarding the OT equipment and assets used within the customer’s network.
The Cyber Risk Assessment itself has two key elements to it. The first element is the assessment and report. The second centres on the consultation services to discuss the results in-depth and create a tangible roadmap for the next steps. Areas to be covered here include:
Cyber security assessment
*Documentation review (eg network diagrams, current cyber security policies and programme elements)
*Remote interviews with key OT and cyber security stakeholders
*Cyber security expert analysis identifying key risk areas, gaps and recommended steps for remediation
Schneider Electric will then create a report which provides a starting point to prioritise areas.
*A deep dive into the results of the cyber security assessment. Schneider Electric’s cyber security experts provide detailed recommendations and step-by-step guidance for the implementation
*Companies can ask Schneider Eleetric’s experts questions and gain clarifications of the assessment results
*Experts outline a suggested time frame for implementation and budget estimate
*Workshop sessions will define a blueprint for cyber security and prioritise which areas to address
Within the assessment, Schneider Electric’s cyber security experts will conduct controls-related network discussions, including a review of network architecture, ICS system components, cyber security policies and procedures and also physical security procedures.
*Additional information is available online by visiting the Schneider Electric website