Plant Management
managing all aspects of today’s industrial control system networks,” Lippin added. Comprised of network and security-certified professionals,
the Industrial IT Solutions group focuses on four key activities: assessing a plant’s assets against industry standards, regulatory requirements and best practices; remediating issues identified in the assessment phase with a custom-designed programme; managing the plant’s industrial IT investment with support, training, and services such as network security administration, anti-virus management, and patch management; and maintaining the plant’s solutions through programmes such as performance and security monitoring, change management, monthly status reporting, etc. For its part, Invensys Operations Management (IOM)
addresses compliance and cyber security challenges from analysis through to implementation and management. This begins with expert consulting, followed by the creation of an overall cyber security plan and remediation strategy encompassing processes, procedures, people, products, networks and applications. IOM says its solution is unique because it provides cyber
security compliance for critical infrastructure, and also integrates seamlessly between manufacturing operations and corporate IT networks. Key capabilities here include: compliance with information security, physical security and business continuity; compliance with industry, regulatory, international and internal corporate standards; security experts with a regional and global understanding of current requirements and constraints; government and regulatory understanding and involvement; network design, optimisation and security implementation. According to IOM, this approach brings a raft of key
benefits such as: hardware independence: cyber security compliant solutions works on any vendor’s control systems and any type of security technology; regulation knowledge: thorough understanding of all relevant regulations. Siemens says it is one of the very few companies with an
in-house private cyber emergency response team (CERT) that can help process companies achieve North American Electric Reliability Council (NERC) critical infrastructure protection
Security solutions
N
ew from Emerson is a tie-up with NitroSecurity to further enhance the security of its Ovation system while also helping to reduce the costs associated with the evolving North American Electric Reliability Corporation (NERC) critical infrastructure protection (CIP) standards compliance. This relationship adds security information and event management (SIEM), which provides continuous electronic access monitoring (CIP-005) and security status monitoring (CIP-007). It also adds an intrusion prevention system (IPS) (CIP-005) and log collection,
Fig. 1. Some Siemens control systems are already delivered NERC CIP ready.
The process includes evaluating current control systems, and related cyber systems to assess whether they meet the controls relevant CIP-005, 007 and 009 sections. These sections can be addressed separately from the overall assessment. Following the assessment, Siemens provides a
detailed report documenting all the findings. Customised recommendations also will be offered to improve and enhance cyber security in order to meet and maintain NERC CIP compliance. Many of Siemens power plant automation (SPPA) systems
are designed with enhanced security configurations and architecture to meet NERC CIP standards. For example the innovative SPPA-T3000 control system is delivered ‘NERC CIP Ready’ (Fig. 1). l
storage, and management (CIP-005). These capabilities add to the Ovation Security Centre (OSC)’s user management, DMZ router/firewall, antivirus defence, vulnerability scan and patch management, malware prevention, security patch validation, virus signature validation, security advisories, security assessment, technical feasibility exception (TFE) support, and ports and services documents. Rockwell Automation’s security taskforce has
dealt with two security vulnerabilities uncovered earlier in 2012. The first were discovered in the Allen-Bradley ControlLogix L5561, 1756-ENBT module and MicroLogix 1100 controller and security advisories were immediately released about them. The company then learned of two previously unknown security vulnerabilities in the
RNADiagReceiver.exe service of the FactoryTalk Services Platform (FTSP). An advisory has also been added to the Rockwell Automation Security Advisory Index about this. “We recognise that with every advisory, new concerns are raised about control system security risks and their susceptibility to both accidental and malicious threats. For this reason, we continue to invest in our products, systems and services to help you protect what is important to you. We also continue to maintain our close working relationships with reputable agencies and the industrial security research community at large. Through these actions and practices, we remain committed to helping you and the automation industry recognise and remediate contemporary security risks,” says the company. l
www.engineerlive.com 17
(CIP). Its on-site cyber security and NERC CIP assessments are designed to help users identify any existing security vulnerabilities in control systems, related IT infrastructures and beyond. Together with its cyber security alliance partners, the
company provides comprehensive security audits to assess compliance with NERC CIP-002 through CIP-009.
Page 1 |
Page 2 |
Page 3 |
Page 4 |
Page 5 |
Page 6 |
Page 7 |
Page 8 |
Page 9 |
Page 10 |
Page 11 |
Page 12 |
Page 13 |
Page 14 |
Page 15 |
Page 16 |
Page 17 |
Page 18 |
Page 19 |
Page 20 |
Page 21 |
Page 22 |
Page 23 |
Page 24 |
Page 25 |
Page 26 |
Page 27 |
Page 28 |
Page 29 |
Page 30 |
Page 31 |
Page 32 |
Page 33 |
Page 34 |
Page 35 |
Page 36