This page contains a Flash digital edition of a book.
28 INSTRUMENTATION/ELECTRONICS





present a risk, and the extensive networking used in production plants today means that numerous machines can be infected once security has been breached on one machine. If a machine is connected to the Internet, it is not unknown for machine operators to visit websites that they should not, which can lead to malware being downloaded. Even websites that can be accessed legitimately can become infected, resulting in the user’s machine having malware installed. If a machine runs an email client, this presents another possible means of infection. A further threat comes from hacking, though IPS


(Invensys Process Systems), which is active in the field of cyber security for industrial systems, says that the available information does not indicate that hacking poses the greatest threat – at least not today. A much more likely scenario is for a control system to be infected and impacted by some form of malicious code, be it a virus, worm or Trojan.


Preventative measures


Fortunately there are measures that can be taken to reduce the risks. Norman Data Defense Systems, mentioned earlier, launched Norman Smartsuite for Manufacturing in July 2008, describing it as a comprehensive software-based system to protect manufacturers’ plant and process systems against new and unknown malware and spyware attacks. David Robinson, country manager for Norman UK,


states: “The consequences of a security breach – such as the plant floor becoming infected by a worm or Trojan, for example – can be far-reaching and extremely costly. This could include production disruptions, loss of data, health and safety issues, and damage to the company’s reputation. Norman Smartsuite for Manufacturing has been designed to offer maximum protection against malware threats without adversely affecting the real-time systems operating in production sites across the globe.” Norman Smartsuite for Manufacturing comprises


four modules: Norman Network Protection (NNP); Norman Sandbox Analyzer; Norman Virus Control; and Norman Malware Cleaner. NNP is a real-time anti-malware scanner that can be installed at various points through the network or between network segments. Incorporated within NNP, Norman Sandbox Analyzer allows users to analyse automatically the file behaviour and actual actions performed by suspicious files. As part of the Smartsuite for Manufacturing licence, Norman Virus Control can be installed on desktops, laptops, servers and terminal servers. In addition to covering the majority of current operating systems, Norman Virus Control is compatible with older operating systems still commonly deployed in manufacturing plants, including Windows 98, 2000 and NT (Fig. 1). Finally, the Norman Malware Cleaner utility can detect and clean specific malicious code. The program will effectively clean an infected system completely by killing infected running processes,


removing infections from disks (including ActiveX components and browser helper objects), reveal and remove rootkits, restore correct registry values, remove references created by malware and remove Windows firewall rules for malicious programs.


Appropriate measures


Rather than attempting to produce a set of software tools that users can install, IPS has formed a dedicated team with specialist skills in security, control systems, IT and networking. The company believes that cross-discipline skills are vital to meet the needs of the modern industrial control systems environment, with its increasing use of IT and networking technologies. IPS says its security team works with clients and also internally within IPS to improve security in products while maintaining the required functionality. IPS is involved in numerous security-related activities


across the control systems industry. It is an active participant in industry security standards groups and information-sharing initiatives, such as ISA S99, ISCI (ISA Security Compliance Institute) and the Process Control Systems Forum (PCSF), as well as other groups. These provide the opportunity for greater understanding, knowledge transfer and sharing of expertise and information. Many countries now have Critical National Infrastructure initiatives and IPS plays its part by working with Governments. Nevertheless, IPS recognises the value of teamwork and has partnered with Integralis, a leading global security management provider. Using Integralis’ expertise and global view provides direct benefits to help with quickly changing threats and vulnerabilities. IPS has developed its security approach in line with


industry best practice and its own specialist knowledge, basing it on five principles:


n View security from both management and technical perspectives.


n Ensure security is addressed from both an IT and control system perspective.


n Design and develop multiple layers of network, system and application security.


n Ensure industry, regulatory and international standards are taken into account.


n Prevention is critical in plant control systems, supported by detection.


For the third point above, the company recommends a ‘defence in depth’ approach to designing and implementing measures to mitigate security vulnerabilities and threats. In this layered approach, different strategies are adopted for addressing security risks in the data centre, plant network, controls network and field I/O zones. This includes a perimeter firewall between the data centre zone and the Internet, an Internet firewall to protect the plant network zone, and a controls network firewall to protect the controls network zone.


www.engineerlive.com


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44  |  Page 45  |  Page 46  |  Page 47  |  Page 48  |  Page 49  |  Page 50  |  Page 51  |  Page 52  |  Page 53  |  Page 54  |  Page 55  |  Page 56  |  Page 57  |  Page 58  |  Page 59  |  Page 60  |  Page 61  |  Page 62  |  Page 63  |  Page 64  |  Page 65  |  Page 66  |  Page 67  |  Page 68  |  Page 69  |  Page 70  |  Page 71  |  Page 72  |  Page 73  |  Page 74  |  Page 75  |  Page 76  |  Page 77  |  Page 78  |  Page 79  |  Page 80  |  Page 81  |  Page 82  |  Page 83  |  Page 84