Monitoring the ICS security state: Kaspersky Security Center and SCADA

Kaspersky Industrial CyberSecurity for Networks can relay data about the ICS security state to Kaspersky Security Center. To transmit data to Kaspersky Industrial CyberSecurity for Networks and Kaspersky Security Center, the required components must be installed.

If the transmission of ICS security state data to Kaspersky Security Center has been configured, you can configure the SCADA system to receive the corresponding information from Kaspersky Security Center.

Viewing the ICS security state in Kaspersky Security Center

To view the ICS security state in Kaspersky Security Center:

Open the Kaspersky Security Center Administration Console.
In the Kaspersky Security Center Administration Console tree, in the Managed devices folder, select the administration group containing the computer on which the Kaspersky Industrial CyberSecurity for Networks Server is installed.
Information about the computer status will be displayed in the section for working with the selected object, which appears on the right in the workspace of the selected group.
If the section for working with the selected object does not appear, open it by using the right border of the table containing the list of managed devices.

The computer status of the Kaspersky Industrial CyberSecurity for Networks Server corresponds to the ICS security state. The security state of the ICS is determined based on the presence of unprocessed incidents of Kaspersky Security Center. Kaspersky Security Center incidents are registered when certain event types of Kaspersky Industrial CyberSecurity for Networks are received.

The color of the icon of the Kaspersky Industrial CyberSecurity for Networks Server computer corresponds to one of the following ICS security states:

Red color: Critical status. There are unprocessed incidents of Kaspersky Security Center. This status is displayed if the Unprocessed incidents detected condition is enabled for the selected administration group in the list of conditions of the Critical status (enabled by default).
Yellow color: Warning status. There are unprocessed incidents of Kaspersky Security Center. This status is displayed if the Unprocessed incidents detected condition is enabled for the selected administration group in the list of conditions of the Warning status (and if this condition is disabled for the Critical status).
Green color: OK status. There are no unprocessed incidents of Kaspersky Security Center.
A green icon with the OK status may be displayed even if there are unprocessed incidents of Kaspersky Security Center. This is possible if the Unprocessed incidents detected condition is disabled for the selected administration group in the lists of conditions for the Warning and Critical statuses. To correctly display the ICS security state, you must enable the specified condition in the list of conditions for at least one of the Warning or Critical statuses.

Viewing the ICS security state via SCADA system

To configure a SCADA system to receive and display the ICS security state:

Install Kaspersky Security Gateway on the computer hosting Kaspersky Security Center.
You can find detailed information on installing and configuring Kaspersky Security Gateway in the Kaspersky Security Gateway Administrator's Guide.
In the SCADA system, create a control element that reflects the state of the computer with Kaspersky Industrial CyberSecurity for Networks.
Configure the created control element to receive data over the OPC DA 2.0 or IEC 60870-5-104 protocol.
Instructions on configuring the control element are provided in the Kaspersky Security Gateway Administrator's Guide.