Just as cybersecurity is one of the toughest challenges for process control engineers, it's also the toughest topic that Control covers. This is because users, integrators and suppliers—already skittish about revealing details about innovations—don't want to also call attention to their cybersecurity practices because they fear it will make them a target for cyber intrusions and attacks. This is slightly irrational because describing security procedures isn't like revealing passwords, but most process users and organizations understandably don't want to take unnecessary chances.
Because input on cybersecurity strategies and best practices is so hard to find, we research and gather input from the few brave individuals and companies willing to provide some advice and encouragement to others on securing process controls, networks and applications. Coincidentally, the ongoing research required to report on cybersecurity is very similar to the constant vigilance required to protect process applications and networks.
There's no "set it and forget it." Just like brushing teeth, washing dishes, personal hygiene, parenting, farming, painting large bridges and many other jobs, these tasks are never over. This realization can be a little depressing at first, but taking a philosophical view and altering one's perspective about them can be very helpful. Personally, I'm encouraged by electronic music duo Daft Punk and their well-known "Harder, better, faster, stronger" song, including their concert renditions and fan-made versions like "Daft hands" and "Daft bodies" that have become even more famous.
Because process applications must be constantly monitored and related network traffic must be continuously evaluated, any useful cybersecurity tools and techniques are more than welcome. Many of the best of these are coming to the operations technology (OT) side from information technology (IT), which has been developing and applying cybersecurity tools for many years longer than their industrial counterparts. One particularly bountiful source of cybersecurity tools and solutions will be available at the Process Solutions User Group (PSUG,) on Nov. 7-8 and the Automation Fair event on Nov. 9-10, both at the GeorgiaWorldCongressCenter in Atlanta.
Just in case you're going or considering it, here are some of the cybersecurity sessions that will be presented at PSUG and Automation Fair:
Process Solutions User Group
- "The importance of functional safety, alarms and cybersecurity for safety instrumented Systems" (TS18) at 9 a.m. on Tues., Nov 8. Steve Gandy, vice president, global business development, exida Consulting, will outline the importance of combining well-designed safety instrumented systems (SIS) protected against vulnerabilities with rationalized alarms that direct operators to bring processes to a safe state.
- "Providing Huhtamaki with ICS cybersecurity using defense in depth" (CS19) at 10:15 a.m. on Tues., Nov. 8. Stewart Whitlow, manufacturing systems manager, Huhtamaki Inc., and Larry Grate, director of technology, Premier System Integrators, will show they began a multi-year, multi-site rollout of a defense-in-depth strategy leveraging a PlantPAx DCS, EtherNet/IP, visualization, SonicWall, Juniper, and EMC2 hardware to reduce risk and improve network availability.
- "Ask the experts—networks/security—IT and OT (E02) at 2 p.m. on Tues., Nov 8. Panel discussion with Kris Dornan, business development manager, Rockwell Automation; Divya Venkataraman, product manager, Rockwell Automation; Brian Wisniewski, manager, engineering security, Rockwell Automation, Larry Grate, director of technology, Premier System Integrators; Bob Wetter, director of instrument, electrical and computer engineering, Archer Daniels Midland; and Vaughn Eisler, business development manager for IoT, Symantec Corp.
- "Interstates Control Systems: cybersecurity in manufacturing" (T20, B311) at 2 p.m. on Wed., Nov. 9, and Thurs., Nov.10. Interstates experts will discuss cybersecurity frameworks (NIST, IEC 62442, etc) along with techniques and technologies for meeting these challenges.
- "Owl Computing Technologies: Data Diodes Strategies for Industrial Control System Cybersecurity" (T44, B315) at 9 a.m. on Wed., Nov. 9, and Thurs., Nov.10. Data diodes is one of the key elements in the U.S. Dept. of Homeland Security's new whitepaper documenting seven strategies for preventing 98% of reported cyberattacks against industrial control networks. This session covers beneﬁts of defending control networks with data diodes and how they support all seven cybersecurity strategies.
- "Symantec Corp.: the cybersecurity war in the industrial sector (T45, B315) at 10 a.m. on Wed., Nov. 9, and Thurs., Nov.10. In this session Symantec will explore cyber attacks and their methods and motivations. Avoidance and mitigation strategies using endpoint security will be discussed.
- "Innovative network infrastructure and security solutions for the connected enterprise (T90, B408) at 11 a.m. Wed., Nov. 9, and Thurs., Nov.10. This session will show how to manage network infrastructures, software and cybersecurity, as well as leverage technology and scalable services to monitor networks, manage software, perform patch management, and back up and manage user accesses and authorization.