Efficient Plant Nov./Dec. 2021 - 16

feature | cybersecurity
with or modifi ed while in transit by
attaching an authentication code to every
message. Th is capability is becoming a
higher priority as companies recognize the
interrelated nature of safety and security.
For example, a threat actor that tampers
with ICS communications, such as by making
a confi guration and program change,
can have potentially dangerous consequences.
Th ey can change product recipes,
damage equipment, and threaten human
or environmental safety. Protecting against
ICS tampering with data integrity can help
reduce these risks.
Data confi dentiality helps prevent
unauthorized viewing of data by encrypting
communications while they're in
transit. Th is can help protect sensitive or
Data confi dentiality helps prevent
unauthorized viewing of data by encrypting
communications while they're in
transit. Th is can help protect sensitive or
confi dential data.
CIP SECURITY-ENABLED
SYSTEMS
CIP Security is deployed at the device level,
specifi cally the device port, using CIP Security-enabled
devices. A growing number of
CIP Security is deployed at the device level,
specifi cally the device port, using CIP Security-enabled
devices. A growing number of
devices are now available with CIP Security,
including controllers, servo drives, and AC
drives. More are on the way.
Th ere are also ways to deploy CIP Security
using legacy devices. For example, certain
control systems can be retrofi tted with CIP
Security using special-purpose communication
modules. Many devices that aren't
CIP Security-capable can also be connected
to your system using a CIP Security proxy
device. Secure server and communication
soſt ware can also create secure communications
between PC-based tools such as ICS
design soſt ware and CIP Security-enabled
devices.
Of course, exactly how and where you
deploy CIP Security depends on your
security posture and the level of mitigation
you need to reach an acceptable risk state.
To understand this, you need to conduct a
security assessment.
16 | EFFICIENTPLANTMAG.COM
First, a threat assessment considers the
range of threats that could attack your production
sites, including criminal, terrorist,
natural, and accidental threats. Your threat
assessment should evaluate the likelihood of
each threat based on your specifi c business
requirements.
Second, a vulnerability assessment identifi
es methods by which the threats can be
exploited and provides recommendations
on how to address these vulnerabilities. You
can establish a risk score for each vulnerability
by rating their probability or ease of
exploitation, as well as the resulting impact
in terms of cost or injury if the exploit is
successful.
Th ird, a risk assessment evaluates your
risk scores and assigns actions that should
be taken for each of them.
Th ese three steps help you understand
your risks and how you can mitigate them.
SIMPLIFYING DEPLOYMENT
Confi guration soſt ware can play a big role
SECURITY ASSESSMENTS
A security assessment should be a collaborative
process between operational technology
(OT) and information technology
(IT) personnel. Th e goal is to maximize the
confi dentiality, integrity, and availability
protection, while maintaining functionality
and usability. Th e process involves performing
three sub assessments:
in helping reduce the time it takes to design
and deploy CIP Security in your operations.
For starters, administrators can use the
soſt ware to create and deploy security
policies to many devices, all at once, from
a central location. Th e ability to centrally
deploy CIP Security confi gurations helps
reduce the risk of human error because it
allows the confi gurations to be modeled,
validated, and deployed consistently.
Th e soſt ware can also hide some of the
A growing
number of
devices are now
available with
CIP Security.
More are on
the way.
complex techniques that CIP Security
employs, such as certifi cate authorities and
encryption algorithms. Th is allows administrators
to focus on creating more secure
communications between trusted devices.
Within the soſt ware, administrators create
security models that are structured with
zones and conduits. Zones create smaller
domains of trust and are comprised of ICS
devices based on common functionality and
security requirements. A zone, for example,
could include a production cell or a group
of supervisory PCs.
Conduits control communications
between zones. You can also create conduits
between non-CIP Security devices and CIP
Security-enabled devices using CIP Security
confi guration soſt ware that has a " Trusted
IP " feature.
PERFORMANCE
CONSIDERATIONS
Th reat mitigation is the goal when you use
CIP Security. But there are times when you
also need to factor device performance into
your security policies.
Th e fi rst is when you're considering using
data confi dentiality. Not all ICS communications
need to be protected with encryption,
which aff ects network adapter capacity.
Because of this, you shouldn't use data
confi dentiality for ICS communications that
are sensitive to latency.
Also consider device performance when
you're determining how trusted devices will
NOV/DEC 2021
http://www.EFFICIENTPLANTMAG.COM

Efficient Plant Nov./Dec. 2021

Table of Contents for the Digital Edition of Efficient Plant Nov./Dec. 2021

Efficient Plant Nov./Dec. 2021 - Cover1
Efficient Plant Nov./Dec. 2021 - Cover2
Efficient Plant Nov./Dec. 2021 - 1
Efficient Plant Nov./Dec. 2021 - 2
Efficient Plant Nov./Dec. 2021 - 3
Efficient Plant Nov./Dec. 2021 - 4
Efficient Plant Nov./Dec. 2021 - 5
Efficient Plant Nov./Dec. 2021 - 6
Efficient Plant Nov./Dec. 2021 - 7
Efficient Plant Nov./Dec. 2021 - 8
Efficient Plant Nov./Dec. 2021 - 9
Efficient Plant Nov./Dec. 2021 - 10
Efficient Plant Nov./Dec. 2021 - 11
Efficient Plant Nov./Dec. 2021 - 12
Efficient Plant Nov./Dec. 2021 - 13
Efficient Plant Nov./Dec. 2021 - 14
Efficient Plant Nov./Dec. 2021 - 15
Efficient Plant Nov./Dec. 2021 - 16
Efficient Plant Nov./Dec. 2021 - 17
Efficient Plant Nov./Dec. 2021 - 18
Efficient Plant Nov./Dec. 2021 - 19
Efficient Plant Nov./Dec. 2021 - 20
Efficient Plant Nov./Dec. 2021 - 21
Efficient Plant Nov./Dec. 2021 - 22
Efficient Plant Nov./Dec. 2021 - 23
Efficient Plant Nov./Dec. 2021 - 24
Efficient Plant Nov./Dec. 2021 - 25
Efficient Plant Nov./Dec. 2021 - 26
Efficient Plant Nov./Dec. 2021 - 27
Efficient Plant Nov./Dec. 2021 - 28
Efficient Plant Nov./Dec. 2021 - 29
Efficient Plant Nov./Dec. 2021 - 30
Efficient Plant Nov./Dec. 2021 - 31
Efficient Plant Nov./Dec. 2021 - 32
Efficient Plant Nov./Dec. 2021 - Cover3
Efficient Plant Nov./Dec. 2021 - Cover4
https://www.nxtbookmedia.com