Control systems ARE different

Dec. 8, 2007
Control systems are different Control systems control the industrial infrastructure. Control system engineers are system engineers. Consequently they are conversant in control theory, electrical engineering, mechanical engineering, chemistry, physics, computer programming, and for nuclear plants, nuclear engineering. Without this expertise, they cannot adequately assure the control systems can adequately and safely control the process. Cyber security changes the dynamics of instrumentation and...
Control systems are different Control systems control the industrial infrastructure. Control system engineers are system engineers. Consequently they are conversant in control theory, electrical engineering, mechanical engineering, chemistry, physics, computer programming, and for nuclear plants, nuclear engineering. Without this expertise, they cannot adequately assure the control systems can adequately and safely control the process. Cyber security changes the dynamics of instrumentation and control systems engineering. With the advent of modern networking technologies and the blurring of the lines between control systems and business IT systems, there is now a need for a cooperative effort between all organizations that can be affected by, or affect, control systems operation. A good example of the need for cooperation comes from the Applied Control Solutions August Control System Cyber Security Workshop in Knoxville, TN. Mu Security did a demonstration where they identified almost 500 ICMP vulnerabilities. However, without control system domain expertise, it is not possible to know which ones are relevant or, more importantly, critical to control system operation. Another consideration is that currently, more than 75% of electric utility control system communications are point-to-point serial, not IP. These communications often extend directly to the field equipment. In many cases, impacting IP protocols can affect communication between the control center and corporate, but affecting serial communications can affect field equipment. The recent Aurora demonstration where a diesel generator was destroyed by a cyber event was a good example. From a cyber security perspective, legacy field devices are different than business IT systems and even modern control system Human-Machine Interfaces (HMIs). Consequently, applying inappropriate policies, procedures, testing, or technologies can impact control system performance. Most of the control system impacts I have documented, particularly with field devices, have been caused by inappropriate measures, not intentional attacks. Often this comes from the business IT organization attempting to scan control system networks. These and other IT-initiated events have resulted in impacts from slowing or shutting down control system workstations, to shutting down Programmable Logic Controllers (PLCs), to actually destroying hardware in variable frequency drives. Bits and bytes are important- but if you don't know what they mean, they are at best irrelevant. Joe Weiss  

Sponsored Recommendations

Measurement instrumentation for improving hydrogen storage and transport

Hydrogen provides a decarbonization opportunity. Learn more about maximizing the potential of hydrogen.

Get Hands-On Training in Emerson's Interactive Plant Environment

Enhance the training experience and increase retention by training hands-on in Emerson's Interactive Plant Environment. Build skills here so you have them where and when it matters...

Learn About: Micro Motion™ 4700 Config I/O Coriolis Transmitter

An Advanced Transmitter that Expands Connectivity

Learn about: Micro Motion G-Series Coriolis Flow and Density Meters

The Micro Motion G-Series is designed to help you access the benefits of Coriolis technology even when available space is limited.