Control system security: Interacting with IT
Topics addressed in the White Paper include:
Priorities and Consequences
The focus for IT in planning security can be summarized as CIA Confidentiality, Integrity and Availability.
The IT View
IT security staff get involved with control system security either because they are consulted by operations or because they learn that a plant is planning to install a control system security product. In either case, the first reaction from IT is to look at the problem as an extension of the enterprise security problem.
The Control View
From an operations perspective, security is a subset of the larger problem of maintaining the availability and integrity of the control system in simple terms, keeping the network equipment, control computers and control software operating at peak efficiency.
Conclusions and Recommendations
Many organizations have not made a conscious decision about who owns security of operational systems . Either no one wants the responsibility or both operations and IT claim ownership of it. Neither approach is efficient or effective. Given their specialized nature and potentially severe consequences of a breach, ultimate responsibility for security of operational systems must reside at a senior (e.g. VP of Manufacturing or Operations) level in the company.
To view the entire White Paper on Control Systems Security, click on the download button below.