Control system security: Interacting with IT

Security of a company’s computing assets is a key concern in today’s world of viruses, worms, hackers and terrorists. This White Paper, By Ron Derynck, Director of Product Strategies for Verano, notes that security is an on-going process because threats and vulnerabilities are constantly evolving. The paper maintains that working together is the best way to ensure the health, availability, integrity and security of mission-critical control networks.

Topics addressed in the White Paper include:
Priorities and Consequences
The focus for IT in planning security can be summarized as CIA – Confidentiality, Integrity and Availability.

The IT View
IT security staff get involved with control system security either because they are consulted by operations or because they learn that a plant is planning to install a control system security product. In either case, the first reaction from IT is to look at the problem as an extension of the enterprise security problem.

The Control View
From an operations perspective, security is a subset of the larger problem of maintaining the availability and integrity of the control system – in simple terms, keeping the network equipment, control computers and control software operating at peak efficiency.

Conclusions and Recommendations
Many organizations have not made a conscious decision about who owns security of operational systems . Either no one wants the responsibility or both operations and IT claim ownership of it. Neither approach is efficient or effective. Given their specialized nature and potentially severe consequences of a breach, ultimate responsibility for security of operational systems must reside at a senior (e.g. VP of Manufacturing or Operations) level in the company.

To view the entire White Paper on Control Systems Security, click on the download button below.