New security tool suite released-- but can users use it properly?
From the press release:
Berkana Resources Corporation and CIDG, Corp. Announce Industry First Comprehensive Security and Compliance Solution (CSACS TM) for Critical Infrastructure
Houston, Texas, February 18th, 2009 – Berkana Resources Corporation and CIDG, Corp. are pleased to announce the release of our Industry first, Comprehensive Security and Compliance SolutionTM (CSACS TM). CSACS TM integrates Modulo’s award winning Risk Manager™ tool with the proprietary approach to performing Security and Compliance Assessments developed by Berkana, CIDG, and Joyce & Paul, PLLC.
Leveraging the same research and years of experience used to create the Holistic Lifecycle Model TM for Industrial Security, Berkana Resources and CIDG’s new CSACS TM adds additional depth and functionality to our already unparalleled risk management and compliance services. Supported by legal counsel, our comprehensive approach begins with due diligence by helping clients establish privileged and secure communications throughout the entire process.
Once the ground rules are set, our experienced team utilizes CSACS(TM) methods and tools to assist clients with implementing a completely comprehensive and seamless risk management and compliance process that will help minimize both risk and liability.
CSACS (TM) is not just a cyber security assessment tool. It is a complete solution that was designed to provide an entire process and supporting framework for addressing Cyber, Physical and Operational security requirements for SCADA system operators in the Oil & Gas, Water and Electric Utility Markets.
CSACSTM assesses risk by examining controls, looking directly for and prioritizing vulnerabilities and can even correlate data from other 3rd party assessment tools and methodologies.
Once assessment data has been captured, CSACSTM provides an automated and customizable risk analysis engine, a Workflow Manager* to assist you with remediation, a Business Continuity and Disaster Recovery Planning tool*, and a knowledgebase to help consolidate necessary information that may be scattered throughout your organization.
In addition to incorporating our Holistic Lifecycle Model TM, including any industry standard or client policy and procedure into your compliance assessment, Modulo’s patent pending Metaframework update feature was designed to automatically keep asset owners up to date on the latest changes to industry standards, guidelines, best practices and regulatory requirements.
For additional information on Berkana Resources and CIDG’s Comprehensive Security and Compliance SolutionTM, (CSACSTM), contact Jeff Whitney or Clint Bodungen or visit our websites at www.berkanaresources.com or www.cidgcorp.com .
The question I have is who's going to use this set of tools? We've seen over and over that traditional IT training and methodologies are often neither appropriate or applicable to the in-plant control system security environment.
With the real dearth of plant level or enterprise IT expertise in the requirements of SCADA and industrial control system security, the very best tools may not help, and may even engender a false sense of security.
Unfortunately even the best tools can't prevent GIGO.