Industrial Control Systems and Cyber

With the capability to stand up reliable programmable logic control (PLC)-based systems that require minimal human intervention, and the advent of high-speed public networks, many industries have migrated their process control infrastructure to distributed Industrial Control Systems (ICS) in an effort to centralize operations and minimize human resource costs. The ICS devices are connected to the public internet because that is the most efficient way to provide the necessary network connectivity for typically remote and physically isolated facilities. 

 

 

However, this solution, which was implemented for convenience and cost-savings, drives an enormous single point of failure vulnerability through the entire U.S. industrial infrastructure: attacking the ICS using the public internet. Devices are now interconnected and networked in a manner that was not envisioned 15 to 25 years ago, and the modern system-of-systems (SoS), internet of things (IoT), and modern network infrastructure will require significant resourcing to recover from the faulty decisions and mistakes made that have resulted in systemic vulnerability.

Peregrine offers: Expert testimony, valuation diligence, red team / penetration testing, arbitration / litigation discovery, and cross-walking support between Agencies or commercial internal departments.

Peregrine provides a team of highly skilled, highly knowledgeable consultants. Why? We may be more capable in changing the tactical and strategic vision than resident employees, due to our wide experience in this lane and also due to our technology-agnostic approach.  The consultant’s position is to know and understand generally accepted cyber security practices and the underlying technology, to quickly identify all deficiencies within and throughout a company, how remedial measures can be applied, and to provide a path forward within the financial and technological constraints of the company.

We focus on using business drivers to guide cybersecurity activities and considering cyber security risks as part of the organization’s risk management processes, thus potentially reducing and better managing cyber security risks. We align with the National Institute of Security Standards (NIST) Framework and also with all applicable Department of Defense Risk Management Framework controls.