Launch of Remote CRA Service
Schneider Electric has launched a remote cyber risk assessment (CRA) service to allow its customers in the United Kingdom and the Republic of Ireland to identify gaps and key risk areas that need remediation.
The new service provides recommendations and a roadmap for achieving corporate cybersecurity objectives, with Schneider Electric having already applied this process to its own Flint smart factory during the digital transformation of the facility, which is over 30 years old.
With damages from cybercrime expected to reach US $6 trillion globally in 2021, a small chink in a company’s digital armour can result in substantial financial and reputational losses in today’s business landscape.
“Assessing all the cyber threats a company faces can be a daunting task, but as attacks become increasingly common, firms cannot bury their heads in the sand,” says David Pownall, the company’s vice president of services for the UK&I region. “Schneider has created the CRA to be the first step in building a reliable and robust cybersecurity programme. This assessment should be the starting point when applying cybersecurity requirements in an operational technology (OT) environment.”
The CRA is a non-invasive high-level assessment that aligns to control categories found within industry best practices and standards.
To ensure a complete and actionable summary report, information about client OT systems is collected before interviews are conducted relating to several areas, including current cybersecurity policies, cyber program objectives, applicable standards, existing cybersecurity tools and technologies. The assessment also produces an OT network diagram, which displays the location of critical assets on the network.
Personnel data is utilised, including identifying personnel most familiar with the OT network layout (OT / cyber knowledge) and stakeholders who can answer detailed technical questions regarding the OT equipment and assets used within the customer’s network.
The cybersecurity assessment itself has two key parts; the first is the assessment and report. The second is the consultation services to discuss the results in-depth and create a tangible roadmap for the next steps under the following headings:
- Cybersecurity assessment
- Documentation review (e.g., network diagrams, current cybersecurity policies and program elements)
- Remote interviews with key OT and cybersecurity stakeholders
- Cybersecurity analysis identifying key risk areas, gaps and recommended steps for remediation
- Schneider Electric will create a report which provides a starting point to prioritise
- Expert consultation
- A deep dive into the results of the cybersecurity assessment with detailed recommendations and step by step guidance for the implementation
- Companies can ask questions and gain clarifications of the assessment results
- Specialists outline a suggested time frame for implementation and budget estimate
- Workshop sessions to define a blueprint for cybersecurity and prioritise which areas to address
Within the assessment, cybersecurity specialists conduct controls-related network discussions, including reviewing:
- network architecture
- ICS system components
- cybersecurity policies and procedures; and
- physical security procedures
Find out more about the assessment here.