Security by Design

Advisory Details

  • Issue Date:

    May 8, 2023

  • Importance

    Moderate

  • Summary

    Security by Design

  • Systems Impacted

    All OT/ICS Environments

Recently, the cybersecurity authorities of Australia, Canada, United Kingdom, Germany, Netherlands, and New Zealand, the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the National Security Agency (NSA) have published a joint guide for software manufacturers to ship products that are by default – ‘Secure by Design.’

Security by Design means technology products and systems are built and/or implemented in a manner that by default, reasonably protect against malicious cyber-attacks to devices, software and connected infrastructure. It further implies that an in-depth Risk Assessment is to be performed to identify and defend against currently known cyber-threats on critical systems. Based on the resulting assessment(s), countermeasures can be implemented that align with a security roadmap designed to meet organization specific business continuity objectives.

Mangan Cybersecurity is no stranger to Secure-by-Design as we have both captured and utilized Industrial Control Systems Secure by Design (ICSSbD™) since 2015. Secure by Design is our core cybersecurity backbone

Actions and/or Recommendations

Facility owners and operators should adopt a secure-by-design philosophy in all present and future work. This must go beyond proper design, but also become a cultural element of the cybersecurity approaches and plans.

Mangan Cybersecurity has embraced ICSSbD™ as a fundamental belief that superior design and proper protection must go hand-in-hand. Furthermore, system designs should integrate cybersecurity elements at the outset and throughout their lifecycle from inception through retirement. ICSSbD™ instills a culture of cybersecurity into the lifeblood of the business, its clients, and resulting projects.

An effectively managed assessment is key to its success. Mangan’s proprietary ICSSbD™ toolkit organizes and ensures a client’s OT cybersecurity position is documented, assessed, and aligned with business strategies. ICSSbD™ is the cybersecurity business guide, process, and management lifecycle incorporated into OT cyber resiliency. The asset-based model is centered around a Mitre Att&ck® knowledge base and aligns with the NIST (National Institute of Standards and Technology) CSF (Cybersecurity Framework).

About REAL Matters and Mangan Inc.

REAL Matters advisories are published to communicate cybersecurity threats and risks within the Operational Technology (OT) environment and where Critical Infrastructure vulnerabilities are identified. The purpose of this newsletter is to inform, propose suggested approaches to mitigate the risk as well as provide feedback on how Mangan Cybersecurity is approaching the issue(s) addressed.

Mangan Inc. is a nationally-recognized Specialty Engineering, Automation, and Integration company, providing a full-range of services to the Oil & Gas, Refining, Pipeline, Chemicals, and Life Sciences Industries. Established in Long Beach, California in 1990, Mangan’s multiple office locations include sites in California, Georgia, New Hampshire, North Carolina, Texas, and Louisiana. Mangan’s 350+ employee-owners bring expertise, innovation, and safety as their core mission to some of the largest companies in the world.

Scroll to Top