Any software nowadays is exposed to security analysis by security experts (both with good and bad intentions). This often results in vulnerabilities being discovered. Usually, software vendors address vulnerabilities by issuing security updates, commonly referred to as patches. In order to reduce the window of opportunity for an attacker to exploit such vulnerabilities, patches should be deployed as quickly as possible.

This service includes continuous maintenance of deployment of approved 3rd party security patches for the ABB control system, giving the customer the comfort of knowing that his system is always on an up-to-date level.

A common threat to control systems is the infection with malware, often generic malware circulating on the Internet but also sometimes target malware for control systems. Common anti-virus solutions are a part of the security architecture recommended by ABB. However, new malware is developed frequently and traditional anti-virus software must be updated to also be able to protect against recent malware. Therefore, regular downloads of anti-virus updates are essential for the effectiveness of anti-virus solutions and a very important part of a company’s overall security policy.

This service includes continuous maintenance of deployment of anti-virus updates, giving the customer the comfort of knowing that the anti-virus solution is always up-to-date and can provide the most effective protection possible.

Managing user accounts and their respective access rights is the recommended mechanism to enforce the principle of least privilege on the user level. Defining and maintain user access rights, user policies, approvals and training needs are all a part of this service. Typical user groups to be managed are users of the process control system, demilitarized zone (DMZ) users and users for remote work. This gives the customer the peace of mind that users of his system always have the relevant access rights – nothing more, nothing less.

In the event of a system failure, it is of the utmost importance that relevant system information is safely maintained for a potential system restore to ensure business continuity. ABB can plan and maintain a detailed backup strategy, including recovery plan, along with the possibility of implementation. In case of fatal equipment failure this supports the customer in restoring the system to a working condition as soon as possible.

Network segregation is a common recommendation for any security architecture. Segregating networks allows for an easier enforcement of the principle of least privilege on a network communication level. Also, it is crucial to contain potential incidents to a defined subsystem and to prevent a single breach of security to spread throughout the entire system and into other systems. This service focuses on maintaining a robust network structure including firewalls and controlled interfaces to protect against outside intrusion.