Preventative maintenance and adjustment operations on the ICS

Problem

Preventative maintenance and adjustment operations on the ICS can create a large number of important and critical events in Kaspersky Industrial CyberSecurity for Networks.

Solution

While conducting preventive maintenance and adjustment operations, you can select one of the following options for resolving this problem:

• Leave all monitoring points and all technologies enabled on the Server and on application sensors. In this case, when viewing information about events and interactions of devices, take into account the time and list of preventive maintenance and adjustment operations to be conducted.
• Disable monitoring points or disable the use of technologies on monitoring points that receive traffic from industrial network segments where preventative maintenance and adjustment operations will be conducted. For example, if the work will be conducted in only one shop, you can disable the monitoring point that receives traffic from this shop and leave all other monitoring points enabled.
• Disable all monitoring points on all nodes that have application components installed. You can select this option if preventative maintenance and adjustment operations are to be conducted throughout the entire industrial network.

If you have disabled monitoring points or technologies, to resume control of the protected ICS you need to re-enable the monitoring points or technologies immediately after completion of preventative maintenance and adjustment operations.

Bear in mind that intruders may attempt to gain unauthorized access to the network during maintenance and commissioning operations on the ICS. Follow the security regulations and procedures in place at your enterprise when deciding to disable monitoring points or technologies.

If the composition or settings of the industrial network equipment were changed while conducting preventative maintenance and adjustment operations (for example, MAC addresses and IP addresses were changed), make the appropriate changes for Process Control, Interaction Control, and Asset Management. For example, you can configure the technology learning mode for the corresponding monitoring points.