Secure IACS projects by design, not default

The concept of a MAC (Main Automation Contractor) required vendors to become involved in the project lifecycle earlier to influence key decisions when they can provide the greatest impact to both cost and overall functionality of the solution. Many of the leading IACS (Industrial Automation and Control Systems) vendors make great effort to secure their systems’ core components eg the system server, human-machine-interface, communication channels between these nodes and the various process and safety controllers. However they do not always do enough to secure the underlying platforms and file structures. The less obvious nodes susceptible to a cyber attack are the ancillary application platforms that are typically added to an integrated IACS architecture to address the expanded scope of supply.

  • Tomorrow’s MAC will emphasise the fact that their delivered IACS is ‘Secure by Design” rather than ‘Secure by Default’.
  • MAC will begin to treat security in much the same manner as they treat health, safety, and environmental (HSE) issues.
  • Security controls and practices will become an influence in the buying process, rather than simply selecting IACS components based on price alone.
  • The MAC will leverage existing best practices to make more informed decisions relating to the automation system components.
  • MAC will actively promote industry-specific security certifications, registrations, etc, for individuals as well as for components used in the overall IACS solution.

Take note

  • Automation and control systems can be subjected to security breaches.
  • System security will have to be treated in the same way as health, safety and environmental issues.
  • New systems will have to be secure by design – not default.

Published as: Cyber security and execution of automation projects

By J Langill, SCADAhacker, Electricity+Control, February 2012 (pgs 16 – 21)