![]() ![]() However, all traffic from them must pass through the Internet security boundary to access the Internet. Because access between these subnets is usually required, security between them is typically limited. Inside this boundary, the remainder of the IT network is segmented into subnets that are generally aligned with organizational and geographical boundaries. It is not uncommon to see sophisticated firewalls, proxy servers, intrusion detection/prevention devices, and other protective mechanisms at the boundary with the Internet. As a result, access controls and protection from the Internet is a primary focus of IT network security. ![]() IT systems are usually composed of interconnected subnets (short for “subnetworks”) with some level of Internet connectivity. ![]() The first difference encountered when connecting ICS and IT systems is how they are segmented and protected. This isolation is the topic of difference #2. ![]() One of the consequences of industrial control systems focusing on the production process is that ICS security is implemented using a comprehensive set of defense-in-depth layers to isolate the ICS and the physical process from the plant IT system. Examples of threats to production integrity include those that degrade production, cause loss of view/control, damage production equipment, or result in possible safety issues. Protection of information is still important, but loss of production translates into an immediate loss of income. In contrast, the main cybersecurity objective of an ICS is to maintain the integrity of its production process and the availability of its components. Plant IT systems are business systems whose primary cybersecurity objective is to protect data (confidentiality). One of the biggest differences between ICS and plant IT security is the main security objective of each. It is important that IT and ICS professionals jointly understand the following top ten differences and develop workable security solutions that benefit the whole organization. This article discusses how industrial control systems differ from IT systems as they relate to cybersecurity. As a result, it is not uncommon for security to be handled differently among the various industrial control systems in a plant. In addition, plants often have multiple production processes and industrial control systems, and some are naturally more critical than others. Unfortunately, not all IT security solutions are suitable for industrial control systems because of fundamental differences between ICS and IT systems. The introduction of Ethernet and Microsoft Windows into industrial control systems in the mid-1990s, followed by the development of OPC interfaces, greatly simplified this problem, but at the cost of exposing the ICS to security threats previously known only to IT systems.įurther, with the rapid increase of attacks on industrial systems in the past few years, chief information officers are often held responsible for cybersecurity for the entire plant, including their industrial control systems. In the past, because industrial control systems used proprietary hardware and software, this interconnection focused primarily on just being able to communicate. Not surprisingly, these different perspectives often lead to conflicts when connecting an ICS to the plant’s IT system. In many, if not most plants with industrial control systems (ICS), ICS engineers and their internal information technology (IT) counterparts have very different perspectives on cybersecurity. This post was written by by Lee Neitzel, senior engineer at Emerson Automation Solutions and Bob Huba, system security architect at Emerson. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |