How to improve network security

There's no such thing as a 100% secure control system, but learning and understanding the risks associated with security standards, and how to mitigate them are a start. Check out this to-do list.



Fence Me In: Common Sense Security


Rich Clark, information security analyst at Wonderware, offers the following to-do list to help users increase the security of their plant-floor networks:


  • Understand that there’s no such thing as a 100% secure system, unless it’s buried in a vault, still in the box, unplugged, and unconfigured.
  • Educate operators to look for operational anomalies. These are usually the first indication that something is wrong.
  • Learn and understand the risks associated with security standard you’ve implemented, and how to mitigate them.
  • Get control system engineers and IT synchronized, and working in the same department.
  • Create polices and procedures that include an organizational tree, which describes mitigation and alert vectors to be used if a breach or threat is found.
  • Schedule risk analyses on an ongoing basis.
  • Incorporate change control into the above procedures.
  • Know who to contact and what to do in case of a breach or attack.
  • Create a single-point failure matrix.
  • Follow current industry guidance and Microsoft domain isolation guidance, which presently has a patch that to allow a mostly one-button setup in XP-2K3 systems, and will be included as a one-button setup in a Longhorn/Vista domain.
  • During critical junctures of possible attacks or potential threats, pulling the plug on the outside world can be effective if the control system can be reduced to a single point of access.
Show Comments
Hide Comments

Join the discussion

We welcome your thoughtful comments.
All comments will display your user name.

Want to participate in the discussion?

Register for free

Log in for complete access.


No one has commented on this page yet.

RSS feed for comments on this page | RSS feed for all comments