1661898692490 Emex09 Securitybutton

Cybersecurity Threats Are Everywhere

Oct. 1, 2009
Emerson Explains the Need for Continuously Updated Layers of Cybersecurity Protection

Don't worry about an isolated cybersecurity attack on your network. Worry about keeping your network safe from the cloud of threats that is out there every second of every day.

"Threats are everywhere," said Bob Huba, Emerson product manager. "You need a multi-level defense. I like to use the analogy that this is like water. If you have a leak, it finds its way. It's floating around out there. You never really clean up the Internet. You just keep yourself clear from infection."

At the 2009 Emerson Global Users Exchange this week in Orlando, Fla., Huba shared an overview of DeltaV cybersecurity solutions and how to use a familiar plant model for implementing a process control cybersecurity program.

"The life of your most recent cybersecurity action is measured in days, because there's always something new—the next conflict or the next Sasser worm." Emerson's Bob Huba explained the need for dynamic, continuously updated layers of cybersecurity protection."Security is about ensuring business continuity, and that is achieved best by developing a unified defense-in-depth strategy and architecture that can defend against myriad possible business interruptions," explained Huba.

What is a defense-in-depth strategy?

Huba uses a physical example. "If you remember the television show, ‘Hogan's Heroes,' you remember the two fences and the guard dogs," he explained. "Defense-in-depth means you have more than one fence. You put in a firewall or bury your system deep within your network. You try to create barriers in an ‘onion' strategy. And, assuming those aren't perfect, you put things inside the system, such as antivirus programs and make sure your patches are in place."

Security also encompasses the little things such as making sure everybody has passwords, even internally, and turning off USB ports and floppy drives to ensure they're not accessible. "Create more barriers," said Huba. "Most security problems happen accidentally. You bring in a USB stick with something on it and infect your computer."

Huba also recommended "white listing," by which you set up the system so that only allowed programs will run, and malware will not even start.

"One of the things about DeltaV is it's designed from the beginning to be secure," said Huba. "When we developed it 13 years ago, we knew it had to be a segmented system from the plant for robustness and security. Thirteen years ago, we knew security was there, but it wasn't a big deal. A big part of security is making sure your systems are segmented with edge protection and security. It is not an extension of a plant LAN."

The industry often confuses these control systems and wants to treat them like nothing more than an information system, a plant LAN, explained Huba. "That's an inappropriate model for a control system," he said. "If a process control system, as opposed to a factory automation system, is going to be managed by the classic IT department, they need to understand that it's a different animal. We have a built-for-purpose Ethernet system. DeltaV treats itself in a very secure, robust manner."

Since security threats are constantly evolving, end users need to develop and implement multiple domain-by-domain protection plans.

While there are parallels between cybersecurity and safety management programs, cybersecurity can be more daunting because of its dynamic nature. "You put in antivirus software, and its life is measured in days, because there's always something new—the next conflict or the next Sasser worm," Huba added. "It's constantly evolving, and the management on the security side is much more complex and onerous than it is on the safety side."

Sponsored Recommendations

Measurement instrumentation for improving hydrogen storage and transport

Hydrogen provides a decarbonization opportunity. Learn more about maximizing the potential of hydrogen.

Get Hands-On Training in Emerson's Interactive Plant Environment

Enhance the training experience and increase retention by training hands-on in Emerson's Interactive Plant Environment. Build skills here so you have them where and when it matters...

Learn About: Micro Motion™ 4700 Config I/O Coriolis Transmitter

An Advanced Transmitter that Expands Connectivity

Learn about: Micro Motion G-Series Coriolis Flow and Density Meters

The Micro Motion G-Series is designed to help you access the benefits of Coriolis technology even when available space is limited.