Schneider Electric has launched its Cybersecurity Risk Assessment (CRA) service in the UK and Ireland. The service allows Schneider Electric to remotely assess customers and provide them with an understanding of their cybersecurity risk posture by identifying gaps and key risk areas that need to be remediated.
Additionally, the new service provides recommendations and a roadmap to achieving cybersecurity objectives. Schneider Electric has already applied this process to its own Flint smart factory during the digital transformation of the facility, which is over 30 years old.
With damages from cybercrime expected to reach $6 trillion in 2021, a small chink in a company’s armour can result in substantial financial and reputational losses in today’s business landscape.
“Assessing all the cyber threats a company faces can be a daunting task, but as attacks become increasingly common, firms cannot bury their heads in the sand,” says David Pownall, Vice President of Services UK & Ireland. “Schneider has created the CRA to be the first step in building a reliable and robust cybersecurity programme. This assessment should be the starting point when applying cybersecurity requirements in an operational technology (OT) environment.”
The CRA is a non-invasive high-level assessment performed by Schneider Electric’s OT cybersecurity experts. The service aligns to control categories found within industry best practices and standards.
To ensure a complete and actionable summary report, Schneider collects information about businesses’ OT systems before conducting interviews. This includes current cybersecurity policies, cyber program objectives, applicable standards, existing cybersecurity tools and technologies. This is all in addition to an OT network diagram, which displays the location of critical assets on the network.
Personnel data is also utilised, including identifying personnel most familiar with the OT network layout (OT / cyber knowledge) and stakeholders who can answer detailed technical questions regarding the OT equipment and assets used within the customer’s network.
The cybersecurity assessment itself has two key parts; the first is the assessment and report. The second is the consultation services to discuss the results in-depth and create a tangible roadmap for the next steps. The covered include:
- Cybersecurity assessment
- Documentation review (e.g., network diagrams, current cybersecurity policies and program elements)
- Remote interviews with key OT and cybersecurity stakeholders
- Cybersecurity expert analysis identifying key risk areas, gaps and recommended steps for remediation
- Schneider Electric will create a report which provides a starting point to prioritise
- Expert consultation
- A deep dive into the results of the cybersecurity assessment. Schneider cybersecurity experts provide detailed recommendations and step by step guidance for the implementation
- Companies can ask Schneider experts questions and gain clarifications of the assessment results
- Experts outline a suggested time frame for implementation and budget estimate
- Workshop sessions to define a blueprint for cybersecurity and prioritise which areas to address
Within the assessment, Schneider cybersecurity experts will conduct controls-related network discussions, including reviewing:
- network architecture
- ICS system components
- cybersecurity policies and procedures
- physical security procedures
This new Cyber Risk Assessment is just another way Schneider Electric brings its customers along with it as we enter a cyber-sensitive, digital world that relies on being ‘always on’.
