Plant Automation Security
1 Management Summary
Plant automation systems are undergoing significant change in the current digital transformation environment. Two of the main drivers for this change ...
Login Free 30-day Select Access Get full Access2 Highlights
- Plant automation systems hold significant promise for organizations to develop a closer relationship between business process owners and operational ...
3 The Ingredients
The components of a robust security framework are not onerous or complex; but it is necessary to ensure they are fit-for-purpose.
Login Free 30-day Select Access Get full Access3.1 Account Management
Managing accounts in an industrial computer system is essential to maintaining a secure environment. In the past, operators of ICSs have relied on phy ...
Login Free 30-day Select Access Get full Access3.1.1 Privileged account management
Part of the account management task is to provide special attention to those who can access privileged accounts. These are accounts that can access sy ...
Login Free 30-day Select Access Get full Access3.1.2 Vendor accounts
Historically many plant automation environments maintain a ‘back-door’ account for vendors to use for maintenance purposes. In many cases these ac ...
Login Free 30-day Select Access Get full Access3.1.3 Log management
Critical events and alarms should be written to a network management system. Authentication events should be part of this log management in order to f ...
Login Free 30-day Select Access Get full Access3.2 Network partitioning
It is necessary to maintain separate sub-nets within an ICS, each with its own access control group. This will greatly inhibit possible cross-contamin ...
Login Free 30-day Select Access Get full Access3.3 Endpoint protection
RTU concentrators and PLCs are typical endpoints requiring protection. These devices should have the ability to leverage technology such as:
- Appli ...
3.4 Embedded device protection
By definition embedded devices are less prone to attack because there is less opportunity for malicious hackers to get access to the system and modify ...
Login Free 30-day Select Access Get full Access4 Developing a Security Culture
While there is device-level security that can be ‘baked into’ devices it’s also important to instill a security culture within an organization. ...
Login Free 30-day Select Access Get full Access4.1 Social engineering attacks
Social engineering attacks are a major threat to an ICS. These are used to gain access credentials for accounts with administrative permissions. Once ...
Login Free 30-day Select Access Get full Access4.2 Phishing attacks
The most prevalent source of system compromises these days is via phishing. There are multiple ways a hacker can steal credentials: email, phone call, ...
Login Free 30-day Select Access Get full Access4.3 Man-in-the-Middle attacks
Plant automation environments are susceptible to MIM attacks either between the control system and the SCADA system, or more likely, between the RTUs ...
Login Free 30-day Select Access Get full Access4.4 Network Monitoring
One of the most promising technologies coming on the market is behavioral analytics which provides dynamic network monitoring for out-of-pattern event ...
Login Free 30-day Select Access Get full Access4.5 Managing Devices
There are multiple levels within an industrial computer system that require access control:
- SCADA systems – as noted above, access to systems th ...
4.6 Antimalware protection
Malware infestation should be extremely unlikely in an ICS because system components are typically behind firewalls and any removable media device por ...
Login Free 30-day Select Access Get full Access4.7 Security Analytics
One very promising technology these days is the security analytics solutions that can quickly identify any anomaly in system operation or network traf ...
Login Free 30-day Select Access Get full Access5 Recommendations
It is recommended that a strategic view be conducted to ensure that plant automation systems are accurately identified as critical components of an or ...
Login Free 30-day Select Access Get full Access