ARC VIEW

JUNE 9, 2016
PAS Solution Designed to Provide a
Foundation for Effective Cybersecurity
Management

By Sid Snitkin

Keywords
Industrial Cybersecurity, Maturity Model, PAS, Cyber Integrity

Summary
Cyber incidents emanating from either cyber attacks or internal threats rep-
resent significant risks for every industrial organization and merit
immediate attention. However, this does not mean that managers should
rush to buy sophisticated cybersecurity technology. On the contrary, ARC
Advisory Group research suggests that overly aggressive efforts to protect
plants can actually lead to a net reduction in plant
A recent ARC briefing with PAS cybersecurity. Defenses collapse from the inside
executives on the company’s Cyber out when overburdened staffs lack the time and
Integrity product demonstrated a deep
expertise to manage patches and control privileges.
understanding of automation systems
In contrast, successful cybersecurity programs are
and what it takes to help companies
ensure the security of their most critical carefully planned and progressively implemented
control assets. to help ensure that every layer of defense has the
necessary foundation for effectiveness.

ARC developed a Cybersecurity Maturity Model to help companies assess

the appropriateness of their existing programs and readiness for more ad-
vanced cybersecurity investments. This model incorporates a practical
roadmap for building an effective and sustainable defense-in-depth cyber-
security program. ARC used this model as a reference point in a recent
briefing with PAS executives about the company’s Cyber Integrity solution.

PAS designed this solution to help industrial companies reduce the load for
plant staffs struggling to maintain basic cybersecurity defenses and provide
a solid foundation for effective deployment of more advanced cybersecuri-
ty strategies.

VISION, EXPERIENCE, ANSWERS FOR INDUSTRY

 ARC View, Page 2

ARC’s Cybersecurity Maturity Model

ARC’s research across a wide spectrum of industrial companies consistent-
ly shows that many industrial companies struggle to drive value from
sophisticated cybersecurity investments. Lack of expertise and over-
whelmed resources are common, resulting in facilities being less secure
than they could be if the company focused its efforts on more realistic ob-
jectives.

ARC ICS Cybersecurity Maturity Model

ARC developed its Cybersecurity Maturity Model (ARC Advisory Service

clients can refer to our April 2016 ARC Strategy Report, A Maturity Model
for Cybersecurity Investment Planning) to help companies understand their
limitations and focus efforts on appropriate cybersecurity goals. This mod-
el encourages organizations to build defense-in-depth from the inside out,
securing critical assets, blocking threats, and finally anticipating the actions
of potential attackers. Achieving the objectives in one layer prepares the
organization for the next layer of defense.

The initial step in ARC’s model provides significant risk reduction and is
relatively inexpensive, yet many industrial companies have still not
achieved this critical goal. Some have disregarded the importance of basic
cybersecurity “hygiene” and are suffering the consequences. Others simply

©2016 ARC • 3 Allied Drive • Dedham, MA 02026 USA • 781-471-1000 • ARCweb.com

 ARC View, Page 3

lack the information and automation needed to manage required actions

like updates and patches efficiently.

Cyber Integrity Helps Companies Become Secure

PAS Cyber Integrity provides a set of capabilities that could help compa-
nies at various levels in the cybersecurity maturity curve.
Companies still struggling to achieve the initial “secure” level
of maturity can take advantage of features that help plant
staffs develop and maintain accurate proprietary and non-
proprietary asset inventories, promptly identify and evaluate
critical vulnerabilities and security patches, and ensure that
assets are backed up consistently.

Companies at higher cybersecurity maturity levels can take

advantage of configuration management to establish a cyber-
security baseline and automatically detect unauthorized
PAS Cyber Integrity changes in major control system assets, whether due to mali-
Solution Capabilities
cious software or accidental changes. This capability could
be particularly valuable for monitoring proprietary process controllers and
safety systems that directly control process equipment.

Accurate Asset Inventories Essential

A clear, trustworthy list of a plant’s cyber assets is essential. But the com-
pleteness and accuracy of records in many plants, especially those with
legacy systems, are often woefully inadequate. This is challenging and time
consuming to resolve; representing a major roadblock in efforts to establish
a secure environment.

While IT-focused cybersecurity efforts face similar issues, many discovery

tools are available to help build and maintain accurate inventories for most
cyber assets, including workstations, servers, routers, and switches. Unfor-
tunately, these tools do not collect the deep proprietary configuration data
required for key control system elements like DCSs, PLCs, and safety sys-
tems.

According to the company, building asset inventories for proprietary con-

trol system components is a key feature of PAS Cyber Integrity. It is
designed to automate collection and management of information that in-
cludes detailed configuration data on I/O cards, control strategies, installed
software, and firmware for all major control systems, regardless of vendor.

©2016 ARC • 3 Allied Drive • Dedham, MA 02026 USA • 781-471-1000 • ARCweb.com

 ARC View, Page 4

It also gathers configuration data for the IT-based systems – all in one data
repository. Cyber Integrity can collect this information from devices that
are connected through TCP/IP, serial, and other methods.

Automatic Backups Help Ensure Rapid Incident Recovery

Recent, trustworthy backups are another fundamental requirement for a
secure ICS cybersecurity environment. Regardless of the kind of cyber in-
cident a plant may experience, good backups are essential for a fast and
reliable restoration of system integrity.

PAS Cyber Integrity was designed to provide the tools plant staffs need to
ensure that appropriate backups are always available. Backups can be
triggered at fixed intervals or initiated manually whenever changes are
made.

Timely and Efficient Patch Management

Consistent patch management, another essential requirement for a secure
plant, represents a major burden for plant staffs. Evaluating the relevance
of a multitude of alerts for every asset and version of software and firm-
ware in a plant is a daunting task, even in the rare case that adequate
resources are available. Software support is essential to ensure that all
alerts are promptly analyzed and implemented.

All Assets Managed Through a Single Dashboard

PAS Cyber Integrity appears to provide a good platform to help manage

this critical activity. The solution matches patch data from Microsoft and
other vendors against the extensive cyber asset inventory it maintains. This

©2016 ARC • 3 Allied Drive • Dedham, MA 02026 USA • 781-471-1000 • ARCweb.com

 ARC View, Page 5

provides companies with visibility into areas of risk and the ability to de-
termine appropriate security responses. The solution also includes the
necessary workflow support to drive implementation activities and monitor
compliance.

Process Controller Changes Demand Immediate Attention

For those companies that reach the “manage” cybersecurity level, monitor-
ing systems for compromises is the major focus. While they have good
foundations for protecting assets and blocking network threats, there is still
an opportunity for a sophisticated, targeted attack to overcome these de-
fenses or an engineer to make a careless error. To address this situation,
companies need to monitor each of their multi-vendor control system assets
for unauthorized changes and anomalous behavior. Advanced cybersecuri-
ty tools are emerging to do this for network devices and PC-based systems,
but changes in proprietary systems can still go undetected. As these kinds
of devices have direct control over the process, plants are still left with sig-
nificant risks.

PAS Cyber Integrity addresses this issue with periodic scanning of all assets
for changes to configuration, control strategies, graphic files, and logical
files. The asset inventory provides the basis for detecting changes and the
solution then generates alerts with actionable context.

Recommendations
Every industrial company needs a solid foundation of basic cybersecurity
practices including asset inventories, backups, configuration management,
and patch management. Lack of resources prevent many companies from
achieving this basic goal. Automating these activities is the best way to
lessen the load, and ARC recommends that all industrial companies consid-
er software like Cyber Integrity as a foundational element of a defense-in-
depth cybersecurity strategy.

ARC was impressed by the comprehensiveness of this solution from PAS, a

company with a strong reputation within the control system community.
Cyber Integrity is a scalable, enterprise-class software solution built on the
PAS Integrity platform, which – according to the company – is deployed at
hundreds of sites across the world.

©2016 ARC • 3 Allied Drive • Dedham, MA 02026 USA • 781-471-1000 • ARCweb.com

 ARC View, Page 6

For further information or to provide feedback on this article, please contact your
account manager or the author at srsnitkin@arcweb.com. ARC Views are pub-
lished and copyrighted by ARC Advisory Group. The information is proprietary to
ARC and no part of it may be reproduced without prior permission from ARC.

Cyber Integrity is a trademark of PAS, Inc. All other trademarks mentioned are
the property of their respective owners.

©2016 ARC • 3 Allied Drive • Dedham, MA 02026 USA • 781-471-1000 • ARCweb.com