This page contains a Flash digital edition of a book.
Plant Management


4As greater demands are placed on the process industry’s digital


infrastructure, threats to cyber security continue to grow. Sean Ottewell reports on one solution to ensure that automation and control products are certificated properly.


Cyber security


certification becomes a focus of process security


D


igital infrastructure is at the heart of all process activities these days. And while the industries involved may differ, they are all dependent on large-scale computer networks


such as industrial control systems (ICS), supervisory control and data acquisition (SCADA) systems, process control systems (PCS), or distributed control systems (DCS), to monitor, control, and safeguard their industrial operations. However, the demand for increasing connectivity between these has also brought security risks that if left alone could threaten the reliability and integrity of critical infrastructures. It was against this background that a small team


of internationally-recognised cyber security experts and industrial automation engineers founded Wurldtech in 2007 to create a suite of solutions specifically to help industrial stakeholders better identify and mitigate cyber security vulnerabilities in critical infrastructures.


Testing and remediation solutions


Today, Wurldtech counts some of the world’s largest industrial organisations as customers and continues to be recognised as the leading provider of cyber security testing and remediation solutions to critical infrastructure suppliers, system integrators and end-users worldwide. For example, Invensys Operations Management


(IOM) a global provider of technology systems, software solutions and consulting services to the manufacturing and infrastructure operations industries, has announced that its Foxboro I/A Series distributed control system (DCS) operator workstations have passed Wurldtech’s Achilles cyber security certification test. The testing was conducted on the Foxboro


I/A Series model P92 workstation for Windows hardware and I/A Series AW70 human machine interface (HMI) software for the Microsoft Windows XP operating system, including I/A Series FoxView, FoxAlert, Alarm Manager and System Manager applications. The I/A Series model P92 workstations are


the first host-based devices (HBD) to achieve this globally recognised benchmark for communications security and robustness and join a long list of other certified controller products that have achieved the Achilles certified designation, which IOM describes


16 www.engineerlive.com


as among the most recognised and respected for process automation, control and safety system robustness (Fig. 1). As proposed by the ISA99 security standard, an HBD is a general-purpose device running a general-purpose operating system capable of hosting one or more applications or data stores. Examples include HMIs, engineering workstations, historian servers and domain controllers. “End-users continually ask us how to evaluate


a vendor’s claims about product security,” said Tyler Williams, president of Wurldtech. “Here is a prime example of a vendor doing all the right things to ensure safe, secure and reliable industrial operations.” “Our customers demand the utmost in secure


process control systems,” said Ernie Rakaczky, IOM security programme manager. “The testing conducted using the Achilles test suite covers the most common cyber security threats. IOM has also embraced the underlying requirement of a well-established software development lifecycle that incorporates security fundamentally, and has also adopted Achilles certification as an integral part of our QA strategy. We see the certification of the Foxboro I/A Series operator workstations as another step toward helping our clients achieve safety and control excellence, and look forward to driving more of our products, applications and practice though a defined Achilles certification.” IOM also recommends that customers assess


their overall cyber security capabilities as part of an ongoing security and robustness programme for their computerised industrial systems.


Certified defences


Meanwhile Wind River, a world leader in embedded and mobile software, has announced that its VxWorks is the first real-time operating system to be certified under Wurldtech’s Achilles certification programme. This will enable Wind River’s customers in the process automation, power and energy, oil and gas, transportation, and medical market segments to deploy VxWorks with certified defences against cyber attacks. VxWorks meets the Achilles certification


conformance requirements at gigabit ethernet, passing both 100Mbit and 1GigE certifications, which are recognised by most industrial and medical manufacturers to defend control devices

Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36