BR +55 11 3069 3925 | USA +1 469 620 7643

PAM And The Standard 62443 (Industry 4.0)

by | Jul 22, 2019 | BLOG

Since 2013, the market has been promoting a new industrial revolution based on the adoption of new digital technologies, aiming at the improvement of industrial processes.

This is happening across devices connected with the Internet of Things, cloud infrastructure and Machine Learning, thus creating the concept of smart factories. Overall, the Industry 4.0 is an application oriented to the digital transformation industry, and it is applied to industries such as manufacturing, energy, utilities, oil and gas, mining, construction, transportation, logistics, and health.

In Brazil, Baumier Automation is an authorized distributor of Industrial Networks for Communication Solutions, providing high-technology products with local services and support.

As they adopt the concepts associated with Industry 4.0 to become more competitive in the market, organizations are realizing the need to improve security management of Operational Technology, or OT, to mitigate the risks of adopting these concepts in their industrial processes.

In this context, some standards and frameworks have been introduced to help organizations protect their industrial environments from attacks and malicious actions: the NIST Cybersecurity Framework, the CIS Security Controls and the ISA 62443 set of standards come from a number of best practices connected to the cybersecurity of industrial systems.

The Center for Internet Security (CIS) has defined a set of 20 critical security controls that companies should establish in their environments to ensure an effective strategy on cybersecurity. The security controls established by the CIS are as follows:

  1. Inventory and Hardware Assets Control;
  2. Inventory and Software Assets Control;
  3. Continuous Vulnerability Management;
  4. Controlled Use of Administrative Privileges;
  5. Secure settings for hardware and software on mobile devices, laptops, workstations, and servers;
  6. Maintenance, Monitoring, and Analysis of Audit Logs;
  7. Email and Web Browser Protection;
  8. Malware Defenses;
  9. Limitation and Control of Network Ports, Protocols, and Services;
  10. Data Recovery Resources;
  11. Secure settings for network devices such as firewalls, routers, and switches;
  12. Border Defense;
  13. Data Protection;
  14. Controlled access based on the need-to-know concept;
  15. Wireless access control;
  16. Account Monitoring and Management;
  17. Implementation of a security awareness and training program
  18. Application Software Security
  19. Incident Response and Management
  20. Invasion testing and response team drills

The 62443 series is, in turn, a set of specific cybersecurity standards for industrial systems, and includes standards divided into 4 categories:

  • General – covers concepts, a glossary of terms, metrics and use cases linked with IACS;
  • Policies and Procedures – deal with IACS requirements and levels of protection and implementation guides;
  • System – covers the concepts of technologies for IACS, risk assessment and security levels and requirements for systems;
  • Component – contains requirements for development life cycles and technical security of IACS components.

Thus, an organization that seeks to implement the CIS security controls and to comply with the ISA 62443 set of standards must address the issues associated with Privileged Access Management, or PAM. 

senhasegura, as a PAM solution, aims to store, manage and monitor credentials of high privilege from a number of devices and systems, including those related to IACS and Industry 4.0. The implementation of a PAM solution like senhasegura allows full control over the access to critical data related to the industrial systems. 

Baumier joins senhasegura in a strategic partnership to offer a complete solution of devices and automation systems, as well as the appropriate security of access and data from the network and those systems.

Some of the CIS security controls linked with the 62443 set of standards and that can be addressed through the senhasegura features include the following:

  • Hardware Asset Inventory and Control – senhasegura’s Discovery Scan feature allows the automatic discovery and inclusion of devices connected to the industrial environment and their credentials, allowing the full visibility and control of the equipment;
  • Controlled use of administrative privileges – senhasegura allows you to protect and control the use of impersonal and high-privilege credentials through the solution;
  • Maintenance, Monitoring, and Analysis of Audit Logs – senhasegura allows you to record the maintenance sessions of industrial organization systems, respecting approval and validation workflows of the explanations provided by the requesting user. In addition, senhasegura records and maintains audit logs of privileged account sessions, including through video recording;
  • Controlled access based on the need-to-know concept – the Access Groups allow administrators to define administrator users who will have permission to view passwords to have physical access, and the group of users that can use the remote access offered by the solution to access an industrial system;
  • Account Monitoring and Control – senhasegura provides real-time traceability of all actions performed by credentials, including impersonal ones and third parties;
  • Incident Response and Management – through the registration and safe storage of audit logs from privileged account sessions, including video recording, senhasegura reduces the time for dealing with security incidents in the environment.

Thus, in a context of change and increased threats in industrial environments, by implementing the best practices through a PAM solution’s features, one can detect and respond appropriately to any unauthorized attempt of modifying settings in the OT environment. Therefore, it is possible to address the challenges of cybersecurity and ensure adequate protection of industrial systems, as well as the continuity of operations and the production cycle in industries.

An Overview of Saudi Arabia’s Personal Data Protection Act (PDPL)

Saudi Arabia’s Personal Data Protection Law (PDPL) was implemented by Royal Decree M/19 of 9/2/1443H (September 16, 2021), which approved Resolution No. 98 of 7/2/1443 H (September 14, 2021). It was published in the Republic Journal on September 24, 2021. The Saudi...

The 5 Biggest Data Leaks of 2021

During the pandemic, cyberattacks grew more than ever. Theft, hijacks, and data leaks are increasingly popular practices in cybercrime. The lock and hijack for ransom (ransomware) category has stood out a lot, as data is a highly valuable resource and most companies...

HIPAA: Five Tips for Complying with The Certificate

What is HIPAA? Currently, this is one of the most frequently asked questions by many professionals working in the healthcare industry, especially in times of the Covid-19 pandemic. But why is it so important and what are its benefits for healthcare companies? First,...

How Does The LGPD Impact Companies?

Due to the growing technological development in the market, we can clearly see how much how consumers tend to buy products and services has changed. Through more practical technologies, such as cellphones, laptops, and tablets, for example, they are just a click away...

What Is the Difference Between IAM and PAM?

It is important to know the differences between IAM (Identity & Access Management) and PAM (Privileged Access Management). However, this theme still raises doubts for some people. First, it is necessary to understand that the need to obtain an identity is...
Copy link
Powered by Social Snap