Advance network security, support system monitoring

Cyber security: Applications can improve power reliability and reduce energy costs by advancing network security and supporting system monitoring. Allowing network access raises cyber security concerns. Five defense-in-depth measures can help.
By Marty Aaron and Rick Schear April 20, 2015

Mapping networked assets and practicing defense-in-depth strategies can lower the risk of cyber security intrusion, while allowing access to important information, such as energy use. Courtesy: EatonTo make intelligent power management decisions that reduce energy consumption and improve power reliability, it is critical to monitor and understand how power is used, day after day, year after year, although collecting and accessing that information can introduce cyber security concerns.

Does it matter if historical electrical consumption for a facility gets in the hands of the "wrong people"? Probably not. Simply having access to energy usage data may not be exceptionally meaningful or problematic. However, monitoring is used to gain access to equipment to prevent downtime, and see system parameters and diagnostics, creating a risk of unauthorized information access or providing unintended access to equipment operations and settings to unauthorized users.

Therefore, it is necessary to understand that the main focus of the industrial control’s network is safety, availability, and integrity of data, and the industrial control system (ICS) security protects the facility’s ability to safely and securely operate, regardless of what may befall the rest of the network. 

5 defense-in-depth tips

"Defense in depth" is a strategy to establish variable barriers across multiple levels in the organization to secure the ICS. These barriers include electronic countermeasures such as:

  1. Establish firewalls to add stringent and multifaceted rules for communication between various network segments and zones in the ICS network.
  2. Create demilitarized zones from the established firewall by grouping critical components and isolating them from the traditional business IT network.
  3. Deploy intrusion detection and prevention systems that focus on identifying possible incidents in an ICS network.
  4. Establish well-documented and continuously reviewed policies, procedures, standards, and guidelines regarding IC network security.
  5. Implement continuous assessment and security training to ensure the security of the ICS and the safety of the people who depend on it.

– Marty Aaron is product line manager, and Rick Schear is a product manager at Eaton; edited by Mark T. Hoske, content manager, CFE Media, Control Engineering, mhoske@cfemedia.com.

ONLINE extra

www.eaton.com

See the Control Engineering cyber security page