Security: To defend your control system perimeter, find it first

Is your control system integrated with IT networks more than you realize? Don't find out the hard way.

07/02/2008


One common security technique is putting firewalls at the perimeter of a control system. This is fine if you can figure out where the perimeter is. As one poor IT technician at a nuclear power plant discovered, the fence may not be where you think it is.

The fact that this incident occurred at the Hatch nuclear power plant probably makes it more interesting, but maybe the same thing could happen at your company. Here’s the story: Last March, a technician was installing a software update on a computer that was considered part of the plant’s business network. Finishing the installation involved a reboot, as is typical. The technician knew that the updated computer was connected to the primary control system, but he didn’t realize how fully integrated the two networks were. When the business computer rebooted, alarms sounded and the reactor went into emergency shutdown. Oops.

What no one seemed to realize was that the control system and this business system computer were configured to synchronize data. The control system saw the interruption of data as a sudden loss of water in the cooling system. Automated safety systems did what they were supposed to do and triggered an emergency shutdown. ( Read a more detailed account of the incident .) The control software could have been written to avoid that problem (and probably has been rewritten by now), but that’s not really the issue. The lesson is that systems like this in a plant may be more integrated than you realize, and the line between control system and business system can be blurry.

If you are basing your security architecture on trying to protect the perimeter of your control system, this situation should remind you that drawing the boundary line precisely can be tricky. The frontier is anywhere somebody can get in. That can include points where the business system interconnects, assuming you can find them all. Hopefully you won’t do it the hard way like the poor guy at Hatch. You might also find something like a dial-up modem that was added a few years ago to provide access for a contractor. You might have forgotten that it’s even there, but a hacker scanning all the phone numbers at your company might just find it. Keep an eye on your fences, and watch those reboots.

—Peter Welander, process industries editor, PWelander@cfemedia.com ,
Process & Advanced Control Monthly
Register here and scroll down to select your choice of free eNewsletters .





No comments
The Engineers' Choice Awards highlight some of the best new control, instrumentation and automation products as chosen by...
The System Integrator Giants program lists the top 100 system integrators among companies listed in CFE Media's Global System Integrator Database.
The Engineering Leaders Under 40 program identifies and gives recognition to young engineers who...
This eGuide illustrates solutions, applications and benefits of machine vision systems.
Learn how to increase device reliability in harsh environments and decrease unplanned system downtime.
This eGuide contains a series of articles and videos that considers theoretical and practical; immediate needs and a look into the future.
Big Data and IIoT value; Monitoring Big Data; Robotics safety standards and programming; Learning about PID
Motor specification guidelines; Understanding multivariable control; Improving a safety instrumented system; 2017 Engineers' Choice Award Winners
Selecting the best controller from several viewpoints; System integrator advice for the IIoT; TSN and real-time Ethernet; Questions to ask when selecting a VFD; Action items for an aging PLC/DCS
This digital report will explore several aspects of how IIoT will transform manufacturing in the coming years.
Motion control advances and solutions can help with machine control, automated control on assembly lines, integration of robotics and automation, and machine safety.
This article collection contains several articles on the Industrial Internet of Things (IIoT) and how it is transforming manufacturing.

Find and connect with the most suitable service provider for your unique application. Start searching the Global System Integrator Database Now!

Future of oil and gas projects; Reservoir models; The importance of SCADA to oil and gas
Big Data and bigger solutions; Tablet technologies; SCADA developments
SCADA at the junction, Managing risk through maintenance, Moving at the speed of data
Automation Engineer; Wood Group
System Integrator; Cross Integrated Systems Group
Jose S. Vasquez, Jr.
Fire & Life Safety Engineer; Technip USA Inc.
click me