Securing Industrial Operations
Increasing attacks to industrial operations have disrupted the traditional cyber model that used to separate the two worlds of Information Technology (IT) and Operational Technology (OT). Today, companies need to account for cyber impacts on safety, operational continuity, liability, and national security.
Download Industrial Cybersecurity from the Ground Up Brochure
In response to the evolving threat environment and the increased operational and safety risks, critical infrastructure organizations are working to integrate compliance measures, industry best practices, and past experiences to safeguard their operational technology (OT) assets long-term for and developed solid cybersecurity risk management programs.
To support our clients in their industrial cybersecurity journey, our Cyber Asset Lifecycle Management (CALM) services can be implemented throughout the lifecycle of OT assets to keep operations running safely, maximize efficiencies, and minimize costs.
No matter where our clients are in their cybersecurity journey, our team of experts can customize a CALM solution to fit their needs.
End-to-End Cybersecurity Lifecycle
New Construction and Modernization Projects
By integrating industrial cybersecurity at the design and construction stages of your new builds, we can help you develop network architecture and segmentation from the beginning, providing long-term visibility and control over your Operational Technology (OT) systems and networks. For modernization projects, we help our clients building OT cybersecurity into the upgrade process, preventing the introduction of vulnerabilities due to the implementation of new technologies. This results in greater visibility, lower costs, and enhanced efficiencies, ultimately building a more secure and resilient environment.
Ongoing Operations
As organizations adopt digitalization, they increase their connectivity areas, expanding their attack surface. Without the proper network segmentation, bad actors have more opportunities to infiltrate OT networks and systems. To prevent and minimize such attacks, our team of OT cybersecurity experts supports our clients by implementing industrial cybersecurity programs that provide visibility and control, improving the security and safety of their operations. With BV's ongoing support and expertise, our clients implement better cyber hygiene into their operations.
Consequence-Focused Cyber Services
The virtual world of cyber is now having physical consequences. Attacks on OT systems can have site, environmental, and public safety impacts. CALM services build on the cyber-physical nature of attacks on operations and places an emphasis on the consequences of those threats.
CALM solutions prioritize the impacts to safety and up-time, from minor to catastrophic, focusing on minimizing the likelihood and consequences of cyberattacks.
Black & Veatch is accredited by the Cybersecurity Maturity Model Certification Accreditation Body (CMMC-AB) to provide readiness assessment to federal contractors. This readiness service will help federal contractors ensure they meet the pre-determined set of controls established by the CMMC 2.0 program to retain their federal contractor status.
We offer comprehensive services to support federal contractors as they prepare for their Level 1 or Level 2 CMMC certification. Our consulting professionals bring decades of global expertise and provide readiness services to support a broad range of certification and compliance requirements. As a CMMC-AB Registered Provider, we have the required knowledge and expertise of the CMMC framework to assist your organization as it seeks compliance.
Black & Veatch’s Security Assessment Services were developed to not only identify the vulnerabilities of your current network but to also get a clear picture of how well your current security system is performing. This comprehensive view of our clients’ current level of prevention helps us ensure they have the technology to protect their infrastructure, and the tools and procedures to use that technology effectively. This, complemented by our understanding of regulatory and standards drivers (NERC CIP, ISA99, NIST IR 7628, SP800-82, etc.), results in a full suite of cybersecurity assessment services:
- Vulnerability and Penetration Testing Services: Vulnerability and penetration testing of infrastructure (servers/workstations/other endpoints along with network devices) are designed to find and validate vulnerabilities due to misconfigured systems or missing patches.
- AMI Security Assessment: A targeted assessment that focuses on the inherent security of a proposed or actual AMI deployment, from the meters (and their security as built by the vendor) to the head-end and AMI-specific infrastructure like analytics and MDMS infrastructure.
- NERC CIP Gap Analysis: An overall look at the policies, procedures, and actual activities (including creation and management of artifacts) to find places where intended and actual compliance activities do not match, and where potential violations may be found. Suggested corrective actions are provided with the final report.
- Physical Security Assessment: An examination of the physical security of a facility or even an entire organization, taking into account access controls, access monitoring, processes, and procedures around granting/controlling/revoking access and environmental factors.
- Network Architecture Security Assessment: The examination of a network’s overall architecture, mapping data flows and security controls to find opportunities for improvement in network design from the perspective of security and appropriate reliability.
- Smart Grid Security Assessment: An in-depth examination of smart grid security as implemented, taking into account the particular technologies implemented, the security around them, potential impacts relating from subversion or interruption of control, and regulatory outlook with regard to compliance.
Regulatory compliance should not be viewed as an event. It should be viewed as an ongoing business process. To ensure your organization continues to meet current and future compliance standards, it is important that compliance requirements are integrated into your organization’s daily operations. Black & Veatch cybersecurity professionals keep a pulse on NERC regulations, from existing Version 3 standards to the development of Versions 4 and 5. We utilize NIST standards and control frameworks – and know how to integrate them into an electric utility’s operations.
Black & Veatch emphasizes a life cycle approach for cybersecurity compliance. Our expertise in the utility domain enables us to develop a plan that meets your unique objectives and requirements based on your available resources. This approach supports the continuous improvement cycle for incorporating ongoing regulations into daily operations.
Black & Veatch’s cybersecurity professionals have authored policies and procedures to meet federal, state, and local regulations; sponsored successfully funded grant applications; and have aligned security programs to meet international business requirements. Most projects are initiated with an assessment of documents and assets evaluating strategic cybersecurity risks to current and planned mission critical systems. Our standards-based designs help promote “soft” attributes, such as technical staff knowledge sharing. We confidently turn over operation of new network infrastructure to our customers knowing they have been an integral part of the network development process and are ready to effectively operate, monitor, and sustain new network infrastructure.
Improved or revised policies are often the second step to improving cybersecurity posture. Remediation planning, tracking and implementation close the cycle in preparation for re-evaluation.
Our objective is to minimize the risk of cyber incidents affecting the operation of the critical infrastructure no matter where they originate from. This could include pivoting from IT to OT, undesired connectivity to the internet and inadvertent conducts. CALM overcomes pre-conceived notions of air gaps, IT/OT barriers, trust and more. Our focus is on safety and the continuity of core operations in critical infrastructure environments.
Many companies have mapped consequences for their operating environment into their process safety programs. CALM integrates with these programs, adding a new cyber layer to managing operational risks. Process safety programs help set cyber priorities to better manage consequences. CALM seamlessly integrates with existing programs to enable a clear understanding, adoption and management of cyber programs in industrial operations.
Our holistic approach to cybersecurity accounts for exposures that appear across every component-part of an operational system. Today, companies tackle the cyber challenge in a fragmented manner, like looking at portions of the network, omitting
Let’s Talk Cyber
Companies are often at various places along an asset’s cyber lifecycle, often at several points simultaneously. CALM accounts for all of these and ensures that there are robust industrial cybersecurity controls (i.e. countermeasures) to protect assets throughout their lifecycle. Contact us to get more information about how we can help you with your cybersecurity program.
Federal Cybersecurity eBook
Pathway to Federal Cybersecurity Compliance
Black & Veatch developed this eBook to help government agencies – Federal, State & Local – and Federal Contractors prepare and implement defenses against leading cyberattack vectors to our nation’s critical infrastructure security and resilience. Both will need to reduce their risk of data breaches and other disruptive and damaging cyberattacks.
Related Perspectives
