1661899341886 Article 170 Byres

Edge protection a first layer of defense-in-depth security

June 13, 2007
Control system security expert Eric Byres presents defense-in-depth strategies for process control systems to some 150 attendees at the Honeywell Users' Group Americas 2007 Symposium in Phoenix.
“CERN, the European physics lab that was the birthplace of the World Wide Web, tested 59 different PLCs they owned and found that they had huge numbers of failures in those controllers,” said control system security expert Eric Byres in a presentation to some 150 attendees here in Phoenix at the Honeywell Users Group Americas 2007 Symposium.

“PLCs were not designed for security,” Byres continued. “No sane IT department allows unprotected PCs or laptops, so why are PLCs immune?”

So, when he was the director of the internet security lab at the British Columbia Institute of Technology (BCIT), Byres started a program to design a micro-firewall for what he calls “edge devices” like PLCs, field controllers, field instruments and final control elements.

“There needs to be a shift in how we look at security,” Byres explained. There have been dozens of cyber incidents in every process and manufacturing vertical, and they cost real dollars, lots of them. The average cost of a malware incident is about $68,000, he said, and the average sabotage cost is much higher. “In the same way the Maginot Line didn’t save France,” Byres said, a defense-in-depth strategy is what is required rather than a single bastion-like defense.

Honeywell global security architect, Kevin Staggs (see Videocast Interview) added that process safety and cyber security go hand in hand. Security is a key Honeywell initiative, Staggs said, and defense-in-depth is a key strategy for ensuring it.

“Security is a journey,” Staggs commented, “not a destination.” Honeywell is partnering with customers and suppliers, taking leadership on standards committees like SP99 and SP100. “We’ve published a Networking and Security Planning Guide to help customers get up to speed on state of the art procedures and practices as they implement their own security policies,” Staggs said.

“IT is not the enemy,” Staggs went on to say. “We need to learn from each other. Most IT practices can be applied directly, and those that can’t must be known, discussed and negotiated into new practices that work in the process environment.”

Back to the micro-firewall, Byres went on to describe the program from BCIT to the present day. The BCIT study found that just using a commercial, off-the-shelf (COTS) firewall wouldn’t work. They aren’t industrially hardened, they don’t understand the controls environment, they aren’t extensible, they are not at all easy to use, and management of change in a process environment is essentially impossible. Byres has since teamed with MTL, a Honeywell partner, to develop an edge-protection device called Tofino to overcome these challenges.

“We can’t hide behind the ‘great big firewall,’” Byres concluded. “Defense-in-depth is critical and those best practices are available now. We need to start using them.”

CLICK HERE to view the Videocast Interview.

Sponsored Recommendations

Measurement instrumentation for improving hydrogen storage and transport

Hydrogen provides a decarbonization opportunity. Learn more about maximizing the potential of hydrogen.

Get Hands-On Training in Emerson's Interactive Plant Environment

Enhance the training experience and increase retention by training hands-on in Emerson's Interactive Plant Environment. Build skills here so you have them where and when it matters...

Learn About: Micro Motion™ 4700 Config I/O Coriolis Transmitter

An Advanced Transmitter that Expands Connectivity

Learn about: Micro Motion G-Series Coriolis Flow and Density Meters

The Micro Motion G-Series is designed to help you access the benefits of Coriolis technology even when available space is limited.