Security at Dispel

Industrial control system security doesn't stop with your systems. Learn more about how Dispel's internal security programs back up our products.

SOC 2 Type 2 Compliance

When you’re connecting to critical infrastructure, you require superior security, privacy, and compliance controls— and regular reports on their effectiveness. Dispel has validated its systems, applications, people, and processes through independent third-party audit. Our SOC 2 Type 2 report is available under NDA.

Icon depicting Dispel SOC 2 certification

01 / INTERNAL SECURITY

The Security We Practice

Dispel regularly undergoes cybersecurity audits, and our customers make sure we’re on top of our game when it comes to secure remote access.

  • NISP Operating Manual

  • GDPR

  • Exportable

Many of our security practices are aligned to the DoD 5220.22-M. We are also GDPR-compliant, and exportable.

Organizational Security

Personnel Security

Access

Dispel’s personnel practices apply to all employees and contractors who make up the Dispel workforce. All workers are required to understand and follow internal policies and standards.

Prior to access to Dispel systems, workers agree to confidentiality agreements and consent to background investigations. The depth of a personnel security investigation depends on the kind of access the individual may have. Workers also attend regular security awareness training, including topics such as device security, avoiding phishing, data privacy, physical security, incident reporting, and workplace ethics.

Upon termination of work at Dispel, all access to Dispel systems is removed immediately.


Training

Dispel provides all employees with security training and briefings commensurate with their involvement with sensitive information. This training covers topics such as general security awareness, device security, insider threat awareness, reporting requirements, and data protection. Workers are encouraged as part of the culture to personally verify identities when access requests are made.


Ownership

Cybersecurity is geopolitical. Dispel is sensitive to the risks associated with possible foreign ownership and influence. To that end, we have taken the following steps:

Our core technology is developed on U.S. soil. Technology areas with lesser security requirements, such as our informational website, may be developed in both U.S. and allied territories. Dispel does not outsource software development. Our engineers are U.S. citizens or authorized for employment by the U.S. Government.

Some of our systems use open source software, which we do not control. When we use open source software, we reasonably update which software is used in a publicly available list.


Roles

Dispel has defined roles and responsibilities to distinguish which personnel have security obligations and responsibilities. At the center of our security efforts is the Dispel Security Team. These personnel are responsible for supervising and directing security measures necessary for implementing applicable requirements for sensitive information.


Workstations

Access to Dispel workstations are secured by video surveillance, locks, keyed access, and intrusion detection systems as appropriate for the sensitivity of the material handled at the relevant facility.

All computers used by workers are configured to comply with our standards for security. These standards require all computers to be properly configured, kept updated, and run security monitoring software. When new workers start, their computers are configured to encrypt data, have strong passwords, restrict remote access, and lock when idle. Computers run up-to-date monitoring software to report and detect potential malware and malicious activity.


Policies

Dispel has internal policies we maintain in order to safeguard information, and create a culture of trust and security awareness. This document is among those. Through culture and policy, our security documents help Dispel workers operate reliably and ethically. These policies are living documents, and are updated and made available to all workers to whom they apply.


Audits, Compliance, and Independent Assessments

Audits

When appropriate for meeting a particular standard, Dispel undergoes independent audits of our procedures and facilities. When appropriate and with approval, some customers also perform their own security audits of our technology. Our Security Team works with other companies' security and architecture teams to make sure we address questions prior to a deployment.


Penetration Testing

We undergo regular independent white box penetration testing. The results of these tests can be made available under a non-disclosure agreement.


Compliance: SOC 2,
ISO 27001, & GDPR

Dispel is SOC 2 Type 2 certified. We continuously monitor our systems against SOC 2, ISO 27001, HIPAA and other security controls.

Dispel does not maintain its own data centers, and instead utilizes third-party cloud providers. Those providers often do hold additional certifications beyond what Dispel has. In circumstances where clients use their cloud credentials in Dispel, we will use those credentials as directed to provision resources for the client.

Technological Security

Build Security

Code Review and Handling

Dispel uses version control software to store code. We try to push code to production as often as safely possible, so bugs get fixed quickly. We like to have second sets of eyes look at code. When code moves from a feature branch to staging to production, it is subject to a code review when the pull request is made to merge the branch into staging.


Network Security

Dispel divides its networks into separate infrastructure in order to protect more sensitive information. Systems supporting testing and development environments are distinct from production environments. Access and credentialing to production systems and databases is restricted to engineers with specific business requirements.

Network access to production systems are isolated to protocols needed to support the applications. System logs are generated and stored in accordance with customer requests, for alerting and monitoring. For that reason, Dispel security and engineering teams receive notifications depending on state and status of Dispel network infrastructure.


Authorization

Dispel employs a system of least trust when granting systems access in order to minimize the risks of a data breach and the possibility of insider threat. Dispel grants access to code repositories, billing systems, customer relationship management tools, email servers, and cloud environments based upon business requirements.

Workers must request access from their manager or responsible owner when seeking to escalate privileges. When workers no longer require access, their credentials are revoked. Access audits are conducted quarterly to determine if granted accesses are still necessary.


AUTHENTICATION

Least Trust

Dispel requires the use of approved password managers. Password managers help prevent the re-usage of passwords and reduce the chance that passwords are physically written down. They also reduce the risk of successful phishing attacks.

To further minimize the risk of unauthorized access, Dispel requires multi-factor authentication on systems containing more sensitive information. Where applicable, Dispel uses private keys for authentication. Where SSH keys are used, access is restricted to individuals with business requirements necessitating knowledge of those SSH keys.

When credentials are transmitted between workers, encryption methods such as public-key cryptography or out-of-band transmission are used. When credentials are encrypted using public keys for transmission, data transit is still conducted under encrypted protocols. In production environments requiring the highest level of security, single-tenant systems are provisioned without root access and will not provide access credentials to anyone.


Engine Surety Tamper
Control and Detection
Program STCDP

For clients who want to restrict access to their dedicated Engines, Dispel uses the Two-Person Concept (TPC) for tamper control measures. TPC is designed to make sure that neither the client nor Dispel peronnel can perform an unauthorized procedure on the Engine without the others' knowledge. Engines under the STCDP are stationed behind a jump host whose access keys are held by the client. Access keys to the Engine are held by authorized Dispel personnel. The client must open an access tunnel on the jump host for the Dispel personnel to route through to the Engine.


Incident Response

If a security incident is detected, Dispel's computer security incident response team (CSIRT), which is part of the Security Team, will respond. The CSIRT's goal is to minimize and control the damage resulting from incidents by responding and recovering, and subsequently putting in corrections to prevent similar future incidents from taking place.

02 / SECURITY WE BUILD

The Security We Make

Dispel meets multiple enterprise security requirements with an industry-leading security program.

We help customers align towards each of these frameworks.

Product Security

Data encryption
in transit and in rest

Dispel transmits information over the public Internet. We protect data in transit with strong encryption, reviewing and updating to employ the latest cryptographically reliable cipher suites.

For example, at this time, when you are connected to your Dispel services through our client application or a hardware device, and for internal server-to-server transmissions, we use two layers of cascade ciphered AES-256-CBC with independent 4096-bit RSA keys for the initial key exchange. Keys are typically generated by segmented compute systems designed with randomness in mind, and distinguished between clients.

When you are using one of our browser-accessible applications, we employ AES-256-GCM encryption. These may be secured using SHA-256 with 2048-or 4096-bit RSA keys, depending on the security requirements of the application. This means many communications through Dispel are protected by three layers of encryption. We encrypt data multiple times, using different ciphers, for several reasons. As one example, by using different ciphers encrypted data is less susceptible to a zero day flaw that could affect both at the same time.

This allows you to align towards these frameworks:

NERC-CIP NIST CSF 1.1 LPM AWWA CFATS

LDAP user
management

With enforced MFA through ToTP and hardware tokens, single sign-on, and Active Directory integration. Granular user permissions are defined on a per-Enclave basis according to the principles of Least Privilege.

This allows you to align towards these frameworks:

NERC-CIP NIST CSF 1.1 LPM AWWA CFATS WaterISAC

Single-tenant provisioning

With rare, explicitly stated exceptions, Dispel production environments are single-tenant for each customer. This prevents one client from abusing the information they have about their Dispel network in order to attempt to attack another client on the same system. It also means any threat is segmented to a per-client minimum attack vector.

Client data is encrypted at rest in file systems, but client machines are usually active and therefore those drives are mounted in the OS. The hardware is subject to physical safeguards.

This allows you to align towards these frameworks:

NERC-CIP NIST CSF 1.1 LPM CFATS

Custom logging
and retention

You choose what information to keep, and we burn the rest. All of our components speak syslog, which we can consolidate and forward to a central SOC or SIEM according to customer requirements.

This allows you to align towards these frameworks:

NERC-CIP NIST CSF 1.1 LPM

Geo-location management

Dispel can be deployed across 250+ global datacenters. You choose where you want your servers to be. Or, you choose a region, and we’ll randomize within it.

This allows you to align towards these frameworks:

NIST CSF 1.1 AWWA

Clear environments
after you‘re done

As we like to say, we don’t just lock the door behind you, we remove the door entirely. As your systems are always rotating through new machines, the old ones are formatted clean.

This allows you to align towards these frameworks:

NERC-CIP NIST CSF 1.1 LPM AWWA CFATS WaterISAC

“It's not static. That was a big deal for us.”

Will Perez, Director of Information Security at ConnecticutWater

ctwater

03 / CONTACT US

Contact our security team

If you would like to contact us about a security concern, the fastest way to get in touch with our security team is at security@dispel.io.

Created Date: April 7, 2022
Expiration Date: April 7, 2025
ID: 213245D8
Algorithm: RSA
Length: 4096 bits
Finger Print: 09CC 78F2 8968 6CB4 3714 B419 3D86 5D88 2132 45D8
User ID: Security Team (security@dispel.io)


Download our key here

Get Started

Review a demo, schedule a pilot, and start having a more orderly, performant, world.

Try Dispel for free