Security across the Control System Lifecycle

by | May 13, 2011 | Control & Safety Systems, Cybersecurity, Services, Consulting & Training

Jim Cahill

Jim Cahill

Chief Blogger, Social Marketing Leader

Over at the Tofino Security blog is a post, PLC Security Risk: Controller Operating Systems. A question was posed to the blog’s author:

How could a hacker possibly attack an industrial controller like a PLC or SIS, since there is no operating system in these devices?

The post addressed the question with this answer:

Every RTU, PLC, SIS or DCS controller on the market today has a commercial operating system in it.

This post goes on to share the operating systems in the controllers of several automation systems, including the DeltaV system. The operating system listed for the DeltaV controller is not correct.

It’s always a good idea to check with your automation system supplier if you have questions about the technology-related components within your automation system.

I turned to Emerson’s cyber-security expert on the DeltaV team, Bob Huba for his thoughts on this post.

Bob stresses that it’s very important to include your control system supplier in security planning in order to develop and implement security plans that do not impact the robustness and availability required of the control system. Following “generic IT” security guidance can be problematic.

In an earlier post, With Security Comes Different Points of View, I shared several examples of how security for your plant systems and control systems should be viewed differently. Here’s one example:

…if an operator gets locked out and can’t immediately address a plant alarm condition, the results can be very different than if an accounts payable professional gets locked out from their workstation.

Each programmable logic controller (PLC), remote terminal unit (RTU), safety instrumented system (SIS), and distributed control system (DCS) has technologies, security best practices, and services to be a part of an overall security program to increase the robustness of the system. It’s important to work with the supplier to develop, execute, test, and maintain the program through the lifecycle of the system.

Much like the safety lifecycle we frequently discuss here, control system security is unfortunately not a “set and forget” activity, but rather an ongoing process that requires energy and focus to address. Here is where you can find more on DeltaV security and security-related services.

Podcast:

Follow Us

We invite you to follow us on Facebook, LinkedIn, Twitter and YouTube to stay up to date on the latest news, events and innovations that will help you face and solve your toughest challenges.

Do you want to reuse or translate content?

Just post a link to the entry and send us a quick note so we can share your work. Thank you very much.

Our Global Community

Emerson Exchange 365

The opinions expressed here are the personal opinions of the authors. Content published here is not read or approved by Emerson before it is posted and does not necessarily represent the views and opinions of Emerson.

PHP Code Snippets Powered By : XYZScripts.com