After being approached by an industrial organization wanting to capitalize on a full-plant turn-around and implement defense-in-depth best-practice security controls for their ICS network infrastructure.
Through a tight-timeline, we coordinated two vulnerability assessments (parent-company and
vendor-provided), determined target controls, designed and procured equipment and
implemented zone and conduit controls.
This presentation will outline the process followed to maximize return-on-investment and
minimize impact to plant operations, both during the shutdown and post-start-up. Although the
time-frame was restricted, subsequent plant-wide changes would not be possible for many years
until the next plant-wide shutdown so implementing best-practice design and flexibility was key.
Results and observations from before, during and after the process will be discussed as well as
post-project lessons-learned.
Learning Objectives:- Lessons learnt from a fast-track ICS Cyber security project
- Key decisions required in design, implementation, operate/maintain and close-out phases
