Control System Protection

Control System Protection

The reality of today is that all major processes in industrial facilities are digitally controlled through PLCs, DCSs, or specialized controllers.  These controllers all communicate on the plant network, and this network is in some way linked to the outside world.  This link is critical for businesses to fully leverage the information available, but it creates a way for the industrial system to be infiltrated from anywhere in the world.

Proper protection of industrial networks is simply part of the job now, similar to protections businesses have been taking on their business networks for years.  US organizations such as ISA, ISO, NERC, NIST, and NEI provide requirements for industrial facilities to protect their systems.  Complete industries are dedicated to strengthening and protecting networks of all types of businesses.

There are many key differences between business networks and industrial networks:

  1. Different hardware
  2. Different software
  3. Different communication protocols
  4. Different operating and reliability concerns

Threats exist to even simple instruments and controls in an industrial process.  Individuals setting up and maintaining security on industrial networks need to have a detailed knowledge of the unique elements in an industrial network, need to understand the threats from unauthorized access to these systems, and need to understand how to use standard network hardware and software applications on these types of systems to improve facility security without threatening the industrial process.

As Industrial and Automation Control Systems experts who are also experts in network security, Ready is uniquely qualified to help you extend your network security beyond your business network to your industrial network.  In addition to specification and implementation of security controls such as physical security, network firewalling, host hardening, and disaster planning/recovery, Ready can implement vendor-neutral Security Information and Event Monitoring (SIEM), Network Intrusion Detection Systems (NIDS), and Host Intrusion Detection Systems (HIDS).  We also identify suitable network segregation architectures and assist with configuration management, change control, and document control specialized for the plant process control environment.

Ready has supported many facilities in their critical strides to implement the North American Energy Reliability Corporation’s Critical Infrastructure Protection (NERC-CIP) standards and we have familiarity with other less common standards such as ISA/IEC-62443 (formerly ISA-99). As plants respond to evolving Nuclear Regulatory Commission (NRC) requirements, Ready has also supported facilities with the implementation of the Nuclear Energy Institute’s (NEI) standards.

Ready can provide support with all phases of your program, including:

  • Interpretation of industry requirements and standards
  • Development of cybersecurity plans, policies, work instructions, and records.
  • Identification and categorization of devices including critical digital assets (CDAs), along with threat, risk, and vulnerability assessments.
  • Security management controls, intrusion detection, system hardening, defense-in-depth, physical security, information protection and backup communication systems design.
  • Threat propagation path control and network segregation (including data diodes)
  • Configuration management, change control, and document control
  • Contingency plans, backup and recovery, disaster recovery
  • Testing and audits
  • Incident reporting and corrective action
  • Personnel risk management and user access control
  • Security awareness and training

Please contact us to see what we can do for you.

Jeff Wilson
 
Jeff Wilson, P.Eng.
Manager, Control Systems
877.892.9104 x126
Tyler BennettTyler Bennett, P.Eng.
Manager, Industrial Information Systems
877.892.9104 x132