Critical infrastructures
It is imperative that critical infrastructure be protected, as it typically includes some of the country’s most important infrastructure, such as transportation systems, communication networks, or power plants.
Infrastructure development is about finding new ways to provide more and better communications, transportation or energy to a growing number of people. More and more activities can be considered as critical and the effects of their interruption cannot be considered.
More than any other fields or markets, security cannot be an afterthought when it comes to critical infrastructure as it is essential to the survival of a nation to ensure the integrity and sustainability of defense, healthcare, food & water, communication networks, energy, transportation systems and much more
Critical infrastructure cybersecurity must be given the highest considerations as it becomes increasingly reliant on cyber networks and more exposed to cyberattacks. Threats and those even more sophisticated attacks can have devastating effects that could threaten the entire economy of a country or even the national security.
The specific security challenges of critical infrastructures
- Secure Communications, namely device Secure connectivity & ID management for the whole fleet of devices.
- Security Monitoring and Lifecycle Management, addressing security and anomaly events.
- Availability of critical infrastructures is paramount (for example, critical energy infrastructure such as power generation plants)
- Authenticity and trust of the data coming and going from critical infrastructures.
Critical Infrastructure Security Solutions
Secure-IC’s PESC approach is built on a portfolio of security products and services that, when combined, create a deep security by design that protects the very foundation of your industry.
- SecuryzrTM iSE for Critical infrastructures: Enables IEC 62443 for new SoC with secure remote connectivity and management with TLS/secure protocol requirements and FW stack.
- SecuryzrTM Server for lifecycle management, device onboarding/offboarding, secure firmware update over-the-air
Make sure there is no potential threats to vital infrastructures.
- LaboryzrTM:
- Hardware Trojans detection
- Hardware/Software penetration testing
- AnalyzrTM, evaluation tool to validate the security level of real physical chip/boards after foundry tape-out that enables ISO/IEC 17825, 20085
- CatalyzrTM, software tool to evaluate software code vulnerability with static and dynamic analysis
- ExpertyzrTM for Critical Infrastructures: Expertyzr TM is Secure-IC’s expertise service, it constitutes of a number of services and trainings that could bring your business to the next level in terms of Security such as:
- Evaluation as a Service for both legacy devices and new devices
- Support to certification – The support you need to be up to date with the standards and certifications to consider
- Security Training (IEC 62443, system security)
- Embedded Security Watch – Asset models for Critical Infrastructures
Standards & Certification to consider for Critical Infrastructures
Several standards have been developed and are applicable for Critical Infrastructures cybersecurity. General certifications such as Common Criteria, OSCCA or FIPS 140-3 are used in many different markets and industries, including critical infrastructures. As a security expert, Secure-IC supports companies and governments wishing to acquire and strengthen these certifications; whether through collaborative projects, tutorials, trainings or operational consulting.
Critical infrastructures share industry specific key standards:
- IEC 62443
- SOG-IS
- SESIP
ISA/IEC 62443 is a series of standards that provide detailed requirements for Industrial Automation and Control Systems (IACS). It is a comprehensive set of standards that cover security risk assessment at the various stages of design and development processes. It enables all the agents in the supply chain to identify the risks and address them with countermeasures to ensure security in response to the ever growing risk of cyber threats. ISA/IEC 62443 is subdivided into four tiers: general, policies & procedures, system and component with each tier consisting of multiple parts.
Governmental Entities:
- ANSSI (FR)
- NIST (USA)
- BSI (GER)
Related Resources & Events
You may also be interested in having a closer look at the elements below:
