Schneider Electric has launched its Cybersecurity Risk Assessment (CRA) service in the UK and Ireland. The service allows Schneider Electric to remotely assess customers and provide them with an understanding of their cybersecurity risk posture by identifying gaps and key risk areas that need to be remediated.
Additionally, the new service provides recommendations and a roadmap to achieving cybersecurity objectives. Schneider Electric has already applied this process to its own Flint smart factory during the digital transformation of the facility, which is over 30 years old.
With damages from cybercrime expected to reach $6 trillion in 2021, a small chink in a company’s armour can result in substantial financial and reputational losses in today’s business landscape.
“Assessing all the cyber
threats a company faces can be a daunting task, but as attacks become
increasingly common, firms cannot bury their heads in the sand,” says David
Pownall, Vice President of Services UK & Ireland. “Schneider has created
the CRA to be the first step in building a reliable and robust cybersecurity
programme. This assessment should be the starting point when applying cybersecurity
requirements in an operational technology (OT) environment.”
The CRA is a non-invasive
high-level assessment performed by Schneider Electric’s OT cybersecurity
experts. The service aligns to control categories found within industry best
practices and standards.
To ensure a complete and actionable summary report, Schneider collects information about businesses’ OT systems before conducting interviews. This includes current cybersecurity policies, cyber program objectives, applicable standards, existing cybersecurity tools and technologies. This is all in addition to an OT network diagram, which displays the location of critical assets on the network.
Personnel data is also
utilised, including identifying personnel most familiar with the OT network
layout (OT / cyber knowledge) and stakeholders who can answer detailed
technical questions regarding the OT equipment and assets used within the
The cybersecurity assessment
itself has two key parts; the first is the assessment and report. The second is
the consultation services to discuss the results in-depth and create a tangible
roadmap for the next steps. The covered include:
- Cybersecurity assessment
- Documentation review (e.g., network diagrams, current cybersecurity policies and program elements)
- Remote interviews with key OT and cybersecurity stakeholders
- Cybersecurity expert analysis identifying key risk areas, gaps and recommended steps for remediation
- Schneider Electric will create a report which provides a starting point to prioritise
- Expert consultation
- A deep dive into the results of the cybersecurity assessment. Schneider cybersecurity experts provide detailed recommendations and step by step guidance for the implementation
- Companies can ask Schneider experts questions and gain clarifications of the assessment results
- Experts outline a suggested time frame for implementation and budget estimate
- Workshop sessions to define a blueprint for cybersecurity and prioritise which areas to address
Within the assessment,
Schneider cybersecurity experts will conduct controls-related network
discussions, including reviewing:
- network architecture
- ICS system components
- cybersecurity policies and procedures
- physical security procedures
This new Cyber Risk Assessment is just another way Schneider Electric brings its customers along with it as we enter a cyber-sensitive, digital world that relies on being ‘always on’.