Compliance Assistance

Compliance: A Difficult Journey Without Clear and Concise Roadmaps

• What IT security compliance regulations apply to your facility?
• Would your facility pass a comprehensive security audit?
• What threats have you identified within your IT security systems?

Operators of manufacturing facilities face a tremendous number of potential compliance issues. Between standards, regulations, guidelines, and best practices it’s often difficult to determine which are actually required. This ambiguity could lead to audit failures or an incident with penalties and legal liabilities. More importantly, if the necessary security systems are not in place it could lead to devastating consequences if a malicious worm or virus found its way into your network.

SCADA threats

Cyber threats do exist for SCADA systems. In just the past few years there have been several instances.

» Night Dragon

In 2011 McAfee reported finding an unsophisticated intrusion system out of China that targeted oil, gas, and petrochemical companies extracting sensitive intellectual property from energy companies for as long as four years from their public-facing websites. Among the data the acquired was bidding information in advance of lease auctions.

» Shamoon

Also known as Disttrack, Shamoon attacks computers running the Microsoft Windows “NT” line of operating systems. The energy sector is targeted with this cyber espionage. It’s capable of spreading to other computers on a network through exploitation of shared hard drives. Once it’s invaded a computer, the virus compiles a list of files from specific locations on the system. It erases those while sending information about the files to the attacker. Its final assault overwrites the master boot record preventing it from booting.

» Stuxnet

In June 2010, the Stuxnet computer worm was discovered. It spread via Microsoft Windows systems through the use of infected removable drives, such as USB flash drives. It also spread through other means such as peer-to-peer remote procedure call (RPC) which infected and updated computers inside private networks that were not directly connected to the Internet. Once started, Stuxnet spread quickly and indiscriminately, not only compromising systems, but also possessing the ability for industrial espionage.

The Enet 1 experience edge

As a Global IT Manufacturing Manager and Global IT Security Manager, Tim Smith, our founder and CEO was responsible for IT and security at over 80 manufacturing facilities in Asia, Europe, and America for Huntsman, a global manufacturer of differentiated chemicals. This experience made him acutely aware of the complexities and the necessity of compliance — especially in high impact manufacturing facilities. He brings this invaluable knowledge and skill to your company to assist in navigating the complex obstacles to compliance. He knows which implementations are critical for protection while simultaneously keeping your facility in compliance with all necessary regulations.

Give us a call or contact us by email to learn more on how we can assist you.