Managing Automation - November 2008 - (Page 31) [ SPECIAL REPORT ] need to develop comprehensive security strategies and introduce new technologies available that can help. “There has to be some drastic mind-set changes on security,” Rakaczky says. “As control engineers, operational engineers, and process engineers, we have to learn how to develop, execute, and implement solutions enhanced for security, while taking advantage of traditional IT technologies, including the firewall, networking monitoring tools, and virus [protection].” PERVASIVE SECURITY The National Institute of Standards and Technology (NIST) last year published the second draft of its “Guide to Industrial Control Systems Security.” The publication, SP800-82, states that because indusThe Layered Approach to Security trial control systems, including SCADA, DCS, and PLCs, have moved A typical industrial control system requires an in-depth defense strategy that includes the following: from closed, proprietary solutions to open networks of IP-enabled deDeveloping security policies, procedures, training, and educational material that apply specifically vices, the industrial environment is to the industrial control system (ICS). now more vulnerable to cyber-secuConsidering ICS security policies and procedures based on the Homeland Security Advisory rity incidents. System Threat Level and deploying increasingly heightened security postures as the threat Moreover, we live in a world level increases. where companies compete globally, Addressing security throughout the lifecycle of the ICS, from architecture design to procureand economic as well as political ment, to installation, to maintenance, to decommissioning. pressures have heightened the security risks. Implementing a network topology for the ICS that has multiple layers, with the most critical “Threats to control systems can communications occurring in the most secure and reliable layer. come from numerous sources, inProviding logical separation between the corporate and ICS networks — for example, placing cluding hostile governments, terrorstateful inspection firewalls between the networks. ist groups, disgruntled employees, Ensuring that critical components are redundant and are on redundant networks. malicious intruders, complexities, acDesigning critical systems for graceful degradation (fault-tolerant) to prevent catastrophic cidents, natural disasters, as well as cascading events. malicious or accidental actions by insiders,” the NIST reports states. Disabling unused ports and services on ICS devices after testing to assure this will not impact In this new world where hackers ICS operations. can bring a refinery’s cat cracker Restricting physical access to the ICS networks and devices. to its knees, manufacturers need to Considering the use of separate authentication mechanisms and credentials for users of the ICS develop an in-depth defense stratnetwork and the corporate network — for example, ICS network accounts do not use corpoegy (see sidebar, this page). rate network user accounts. In addition to a detailed strategy, Using modern technology, such as smart cards, for personal identification verification. manufacturers will need to implement new, layered technologies to Implementing security controls, such as intrusion detection software, antivirus software, and file secure their plants. integrity checking software, to prevent, deter, detect, and mitigate the introduction, exposure, and Security technology vendor Top propagation of malicious software to, within, and from the ICS. Layer has added an Intrusion PreApplying security techniques, such as encryption and/or cryptographic hashes, to ICS data storvention System, an appliance that age and communications. provides what the company calls Expeditiously deploying security patches after testing all patches under field conditions on a test “three-dimensional protection.” The system, if possible, before installation on the ICS. system is said to protect against maTracking and monitoring audit trails on critical areas of the ICS. licious content, has a firewall capable of dynamically filtering packets, and Source: National Institute of Standards and Technology (U.S. Department of Commerce), “Guide to Industrial Control System (ICS) Security,” special publication 800-82, second public draft, September 2007. offers protection from rate-based at(For more on the NIST document, see http://csrc.nist.gov/publications/drafts/800-82/draft_sp800-82-fpd.pdf) tacks, such as denial of ser vice (DoS). The system can be deployed at the perimeter, on internal networks, or in remote locations. In addition, Top Layer is building a security ecosystem of vendor products that can provide a layered approach to security. The company has technology partnerships with Bradford Networks, a provider of network access control products, and with Netronome, which has technology that can identify threats hidden within Secure Sockets Layer (SSL)-encrypted communications. The goal, Pappas says, is to build an industrial solution around “pervasive security.” Similarly, industrial wireless networking technology vendor Apprion recently rolled out a security application for its ION System, which manages multiple wireless industrial • • • • • • • • • • • • • • • 31 November 2008 http://csrc.nist.gov/publications/drafts/800-82/draft_sp800-82-fpd.pdf
Table of Contents Feed for the Digital Edition of Managing Automation - November 2008 Managing Automation - November 2008 Contents Take 1 At One-Year Mark, Wonderware President Focuses on Empowering Plant Operators Oracle Demos Fusio Apps, Reveals Delays Baan Founder Says BPM Will Replace ERP Emerson Talks Wireless at Annual User Group Event Merger Complete, Intercim Focuses on Collaboration Notes Cover Story: The New Supply Chain Reality Special Report: Keep Out Integration: The On-Demand Interchange Industries: Ending the Endless Waves of Paper Product Scan Advertiser Index Next Managing Automation - November 2008 Managing Automation - November 2008 - Managing Automation - November 2008 (Page Cover1) Managing Automation - November 2008 - Managing Automation - November 2008 (Page Cover2) Managing Automation - November 2008 - Managing Automation - November 2008 (Page 3) Managing Automation - November 2008 - Contents (Page 4) Managing Automation - November 2008 - Contents (Page 5) Managing Automation - November 2008 - Contents (Page 6) Managing Automation - November 2008 - Contents (Page 7) Managing Automation - November 2008 - Take 1 (Page 8) Managing Automation - November 2008 - Take 1 (Page 9) Managing Automation - November 2008 - At One-Year Mark, Wonderware President Focuses on Empowering Plant Operators (Page 10) Managing Automation - November 2008 - Oracle Demos Fusio Apps, Reveals Delays (Page 11) Managing Automation - November 2008 - Baan Founder Says BPM Will Replace ERP (Page 12) Managing Automation - November 2008 - Baan Founder Says BPM Will Replace ERP (Page 13) Managing Automation - November 2008 - Baan Founder Says BPM Will Replace ERP (Page 14) Managing Automation - November 2008 - Emerson Talks Wireless at Annual User Group Event (Page 15) Managing Automation - November 2008 - Emerson Talks Wireless at Annual User Group Event (Page 16) Managing Automation - November 2008 - Merger Complete, Intercim Focuses on Collaboration (Page 17) Managing Automation - November 2008 - Notes (Page 18) Managing Automation - November 2008 - Notes (Page 19) Managing Automation - November 2008 - Cover Story: The New Supply Chain Reality (Page 20) Managing Automation - November 2008 - Cover Story: The New Supply Chain Reality (Page 21) Managing Automation - November 2008 - Cover Story: The New Supply Chain Reality (Page 22) Managing Automation - November 2008 - Cover Story: The New Supply Chain Reality (Page 23) Managing Automation - November 2008 - Cover Story: The New Supply Chain Reality (Page 24) Managing Automation - November 2008 - Cover Story: The New Supply Chain Reality (Page 25) Managing Automation - November 2008 - Special Report: Keep Out (Page 26) Managing Automation - November 2008 - Special Report: Keep Out (Page 27) Managing Automation - November 2008 - Special Report: Keep Out (Page 28) Managing Automation - November 2008 - Special Report: Keep Out (Page 29) Managing Automation - November 2008 - Special Report: Keep Out (Page 30) Managing Automation - November 2008 - Special Report: Keep Out (Page 31) Managing Automation - November 2008 - Special Report: Keep Out (Page 32) Managing Automation - November 2008 - Special Report: Keep Out (Page 33) Managing Automation - November 2008 - Integration: The On-Demand Interchange (Page 34) Managing Automation - November 2008 - Integration: The On-Demand Interchange (Page 35) Managing Automation - November 2008 - Integration: The On-Demand Interchange (Page 36) Managing Automation - November 2008 - Integration: The On-Demand Interchange (Page 37) Managing Automation - November 2008 - Integration: The On-Demand Interchange (Page 38) Managing Automation - November 2008 - Integration: The On-Demand Interchange (Page 39) Managing Automation - November 2008 - Industries: Ending the Endless Waves of Paper (Page 40) Managing Automation - November 2008 - Industries: Ending the Endless Waves of Paper (Page 41) Managing Automation - November 2008 - Industries: Ending the Endless Waves of Paper (Page 42) Managing Automation - November 2008 - Industries: Ending the Endless Waves of Paper (Page 43) Managing Automation - November 2008 - Industries: Ending the Endless Waves of Paper (Page 44) Managing Automation - November 2008 - Industries: Ending the Endless Waves of Paper (Page 45) Managing Automation - November 2008 - Product Scan (Page 46) Managing Automation - November 2008 - Product Scan (Page 47) Managing Automation - November 2008 - Product Scan (Page 48) Managing Automation - November 2008 - Product Scan (Page 49) Managing Automation - November 2008 - Product Scan (Page 50) Managing Automation - November 2008 - Product Scan (Page 51) Managing Automation - November 2008 - Product Scan (Page 52) Managing Automation - November 2008 - Product Scan (Page 53) Managing Automation - November 2008 - Product Scan (Page 54) Managing Automation - November 2008 - Product Scan (Page 55) Managing Automation - November 2008 - Product Scan (Page 56) Managing Automation - November 2008 - Product Scan (Page 57) Managing Automation - November 2008 - Product Scan (Page 58) Managing Automation - November 2008 - Product Scan (Page 59) Managing Automation - November 2008 - Advertiser Index (Page 60) Managing Automation - November 2008 - Advertiser Index (Page 61) Managing Automation - November 2008 - Next (Page 62) Managing Automation - November 2008 - Next (Page Cover3) Managing Automation - November 2008 - Next (Page Cover4)
For optimal viewing of this digital publication, please enable JavaScript and then refresh the page. If you would like to try to load the digital publication without using Flash Player detection, please click here.