The need to isolate control systems from corporate networks

Jan. 8, 2013
The November/December 2012 issue of ISA's Intech magazine has an article "Selecting temperature measurement and control systems". The article states: "Network connectivity ties everything together. The goal of any DAS (data acquisition system) is to deliver sensor data for reporting and analysis. The ubiquitous Ethernet interface is a DAS requirement, connecting the DAS to the plant network and into the PC world. Multiple protocols are typically available, such as FTP for file transfer, Modbus TCP and Ethernet/IP, web browsing, email messaging, and OPC server support.

The November/December 2012 issue of ISA's Intech magazine has an article "Selecting temperature measurement and control systems". The article states: "Network connectivity ties everything together. The goal of any DAS (data acquisition system) is to deliver sensor data for reporting and analysis. The ubiquitous Ethernet interface is a DAS requirement, connecting the DAS to the plant network and into the PC world. Multiple protocols are typically available, such as FTP for file transfer, Modbus TCP and Ethernet/IP, web browsing, email messaging, and OPC server support. When standard industry protocols are supported by the data acquisition equipment, data can be seamlessly exchanged with virtually any other control or computing system in the enterprise."

The article demonstrates the perceived value of control system information. The data can be shared, but needs to be done in a secure manner. There are several avenues that can be explored:
- Isolating the DAS from the control system network
- Implementing ISA99 Zones and Conduits recommendations
- Implementing one-way data diodes from the DAS to the corporate networks
- Implementing the latest OPC security recommendations for either OPC Classic or OPC UA
- Removing FTP, web services, and email messaging from the DAS and implementing those functions on a system isolated from the control network

Joe Weiss

About the Author

Joe Weiss | Cybersecurity Contributor

Joe Weiss P.E., CISM, is managing partner of Applied Control Solutions, LLC, in Cupertino, CA. Formerly of KEMA and EPRI, Joe is an international authority on cybersecurity. You can contact him at [email protected]

Sponsored Recommendations

Make Effortless HMI and PLC Modifications from Anywhere

The tiny EZminiWiFi is a godsend for the plant maintenance engineers who need to make a minor modification to the HMI program or, for that matter, the PLC program. It's very easy...

The Benefits of Using American-Made Automation Products

Discover the benefits of American-made automation products, including stable pricing, faster delivery, and innovative features tailored to real-world applications. With superior...

50 Years of Automation Innovation and What to Expect Next

Over the past 50 years, the automation technology landscape has changed dramatically, but many of the underlying industry needs remain unchanged. To learn more about what’s changed...

Manufacturing Marvels Highlights Why EZAutomation Is a Force to Be Reckoned With

Watch EZAutomation's recent feature on the popular FOX Network series "Manufacturing Marvels" and discover what makes them a force to be reckoned with in industrial automation...