InTech

NOV-DEC 2017

Issue link: http://intechdigitalxp.isa.org/i/910561

Contents of this Issue

Navigation

Page 12 of 61

INTECH NOVEMBER/DECEMBER 2017 13 from the cybersecurity designs associ- ated with ISA-95 (Purdue Model) archi- tecture and the associated NIST special publication 800 cybersecurity designs. These designs are core building blocks in all types of automation system cy - bersecurity and undergo considerable reviews. Where necessary, improve - ments and updates are brought to the designs, and guidance is given in technology areas, such as communi - cations technologies (IT and, specifi- cally, wireless), which present multiple paths for data flow and Internet con - nectivity. Placing unidirectional data flow devices and systems; layering more software for malware detection, identification, and reporting; and es - tablishing firewalls and virtual private networks within the "zones and con - duits" constructs are noteworthy, but meeting with OT/IT/C-level individu - als from dozens of large manufactur- ing, processing, and utility companies reveals that the dependence on the In - ternet for business and manufacturing operations is entrenched in the OT/ IT architectures. Is it necessary to fur - ther examine automation communica- tion systems and associated business practices to decouple them—where possible—from a more traditional IT- centric architecture, with its rules and procedures, to a network architecture (both hardware topology and database hierarchy and structure) that is not bound by the operating principles and restrictions associated with the public Internet, but rather allows network- centric operations that the public In - ternet simply will not tolerate? Not only is the network (communica- tions, infrastructure, data) architecture intimately tied to cybersecurity, analy- ses are required to identify "critical" third parties (i.e., those who provide IT, ICT, or ICS systems critical for opera- tion and maintenance of the organiza- tion's automation system). Such supply chain risk management requires an in- terdisciplinary approach. Legal, IT, and procurement all must work together to first identify and locate the organiza- tion's most critical data or third-party connections that could be leveraged to gain unauthorized access into the provide a wide range of opportunities for the electricity industry to improve the efficiency and performance of the power grid. The same situation exists for manufacturing and industrial pro- cess systems. IoT allows organizations to collect data from sensors to improve resiliency, with utilization of the data enabling effective management of an organization's resources, so stakehold- ers can make informed decisions— again, in the electric sector, about pow er consumption and generation. IoT in this case refers to network con- nectivity and the embedding of sensors, actuators, software, electronics, and oth er devices to more efficiently collect and exchange data for controlling electricity flows. Of particular concern to utilities is the potential for cyber intrusions present - ed by smart, Web-connected devices. The Web connection may be via an IoT device with a cellular-based communications channel, thereby potentially bypassing the automation system's cy bersecurity efforts. The recent denial-of-service at - tacks brought to the general Internet by IoT devices, such as Web cam eras, bot- nets, and even smart toasters, ex emplify the need to continually examine imple - mented cybersecurity policies. Vulner- abilities reported in the fundamental underpinning of the IEEE 802.11i (Wi- Fi) standard and protocol amplify the need to reconsider existing cybersecure hard ware and software architectures. Aimed at a goal of "getting the electricity grid off the Internet," a DarkNet architec- ture and implementation minimizes—if not eliminates—the automation system's Internet connectivity. A situation similar to that present in energy delivery systems arises in the more general realm of automation COVER STORY Your Global Automation Partner M8 Ethernet Connectivity Turck's smallest Industrial Ethernet connectivity solution to date, with uncompromised functionality and the ability to transfer up to 100Mbps of data. Not suitable for repairing flimsy connectors (or your reputation). Call 1-800-544-7769 or visit info.turck.us/connectivity Rugged, reliable industrial automation products from Turck are built to perform in the toughest conditions, and our engineered solutions are customized to meet your application challenges. Cheap knock-offs can't compare. Turck works! Aimed at a goal of "getting the electricity grid off the Internet," a DarkNet archi- tecture and implementation minimizes—if not elimi- nates—the automation sys- tem's Internet connectivity.

Articles in this issue

Links on this page

Archives of this issue

view archives of InTech - NOV-DEC 2017