Table of Contents
Objective
After you have completed this chapter you should:
Understand and know the similarities and the differences between IT and control systems
Understand the common vulnerabilities and threats that are found in IT systems and how they affect control systems
Understand the relationship between security and reliability
Understand how to analyze security risks and eliminate attack vectors
Know how to harden a control system
Understand how to monitor and manage security
Understand the role of firewalls, intrusion detection systems and antivirus in protecting a control system
Understand encryption and authentication technologies and know where to deploy them
Understand the security risks associated with wireless systems and how to mitigate them
Modern industrial control systems are implemented on commercial Information Technology (IT) platforms. The technical challenges that face the IT industry with regard to reliability and security are, therefore, also challenges encountered in control systems. Although the challenges may be similar in nature due to the common technological building blocks, there are fundamental differences between control systems and IT systems that require a different approach in the way that reliability and security is achieved and sustained.
It has become common practice to adopt security solutions from the IT industry in control systems without due consideration for technical merits or the appropriateness of those solutions. Elaborate or complex security systems may, in fact, degrade the reliability and performance of a control system. It is important that control systems are engineered and managed with reliability and security as a primary objective. In the fast majority of implementations, reliability and security can be achieved through a thorough understanding of the basics principles of IT security combined with good engineering practice in the design, implementation and management of those principles.