This page contains a Flash digital edition of a book.
Computer Solutions


computers, servers, operating systems, applications and control systems. It is also important not to overlook the human element, associated policies, procedures and the personnel involved. Role-based access control should be implemented to


ensure that only authorised persons have access to the required systems. Resilient network architectures should be designed, with a DMZ (demilitarised zone, or perimeter network) that separates the enterprise and manufacturing networks. The operating system and software installations should also be current and validated with the control system hardware and software vendors. Furthermore, patches for both the operating system and


application software should be kept up to date, but these must also be validated and tested on non-production systems to avoid unscheduled stoppages.


Comapny guides


Advice on best practice is available from many sources, including ISA 99, Industrial Automation and Control Systems Security, which is the first standard to cover industrial controls system security. Vendors such as Siemens, Rockwell Automation, Cisco and Mitsubishi Electric have also produced guides to security and networking. Siemens’ white paper Security concept PCS 7 and WinCC - Basic document provides a set of recommendations for creating secure networks for plants, with the aim of facilitating co-operation between IT administrators and control engineers. Cisco provides an overview of threats to manufacturing


networks and a solution based on the ISA 99 standard in a white paper Cisco Ethernet to the Factory Solution: Securing Today’s Global Networks in Industrial Environments. This is


expanded upon in the Converged Plantwide Ethernet (CPwE) Design and Implementation Guide published jointly by Cisco and Rockwell Automation. More recently, Mitsubishi has published a white paper Security - Tackling Emerging Threats to Manufacturing and Process Control, in which it argues that there are security benefits in using control systems based on PLCs rather than PCs.


Fig. 3. Innominate’s mGuard technology protects against new vulnerabilities that would not be detected immediately by antivirus software.


Portable memory


One of the infection routes used by Stuxnet was USB memory sticks, and these devices have also been known to spread other malware.


An interesting solution to


this problem, aimed at OEMs requiring secure transfer of data, is the Ruggedrive memory tokens and receptacles from Datakey Electronics (Fig. 2). These are physically daifferent from consumer USB memory sticks to provide a base level of protection. From a customer perspective,


an alternative approach might be to issue company USB memory and control its usage, while ensuring that each device is scanned for malware prior to use on control systems. With Windows Group


Policies, it is possible to prohibit USB memory use, or permit the use of just a particular brand and type. Applications are also


Fig. 2. Ruggedrive memory tokens from Datakey Electronics provide a level of protection by being physically different from consumer USB memory sticks.


64 www.engineerlive.com


available to disable the Windows auto-run feature on DVDs and USB memory. More


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44  |  Page 45  |  Page 46  |  Page 47  |  Page 48  |  Page 49  |  Page 50  |  Page 51  |  Page 52  |  Page 53  |  Page 54  |  Page 55  |  Page 56  |  Page 57  |  Page 58  |  Page 59  |  Page 60  |  Page 61  |  Page 62  |  Page 63  |  Page 64  |  Page 65  |  Page 66  |  Page 67  |  Page 68