ControlGlobal Q&A on Security

April 29, 2009
How Much Security Do You Need to Really Be Secure?

By Penny Chen, with input from Bruce Jensen and Akiomi Monden. Yokogawa

The answer depends on how you view security. If you view security is an isolated element, which is caused by a particular device function, application protocols, software bugs, physical vulnerability, and so on, the answer must be “never enough” security to be really secure. If you view security from the overall network architecture and address security from the network platform as an overall service, the answer could be that you can make it secure enough for your business goals.

Today, we often focus on a particular security issue, such as jamming one or more network channels, denial of service through a particular network point, worms and viruses’ propagating from part of a network, wireless has no proximity and/or no boundary propagation, etc. Recent history has told us it is very difficult to guard against individuals or groups launching a new attack that targets a particular weakness of the network elements intentionally or playing with a critical network non-intentionally. Since security is inherited through a network solution, it follows that the network is part of the platform. It is simply matter of time waiting for researchers, technicians or hackers to be able to break into it.

“Thinking about security, as a battle against desperados, it’s possible that we always lose even if we try our best to predict intrusions before they happen,” said Akiomi Monden, cybersecurity expert from R&D Management Department in Yokogawa Electric Corporation, Tokyo. “Since there is a low possibility of defeating them, we can reduce and control the risks by defending our network architecture. We do not need to beat them, but we could ease the consequences of an attack. That is the very basic policy we should take and all strategies should follow this. Otherwise, the cost will be prohibitive. In most cases they are deceived.”

Therefore, “secure” is no longer an individual or isolated concept even if it happens individually. One of the most important aspects of good security is through a great network design. Security is an important part of the overall network platform. A good and resilient network architecture will able to quickly identify the invasion, isolate the attack, minimized the damage and quickly recover from the incident. The question is―how well can you design a network architecture that is resilient enough to ensure your business goal?

“I have been continually advocating security is very similar to functional safety management,” said Bruce Jensen, manager of system marketing and sales support from Yokogawa Corporation of America. “There SIL levels have been defined that account for reductions in a calculated risk of an event due to process conditions. Analysis is performed to determine how much risk reduction is required and safety loops designed with accredited equipment installed to achieve that SIL level. Security assurance level or security protection level is similar in that analysis is done to determine how much reduction in risk from the potential of harm to cyber assets and, thus, the process they control is warranted and what measures are needed to mitigate and at what cost. Is this as evolved as the HAZOP? Maybe. Maybe not. I think this is somewhat inherent in the defense-in-depth strategies.

“A secondary corollary is alarm management. This may be more appropriate. Here is also the idea of reducing risk of an event (safety or financial) by ensuring that operators respond to actual process conditions rather than trying to sort through an alarm avalanche to determine what really is wrong. Thus alarm management is a work process, using a variety of hardware and software tools in order to reduce the risk of a process event being mishandled.”

Good and secure network architecture needs go through a complete risk assessment. There are two important steps in this risk assessment process.

Step 1: Risk Evaluation – threat analysis of the overall network architecture, such as identifying threats using checklists and establishing a risk level. Through a threats analysis, the level of vulnerability should be understood.

Step 2: Business Impact Analysis―balance the business needs on how much security is able to support your business objectives in the short term and long term

Another important aspect of a secure network for industry automation is the plant security life cycle. The plant security life cycle includes two key elements: security life cycle and plant life cycle. In order to achieve and keep the security level of all assets, a corporate policy should be in place to follow an appropriate procedure to ensure the security assurance level according to its cybersecurity management needs. Then, the corporate personnel should execute it through the design and engineering phase, testing and commissioning phase, and the operating and management phase after hand-over from vendor to the end user. Ensuring that people follow the guideline and enforce the action is also an important element of measuring security.

As an automation systems and instrumentation vendor, Yokogawa could broadly support our customers through all these phases, not just design and engineering, by offering system elements with a good security posture that have been certified with a public program or accredited with a proven security test, or a thorough in-house testing. We can also propose best practices for implementing a good security management system with the main control systems, such as a recommended network design and a recommendation of security controls deployment. Furthermore, it would be better if the best practices help these control systems comply with industrial standards, governmental regulations and corporate risk management systems. Yokogawa is not only able to provide technology to customers, but also services to help in implementing, operating and managing cybersecurity managementsSystems with industrial automation/ control systems.

By combining a resilient network architecture design with a complete risk assessment, along with the plant security life cycle, you can make your network secure enough to support your business objectives. Ultimately, it is a business decision as to what cost is required to reduce the risk to an acceptable level.

What is the difference between "compliance" and "security"?

Compliance is usually used to declare or measure conformance against a particular group of regulations or standards. Compliance can be part of a security program because a particular network element’s performance and robustness, including software and/or hardware can be accredited and tested.

However, security includes more than just compliance. Security is part of the network architecture, and the network provides the platform for security.