Managing Automation - November 2007 - (Page 37)

With the plant floor and enterprise becoming more tightly linked and use of plant floor networks increasing, “it is critical for companies to develop a uniform IT policy that not “It is critical for companies to develop a uni- only covers the enterprise IT enviform IT policy that not only covers the enter- ronment, but also the plant environment,” says Todd Nicholson, chief prise IT environment, but also the plant.” marketing officer at Industrial De—Todd Nicholson, Industrial Defender, Inc. fender, Inc., supplier of the newly patented Industrial Defender risk mitand with preparation of the statement of appliigation technology suite, which covers all seven cability, which provides documentation of seculayers of the process control environment — from rity controls and risk assessment. perimeter protection and gateway virus filtering to Dow’s CSMS follows a six-step process: Idennetwork/host intrusion detection and security tify and classify assets; assess the assets; plan for event management. The company also provides risk management; draft a statement of applicarisk assessment services and risk management cobility; implement risk mitigation; and implement managed security services. Du Pont, for exam- up manufacturers’ defenses against cyber-attack. Although many guidelines and standards are still being developed, several cyber-security tools and techniques are in use by chemicals manufacturers. In 2002, the industry established the Chemical Sector Cyber Security Program (CSCSP) to help protect people, property, products, processes, information, and the environment. It operates under the Chemical Information Technical Council (ChemITC) of the American Chemistry Council (ACC), a trade association with 130 major chemical manufacturers as members. The CSCSP provides a roadmap for managing and reducing risk across the enterprise in the form of the Chemical Sector Cyber Security Strategy, published in 2002 and updated in 2006. The updated strategy focuses on both IT and manufacturing system security and addresses five elements: sharing information, enhancing guidance documents, increasing adoption, supporting development of security-enhanced technology solutions, and strengthening government relations (see table, this page). Although the strategy provides a framework and goals, it leaves the choice of tactics up to individual manufacturers. To help chemical manufacturers craft and implement a cyber-security management system, the ChemITC has published a series of guidance documents, including the Cyber Security Journey — How to Begin an Integrated Cyber Security Program and the Guidance for Addressing Cyber Security in the Chemical Sector 3.0. Centered on risk management, the latter document outlines a continuous improvement cycle in four phases: plan, do, check, and act. Dow Chemical Co. used these documents plus the ISO/IEC International Standard 17799 Code of Practice for Information Security Management to craft its cyber-security management system (CSMS). ISO 17799 helped to determine critical control elements within domains such as communication and operations management identified controls. In practice, the CSMS involves identifying gaps and opportunities, prioritizing risks, and mitigating the ones determined to be the most serious. An audit validates the effectiveness of the implementation, and star ts the process GUARDING THE CYBER-PORTALS over again with a reassessment. The Chemical Sector Cyber Security Strategy roadmap “We achieved reincludes five key elements: sults in less than two ● Fosters involvement and commitment across the sector years,” Ton van ● Maintains a robust cyber-security public advocacy program Kerkhoven, senior architect I/S at Dow, ● Encourages the adoption of sector practices and standards said during a Janu● Strengthens the industry’s information-sharing network ary 2007 Webinar or● Encourages the acceleration of improved security technolganized by CSCSP. ogy and solutions development The “guidance documents provided structure and information on how to start and what to do,” he noted. In a recent interview with Managing Automation, Global Supply Chain Director Donald J. Weintritt, Jr., said Dow Chemical parries roughly 25,000 cyber-attacks a day (see “Rethinking Supply Chains,” Sept. 2007, p. 16). ChemITC’s guidance documents also are designed to help ACC members comply with the industry’s Responsible Care Security Code. This global, state-of-the-art security management system addresses not only site and transportation security, but also cyber-security components, such as intrusion detection and access controls for voice and data networks. Compliance is mandatory for ACC members and requires certification by an independent auditing firm such as QMI Management Systems Registration. strategy sessions UNIFORM POLICY NEEDED 37 November 2007 http://www.nxtbook.com/nxtbooks/thomas/ma0907/index.php?startpage=18 http://www.nxtbook.com/nxtbooks/thomas/ma0907/index.php?startpage=18

Table of Contents Feed for the Digital Edition of Managing Automation - November 2007

Managing Automation - November 2007 Contents Take 1 Mailbox SAP's Business ByDesign to Validate On-Demand Model for Enterprise SW Portfolio Management Specialist Losing Ground to Rivals At Incor, It's Time for Some Deep Breathing Can HART, ISA Get Together on a Wireless Spec? Mesa Tries to Help Improve Plant Metrics Notes Cover Story: The Digital Factory Special Report: Breaking Down Walls Integration: Dreaming of One ERP Industries: Locking onto Cyber-Security Transformation: Not Your Father's Time & Attendance Program Product Scan Advertiser Index Next

Managing Automation - November 2007

For optimal viewing of this digital publication, please enable JavaScript and then refresh the page. If you would like to try to load the digital publication without using Flash Player detection, please click here.