02
(Deutsch) 01
03
(Deutsch) 05
(Deutsch) 04
(Deutsch) Corporate Design

Cyber Security

There is hardly another topic that has picked up so much in recent years. Operational Technology (OT) systems that have been in operation for decades are suddenly in the focus of classic IT solutions, such as the call for a virus attack to patch an old process plant with the latest malware and the associated malware Challenges such as upgrades of control systems, re-qualification and business interruptions.
This is precisely where ITKP comes in by analyzing the security requirements from the point of view of automation experts, engineers who have broadened their expertise in the direction of IT and can “translate” into the language of the engineer.

ITKP’s cyber security experts support you in the following areas:

Definitions and language in OT

Engineers, logistics experts, laboratory experts (OT) and classic IT speak a similar language, using the same operating systems. Nevertheless, for example, configuration management means something completely different. IT thinks of a configuration “ITEM” in a database OT does not use the term “configuration management” or is integrated with change management.


ITKP has these differences and introduces a common language and Definition.

Core Areas

  • Definition of Operational Technology (OT)
  • Threats
  • Protection goals of OT Security
  • Definitions of IT – translated in OT
  • Differences between IT and OT

 

Security aspects in purchasing and design of OT systems, services around OT systems

Security starts with the purchase of OT systems, either directly from the manufacturer of a control system or control system, or through the procurement of an automated packaging system. Of course, you can buy as much “security” as you like, or even worse, upgrade it accordingly after sourcing.

Core Areas

  • Requirements, derived from security principles, strategy
  • Management Support for OT Security
  • Protection Levels

 

Assessments- tailored for your Maturity Level

There are many standards in OT security, IEC 62443, to name perhaps the most well-known next to NIST. Here, requirements are defined for the various areas of the life cycle of an OT system. The trend, however, is towards certification of systems and service providers. ITKP is critical of pure certifications – because security can only be achieved in the interaction between system manufacturer, system integrator and operator.
There are different levels of participants in this cooperation – divisible into the maturity levels: Innocense, Awareness, Understanding, Competence and Excellence. Standards move towards excellence, our aim is to take into account the state of the customer and to adapt the assessment accordingly. We do not want to ask questions whose answers are already known, do not suggest solutions that bring more problems than benefits. We believe that in certain situations, malware protection can have the same negative impact as malware itself.

Core Areas

  • Inventory – what do you want to protect, in what degree of detail must the information be available
  • System and processes around the systems
  • Security Assessment – tailored to your company
  • Proposed solutions to increase the protection of the system

 

Technical Solutions

Many companies are quick to suggest a technical solution and implement it where, for example, the problem is not fully understood. ITKP is convinced that its offering to translate the problem into the OT “language”. This effectively implements the proposed solutions and integrates them into the processes – tailored to the OT requirements defined in Module 3.

Core Areas

  • Network segmentation
  • Vulnerability Management
  • Backup Strategies
  • User Management
  • Endpoint Protection
  • Anomaly Detection Systems