Embed Size (px)
Citation preview
For more than 40 years, Teltronic has developed, implemented and deployed the safest and most reliable land mobile radio projects worldwide. Now, as Cyber attacks are growing year by year, the company transfers this experience to cyber security sphere, increasing its portfolio to keep on leading critical communications in sectors like transportation, public safety or utilities.
Teltronic cyber security solution allows mitigating the ever-increasing cyber threats, avoiding breaches that could hamper critical infrastructures and, consequently, the overall safety of all citizens.
Threats come from various directions and channels, multiplying the likelihood that critical infrastructures may be affected sometime during their life cycle. Cyber attacks may occur anytime, making firewall protection, encryption, antimalware, hardening and others related measures a must. Additionally, a 24x7x365 monitoring of the asset vulnerabilities, backed by a Security Operations Centre (SOC), enables comprehensive analysis of security information to prevent attacks and promptly react to unexpected system behaviour.
MISSION CRITICAL PMR USERS PROTECTION
OT systems consist of a collection of subsystems or components brought together to perform as an integrated, purpose-built entity that assists and supports a specified process considered as critical within an organization. Being at the core of our modern societies and communities, and facilitating the everyday routines of police forces, fire brigades, power generation plants, transport authorities, industries, airports, ports, etc, OT systems must always function according to the highest standards with uninterrupted availability.
Teltronic framework based on the TETRA and LTE standards and including integrated command and control solutions, serving mission critical PMR users and agencies worldwide, thus belongs to the OT domain, where availability, confidentiality, and integrity are vital when designing, implementing, and maintaining cyber security safeguards.
Cyber security becomes particularly significant when it refers to the protection of mission critical Professional Mobile Radio (PMR) users and organizations whose personal safety, processes and business value depend on the uninterrupted operation of a mobile radio communication system and control centre. From a cyber security perspective, what are known as OT (Operational Technology) systems.
PUBLIC SAFETY AND LAW ENFORCEMENT
TRANSPORT
REQUIREMENTS
OPERATION & MAINTENANCE
ASSET OWNER
INTEGRATION COMMISSIONING
SYSTEM INTEGRATOR
PRODUCT DEVELOPMENT
PRODUCT SUPPLIER
SECURITY DOCUMENTATION, GUIDELINES AND SUPPORT
OIL & GAS, UTILITIES AND MINES
AIRPORTS & PORTS
ADHERENCE TO INTERNATIONAL STANDARDS AND REGULATIONS
NIST CYBER SECURITY STRATEGY
Teltronic portfolio of cyber security licences and services adheres to the following international standards:
> API STD 1164 / American Petroleum Institute Pipeline SCADA Security
> ISA-99/IEC 62443 / Industrial Automation and Control Systems Security
> ISO/IEC 27001 / Information Security Management Systems (ISMS)
> NIST SP 800-82r2 / Guide to Industrial Control Systems (ICS) Security
> NIST SP 800-53r4 / Security and Privacy Controls for Federal Information Systems & Organizations
> NIST SP 800-92 / Guide to Computer Security Log Management
> NIST SP 800-128 / Guide for Security-Focused Configuration Management of Information Systems
Teltronic provides full flexibility to develop a customized cyber security solution along with the customer to fully protect their PMR systems. The approach followed is based on the National Institute of Standards and Technology (NIST) framework for improving critical infrastructure cyber security, which identifies five key functions for the overall protection of digital systems.
I D E N T I F YDevelop and use organizational understanding to manage cyber security risk to systems. Understanding the operational context and cyber security risks enables organizations to focus and prioritize efforts.
P R O T E C TDesign and implement safeguards to limit the impact of potential events on critical infrastructures, and thus ensure their envisaged delivery and contain the negative effects of a potential cyber security event.
D E T E C TImplement activities to identify the occurrence of cyber security events. This can include continuous monitoring and detection processes developed for the timely discovery of any anomalies.
R E S P O N D
Take appropriate and effective action following a cyber security event with the aim of containing the impact of it. Response planning, quick communication, and mitigation could be used to drive the Respond function.
R E C O V E RResilience strategy and plans for the timely repair of compromised systems and services due to a cyber security event in order to revert back to normal operation.
NIST CYBER SECURITY STRATEGY
P R O T E C TP R O T E C T
NIST CYBER SECURITY STRATEGYNIST CYBER SECURITY STRATEGYNIST CYBER SECURITY STRATEGYNIST CYBER SECURITY STRATEGY
I D E N T I F YI D E N T I F YI D E N T I F YI D E N T I F YI D E N T I F YI D E N T I F Y
P R O T E C TP R O T E C TP R O T E C TP R O T E C TP R O T E C TP R O T E C T
R E S P O N D
D E T E C TD E T E C T
R E S P O N D
R E C O V E RR E C O V E RR E C O V E R
CONFIDENTIALITY, AVAILABILITY AND INTEGRITY LAY THE BASIS FOR THE APPROPRIATE OPERATION
OF ANY DIGITAL ASSET
C O N F I D E N T I A L I T YProtection of information from
unauthorized disclosure and systems from unauthorized use.
It can be guaranteed through passwords and encryption.
A V A I L A B I L I T YAbility of accessing information
and making use of the system when, where, and how users
demand. It can be guaranteed through malware protection
and software patching.
I N T E G R I T Ywith the organization or business expectations. It can be guaranteed through hardening and firewall blocking.
CYBER SECURITY LICENSES
A D V A N C E D C Y B E R P R O T E C T I O NAlso technically known as system hardening, consists of the implementation of a series of countermeasures and safeguards that take the system to a state in which complete functionality and operating effectiveness are delivered, whereby multiple settings and configurations of varied nature are applied to minimize system vulnerability, in accordance with a least privilege use policy. System hardening encompasses settings to reinforce accounting, access control, authentication, logging and auditing, monitoring, change and modification, filtering, etc.
M A L W A R E P R O T E C T I O NInstallation and execution of antimalware solutions within the system to prevent the spread, intrusion, installation, and execution of any sort of malware. Both, antivirus and whitelisting are employed under the malware protection licenses, according to the working scenario and requirements of OT systems. Antivirus are the most widely known antimalware solutions, seeking to scan and detect pieces of software that match a database of known malware to prevent their execution. Whitelist solutions set a list of programs that are permitted to run within the system, such that no illegitimate, unauthorized, or newly installed software can be executed.
RANGE OF TELTRONIC SERVICES
P E N E T R A T I O N T E S T I N GControlled security test performed on Teltronic products, conducted by a specialised
company by using a testing tool which replicates common exploit methods to assess the level of effectiveness of existing security controls and eventually
find potential vulnerabilities that should be mitigated.
S E C U R I T Y S U R V E I L L A N C EInspection, testing and notification of recommended patches for antimalware solution and Windows based Teltronic products. This preventive service helps to timely resolve any relevant security vulnerability discovered which could be exploited by attackers, without interfering with normal system operation.
P A T C H I N G A N D A N T I M A L W A R E U P D A T EDelivery and optional installation of recommended patches for antimalware solution
and Windows operating systems, as a result of the actions and outcomes of the Security Surveillance Service.
A C T I V E D I R E C T O R YAttachment of Teltronic relevant components to a centralised authorisation system or directory service, such that users must authenticate prior to being granted access by providing unique and individual username/password credentials.
S E C U R I T Y A S S E S S M E N T & C O N S U LT I N GOriented to enhance the level of cyber security protection of customers. This service aims to analyse in detail the customer topology, system vulnerabilities and main attack vectors
potentially faced. After this evaluation, Teltronic will be able to propose to the customer an initial set of cyber security recommendations for Teltronic systems.
A D D I T I O N A L S E C U R I T Y S E R V I C E S> Integration with RADIUS systems. > Integration with SIEM systems.
REFERENCES> ALGERIA
> ARGENTINA
> AUSTRALIA
> AUSTRIA
> BRAZIL
> CANADA
> CHILE
> COLOMBIA
> DENMARK
> ECUADOR
> FRANCE
> GERMANY
> INDONESIA
> KAZAKHSTAN
> MALAYSIA
> MEXICO
> MONGOLIA
> MOZAMBIQUE
> NEW ZELAND
> NORWAY
> PERU
> PHILIPPINES
> POLAND
> QATAR
> SAUDI ARABIA
> SOUTH KOREA
> SOUTH AFRICA
> SPAIN
> TAIWAN
> THAILAND
> TURKEY
> UK
> USA
> UZBEKISTAN
> VENEZUELA
> VIETNAM
