Intrusion prevention in a control systems environment

Intrusion detection systems (IDS) are a critical piece of security infrastructure that should be implemented whenever a critical business processes such as control systems are connected to TCP/IP based local and wide area networks. They are able to detect network activity such as hacking attempts, virus and worm attacks, and other potentially threatening traffic capable of wreaking havoc on your control system. The technology behind them is simple – detect and alert that a threat has been detected. Today, new generation IDS, often referred to as Intrusion prevention systems (IPS), are not only able to detect threats, but mitigate them by blocking the traffic from entering your network.

The goal of this White Paper is to give the user an understanding of intrusion systems, both in prevention and detection, how they fit in the control systems environment and why they are necessary, as well as provide example scenarios for their implementation.

The approach to site network(s) and control system security is based on the following principles:
·  View security from both management and technical perspectives
·  Ensure security is addressed from both an IT and control system perspective
·  Design and develop multiple layers of network, system and application security
·  Ensure industry, regulatory and international standards are taken into account
·  Prevention is critical in plant control systems, supported by detection

Developing a prevention approach to plant control systems will require a new approach to network security between the plant network layer and business/external systems. This document focuses on one key piece within the overall network architecture – intrusion systems – and provides an overview of where intrusion detection and prevention systems should reside.