保护分布式控制系统

Industrial control system cybersecurity is often discussed in broad terms, but the distributed control systems used in the continuous processing industries introduce some unique cybersecurity requirements.

Distributed control systems (DCSs) are commonplace in continuous processing, particularly in the oil and gas and chemical industries where they’re used to control several machines or processes at the same time. This differs from PLCs (programmable logic controllers), as a PLC is typically used to control just one machine.

Tim Mirth, PlantPAx platform leader, Rockwell Automation.Tim Mirth, PlantPAx platform leader, Rockwell Automation.DCSS如何使用DCS来管理多台计算机的这种差异,并在影响DCS的安全漏洞方面进行UPS ante。随着这种类型的脆弱性,蒂姆雷克,Plantpax平台领导者Rockwell Automation探索DCS相关网络安全改进的植物决策者应该了解这些共同的DCS网络安全挑战:

Open systems.“Open protocol networks are a historical hallmark of distributed control systems and are usually considered a huge benefit,” said Mirth. “But the additional avenues of risk associated with online, connected control systems may leave producers more vulnerable. The区域和导管模型can help mitigate the threat and keep critical assets segmented from most vulnerable areas.管理防火墙是保护开放系统的另一个重要部分。

此图突出了PLC控制系统(左)和DCS控制系统之间的控制连接差异。来源:皇室此图突出了PLC控制系统(左)和DCS控制系统之间的控制连接差异。来源:皇室Legacy equipment.老机器,特别是如果他们没有updated in many years, are potential entry points for viruses, worms, and hackers. “This is where a risk assessment can expose a vulnerability and develop a strategy to strengthen them,” Mirth said. “In larger plants you may not even know there is still an obsolete operating system on your network.” Mirth noted that if replacement of a legacy device is not possible, some protection can be gained withnetwork segmentationto build in layers of defense.

不断发展的劳动力。“可以访问植物和系统的人是整体网络安全难题的重要作品,”欢朗说。“违规可能是由无辜的错误以及具有邪恶意图的犯罪造成的。为了解决这个问题,欢呼们说要问问自己:你知道谁管理公司的用户帐户和系统访问权限吗?此外,是否存在任何账户,这些帐户多年来一直存在活跃和未使用?Adhering to international standards, 如那个ANSI/ISA-62443-3-3 standard, and managing your users as part of a cybersecurity strategy can help mitigate this risk, Mirth added.

Unknown ROI.通常,公司认为网络安全是一个费用nse with an unidentifiable ROI (return on investment). Mirth said that, with cybersecurity or any risk mitigation initiative, “it’s less about how much money the company will make and more about what you don’t want to lose. With a proper risk assessment, vulnerabilities, risks, and mitigation strategies can be evaluated and allow producers to answer questions such as: What risk are we willing to accept? What will it cost to make the changes needed to feel comfortable in our risk posture?” Mirth said it may not be as expensive as you think to make changes, and the opportunity cost for not protecting your systems is too great to pass up implementing even some simple measures.

最后,欢乐袭击了工业公司必须意识到,需要采用不断发展的计划来正确保护您的DCS。That’s why it’s important to recognize the criticality of the cybersecurity challenges he cited and to “select a plan that keeps enhanced overall security, flexibility, and digital transformation in mind and won’t trap you from making the progress you need to run your business.”


倾听这个“自动化世界得到你的问题”podcast to help determine how much cybersecurity your operations need


Companies in this article
更多的网络安全