Protecting Life through Secure Systems

Life Critical Systems (LCS) are systems whose failure or malfunction could result in death or serious injury to people, loss or severe damage to equipment/property, or environmental harm. As such, Espanaro’s approach to the security of LCS is second to none. 

​

When reviewing, or designing, life critical system security solutions, there are a number of security threats that Espanaro will consider, including (but not limited too):

​

• Malware - can be used to take control of a Life Critical System, causing it to malfunction, share private or confidential data or even shut down.

• Phishing - phishing attacks, used by malicious parties to trick users into revealing sensitive information, such as passwords or authentication tokens, which can then be used to gain access to a Life Critical System, must be defended against by a spectrum of defences.

• Denial-of-service (DoS) attacks - DoS attacks can be used to overwhelm a Life Critical System with traffic, making it unavailable to its intended users at any time; correct design and procedures can limit the threat from DoS attacks.

• Physical attacks - such as tampering with hardware or disrupting power supplies, can also impact the security of Life Critical Systems.  Espanaro’s solutions always encompass the full spectrum of mitigating solutions, not just software or human, but hardware as well.

​

To protect Life Critical Systems from these and other threats, Espanaro undertakes, and can implement, a comprehensive security program that includes:

​

• Risk assessments - the first step is to assess the risks that particular Life Critical Systems face. This will help to identify the most critical threats and prioritize security measures accordingly.

• Security policy - Espanaro will develop security policies that define the security requirements for Life Critical Systems. This policy is documented and must be communicated to all stakeholders, a process Espanaro can assist with.

• Security controls – Espanaro will deploy a variety of relevant security controls to protect Life Critical Systems, such as firewalls, intrusion detection systems, training, certification and access control lists.

• Security awareness training - all users of Life Critical Systems should be trained on security best practices. Espanaro training covers such topics such as password security, phishing, and social engineering – at all levels of experience and risk.

• Incident response plan – alongside mitigation, prevention, and certification plans, Espanaro can help with incident response plans to respond to security incidents that impact Life Critical Systems. This plan will define the roles and responsibilities of key stakeholders and outline the steps that will be taken to contain the incident and restore normal operations.

​

By implementing a comprehensive security programs, Espanaro can help organizations to protect Life Critical Systems from cyber-attacks and other security threats.