ProgramTechs


ProgramTechs.com *Company Overview* Products and Services Intelligence Evaluation and Project Consulting Project Management Custom Software Development Search Engine Optimization Web Design & Development Database Programming Additional Services Client Referrals Government Projects Cyber Security Consultation Request *Employment Opportunities* Internship Programs		ProgramTechs.com Cyber Security ProgramTechs Services and Products As a pioneer in Cyber-Security Engineering for Critical Infrastructure research, ProgramTechs offers a full range of security services for industrial and governmental clients. These are based on our current research programs and include: Controller security vulnerability testing Vulnerability and risk assessments Security policy development Security architecture and technology development Policy and regulatory compliance audits Penetration testing and ethical hacking Incident response planning Onsite industrial cyber security training Security instructional multimedia training Industrial security incident database subscriptions Controller security vulnerability testing Research has uncovered a number of serious security vulnerabilities in the control platforms used in critical infrastructures, such oil refining and power generation. If you are equipment vendor who needs to test your product prior to market release or a user who wants to be aware of system vulnerabilities prior to deployment, ProgramTechs will conduct a series of systematic cyber vulnerability tests against any networked device used in process operations including: SCADA Remote Terminal Units SCADA Masters Programmable logic controllers Distributed control systems Emergency shutdown systems Human Machine Interfaces Intelligent Electronic Devices Our SCADA security test platform is unique in the world and is designed to discover new vulnerabilities that not listed in any CERT or bug tracking database. All results will be provided only to designated personal so that vulnerabilities can either be addressed by the manufacturer prior to sale /installation or mitigated by other security measures. Vulnerability and risk assessments An understanding of risks and vulnerabilities is the crucial first step to securing SCADA and process systems. ProgramTechs can provide on-site assessments based on a number of cyber security vulnerability assessment methodologies (VAM), including both scenario and asset based techniques. We can also provide guidance in the development of methodologies tailored to your needs specific industry or site. Security policy development The security policy for process control and SCADA systems is the foundation on which the security design and architecture is based – it is a statement of the goals, responsibilities and accepted behaviors required to maintain a secure process environment. The policy gives broad guidance and demonstrates senior management support for security-related facilities and actions across the organization. Using emerging industry standards, ProgramTechs can help in the development of practical and successful security policies. Security architecture and technology development Following the security policy are the security guidelines, procedures and standards that direct the specific technology and architecture designs. Based on both industry best practices and ProgramTechs research, we can provide guidance in the design, standardization, configuration and testing of: Business and control system network architectures with respect to cyber security, firewall configuration and virtual local area networks; Virtual Private Network (VPN) and remote access security configurations for external connection into process systems; Secure configuration of Windows-based platforms for operator stations and OPC/SQL data servers; Technical procedures and practices to protect SCADA and process systems from cyber attack; Secure deployment of wireless systems in plant floor environments. Policy and regulatory compliance audits A security policy is only effective if it is followed. Working with your staff, ProgramTechs can provide in-depth audits to determine if your policy and procedures are being adhered to in the field and, if not, the reasons why and what needs to be changed. Penetration testing and ethical hacking ProgramTechs generally does not recommend either penetration tests or ethical hacking against operating process control systems. However in certain circumstances, and if done with extreme care and a full understanding of the risks, "acting" like a hacker is a very effective tool for an organization to understand new areas of vulnerability. ProgramTechs can assist in determining the appropriateness of this type of testing and provide guidance in towards a successful operation. Incident response planning The final stage of any security strategy is to develop an incident response plan. Many times we have worked with companies that know they are being hacked but don’t know how to deal with it. Rather than waiting until they were in trouble, these firms should have an established Security Response Team and a process to deal with incidents in advance. ProgramTechs can help build and training such a team that can monitor events and be prepared to act quickly in the event of a serious incident. Onsite industrial cyber security training The most important component of a successful security design is employee education. A million dollars technical security implementation can be undone with little social engineering in the form of a disguised email of phone call. Employees and management are only effective if they both understand the risks and their role in reducing then. ProgramTechs extensive experience on industrial sites around the globe and in the centre of critical standards meetings can put together effective staff training programming. These can range from: High level overviews of the cyber security issues in process control systems for senior management Consultative meetings and training with IT and process control staff providing detailed information on the most common process control vulnerabilities, IT/IC collaboration strategies, and current best practices and standards Security awareness training programs showing employees how they can be part of the solution rather than the problem Security instructional multimedia training Preventing attacks against control systems requires that information system managers and control system engineers develop a better understanding of system vulnerabilities and the awareness of the points of intrusion that might exist in a control system. This information is unavailable from standard information sources such as security training or equipment manufacturers. To address this, the ProgramTechs research team has developed two 10 minute videos illustrating possible attacks against PLCs and control systems. Both videos are available to approved industrial corporations at a cost of $295 USD per video for a single copy and $995 USD per video for a company wide license: To order tapes contact trainingaids@programtechs.com How a single packet can be created to take advantage of an operating system flaw in a common PLC and cause the device to crash. How a hacker with no understanding of SCADA or control equipment could take control of a device using publicly available information and hacker tools. Want to learn more? Click here for a free design consultation and quote.

ProgramTechs Services and Products

Vulnerability and risk assessments