The growing usage of Ethernet and TCP/IP in
industrial devices (replacing dedicated networks) has led to the
necessity to reach a higher level of security against common
threats on Ethernet cable. These threats can be deliberate
(attackers), collateral (viruses and worms), or accidental (misconfigurations).
Moreover the introduction of more and more IT functionalities
into process control devices gives us more reasons to perform
security analysis in order to find any possible weak points.
The collaboration between Siemens and CERN
focuses on the robustness of automation devices (e.g.
Programmable Logic Controllers) through a deep investigation of
these devicesí resistance against attacks. More specifically,
the major aim of the project is the definition of a test bench
and specific procedures which allow us to perform a security
mapping of devicesí architecture and to simulate common attacks
originating from either the internal or the external network.
Once the security mapping is complete, it is
necessary to generate a detailed vulnerability report. It
specifies the security breaches that need to be analyzed in
order to possibly develop several practical and easy-to-apply
solutions to fix those vulnerabilities.
Standards and guidelines can be used to help
identify problems and reduce the vulnerabilities in a cyber
security system. By knowing the problems and vulnerabilities,
standards can be applied to cyber security systems in order to
minimize the risk of intrusion. This is why at the beginning of
our activities, we compared three cyber security standards:
ISA-99 (and part of the ISA-95), NERC-CIP, IEC-62351.
During the analysis of these standards we
have noticed lots of congruencies and some discrepancies in the
specific approaches they suggest. At the end of this analysis,
ISA-99 seems to be the most relevant standard, the only one able
to face up to the wide heterogeneity of control systems (which
is also relevant for CERN experiments).
This also implies that ISA-99 approach is
quite general and can only provide a theoretical (instead of
practical) guidance and direction on how to establish and
implement procedures (overall in the assessing phase, designing
the security plan and defining the security policies). Moreover
it is recognized that standards and guidance documents are
living documents (the standard is not totally completed yet)
that will continually evolve to meet the dynamic needs of
industry and stay current with changing technology. The defense-in-depth
model is sustained as customerís security scheme by the ISA-99
standard too, which recognizes that some attacks will inevitably
penetrate the boundaries and thus requires further protections
within the boundaries.
Programmable Logic Controllers (PLCs)
represent the lowest level in the layers architecture of any
control systems. As such, they are an essential link in any
defense-in-depth strategy and must be considered as first class
citizens in the chain of control2.
Distributed Control Systems (DCS)
General Reference Model3.