About I&C Secure

Cover image

Mission

I&C Secure is dedicated to helping our clients build and maintain a robust and successful cybersecurity program for their Industrial Control Systems/Operations Technology (ICS/OT). We are focused on providing consulting and ICS/OT cybersecurity and engineering services to Massachusetts and New England based industrial critical infrastructure organizations such as Public Water Suppliers and Electric Utilities. Our aim is to help our clients achieve a resilient industrial operation by applying cybersecurity controls in way that is sustainable and maintainable, while always striving to reduce undue complexity in the design and implementation.

Our Approach

We specialize in designing and implementing ICS/OT cybersecurity programs that are sized to mitigate and minimize ICS/OT impacts according to client specific risk. Our process is to take a balanced approach to help our clients achieve a resilient industrial operation by applying cybersecurity controls in way that is sustainable, maintainable, and with reduced complexity. Our approach is to balance efforts across the following focus areas:

1) Resilient Control System

We design and implement modifications to the control system to maximize its inherent resilience. In many cases, a modification to the control system or physical process can eliminate the risks of highest consequence from occurring as a result of a cyber incident. I&C Secure refers to this effort as applied cyber-physical protections. Taking this approach will have an additional benefit of reducing the complexity and cost of additional cybersecurity controls required to meet the requisite cybersecurity risk reduction.

2) Preventative Controls

We design and implement the appropriate preventative controls to reduce the attack surface to keep the adversary from gaining access to or compromising assets within the ICS/OT environment. Some examples of preventative controls include applied technologies such as firewalls, VPNs, Multifactor authentication, Antivirus, application whitelisting, as well as, services to perform device hardening, default password mitigations, network segmenation, vulnerability management, etc.

3) Detection Controls

We design and implement the appropriate event and incident detection capabilities, which enable our clients to identify and resond to threats before imopacts are realized. Our team will provide the services and technology to enable host and network-based logging and monitoring across the assets and network within the ICS/OT environment. These logs are used to both identify potentially malicious artifacts within the ICS/OT environment in advance of incidents and impacts, as well as, an important source of data in a post incident investigation.

4) Incident Response Readiness

We design and document incident response procedures that include considerations for minimizing impacts and sustaining operations for the industrial process and our client’s mission. Incident response planning includes items such as an ICS/OT focused Cyber Incident Response Plan, comprehensive data backup policies and procedures for industrial control systems and operations technology assets, and containment and recovery strategies that guide activities after a cyber incident has occurred.

5) ICS/OT Cybersecurity Program

We dsign and develop appropriate policies, procedures, standards, and documents to add governance and make the ICS/OT cybersecurity program sustainable over the life or the organization. Planning and documentation are key to making a cybersecurity program sustainable, consistent, measurable, and ready for continual improvement.

President

Gus Serino

Gus Serino A seasoned professional with over 25 years of experience in control systems engineering and a distinguished background in Industrial Control System/Operations Technology (ICS/OT) cybersecurity. As a licensed Professional Engineer (PE), Gus combines his expertise to deliver resilient, optimized, and cyber-secure solutions for industrial critical infrastructure organizations.

With a profound understanding of water and wastewater systems process control, automation, SCADA, and operations technology, Gus possesses a unique ability to design and implement safeguarded architectures. His proficiency extends to evaluating critical systems and devising strategies to mitigate risks and consequences stemming from cybersecurity incidents or common failure mechanisms.

Gus’s career encompasses a wide range of roles, from consulting design engineering and SCADA systems applications engineering to management and leadership positions. He excels at bridging communication gaps within organizations, effectively conveying complex technical concepts to personnel at all levels, from technical staff to executives.

His background enables him to dissect the intricacies of complex systems, and he boasts a track record of efficiently leading the startup and commissioning of new facilities, processes, and systems. Additionally, Gus specializes in the intricate process of retrofitting upgraded technology in existing industrial facilities.

Gus has extensive experience in designing, implementing, and securing operational technology networks. He is well-versed in configuring routers, switches, firewalls, and other essential infrastructure and security devices.

As a trusted advisor across various industrial infrastructure sectors, including energy, water/wastewater, and manufacturing, Gus has played a pivotal role in enhancing the cybersecurity posture of numerous critical infrastructure organizations. He previously served as an industrial cybersecurity threat hunter, diligently monitoring for ICS/OT-focused cyber adversaries. He has also developed and delivered comprehensive training content and guidance materials, contributing significantly to the improvement of cybersecurity readiness within the industrial critical infrastructure community.

In his current capacity as the President and Founder of I&C Secure, Gus is dedicated to assisting industrial critical infrastructure organizations in New England in securing their ICS/OT environments. His primary focus is on establishing comprehensive and sustainable ICS/OT cybersecurity programs to ensure the long-term resilience of critical infrastructure systems. Gus’s unwavering commitment to the safety and security of these vital assets makes him a trusted leader in the field of control systems engineering and ICS/OT cybersecurity.