The SANS citation declared that Invensys has demonstrated that vendors can take much of the pain, cost, and uncertainty out of securing process and SCADA systems. The award identified some Invensys practices, including rigorous pre-testing of operating system updates and software security patches, and additional enhancements such as providing anti-virus within its core distributed control system (DCS) product, that make security better, easier and less expensive for asset owners. These factors, according to SANS, can make the difference between asset owners “betting their system reliability” on security issues, and being able to operate with confidence that security measures have been built in to their control systems.
According to Ernest Rakaczky, program director of process control network security at Invensys Process Systems, vendors need to work closely with enterprise and process asset owners to secure the infrastructure. “We as vendors are controlling major plants,” he said. “That becomes a lifetime arrangement. This means that our security procedures and practices are intertwined with the business operations of our customers.”