The growing usage of Ethernet and TCP/IP in industrial devices (replacing dedicated networks) has led to the necessity to reach a higher level of security against common threats on Ethernet cable. These threats can be deliberate (attackers), collateral (viruses and worms), or accidental (misconfigurations). Moreover the introduction of more and more IT functionalities into process control devices gives us more reasons to perform security analysis in order to find any possible weak points.

The collaboration between Siemens and CERN focuses on the robustness of automation devices (e.g. Programmable Logic Controllers) through a deep investigation of these devices’ resistance against attacks. More specifically, the major aim of the project is the definition of a test bench and specific procedures which allow us to perform a security mapping of devices’ architecture and to simulate common attacks originating from either the internal or the external network.

Once the security mapping is complete, it is necessary to generate a detailed vulnerability report. It specifies the security breaches that need to be analyzed in order to possibly develop several practical and easy-to-apply solutions to fix those vulnerabilities.

Standards and guidelines can be used to help identify problems and reduce the vulnerabilities in a cyber security system. By knowing the problems and vulnerabilities, standards can be applied to cyber security systems in order to minimize the risk of intrusion. This is why at the beginning of our activities, we compared three cyber security standards: ISA-99 (and part of the ISA-95), NERC-CIP, IEC-62351.

During the analysis of these standards we have noticed lots of congruencies and some discrepancies in the specific approaches they suggest. At the end of this analysis, ISA-99 seems to be the most relevant standard, the only one able to face up to the wide heterogeneity of control systems (which is also relevant for CERN experiments).

This also implies that ISA-99 approach is quite general and can only provide a theoretical (instead of practical) guidance and direction on how to establish and implement procedures (overall in the assessing phase, designing the security plan and defining the security policies). Moreover it is recognized that standards and guidance documents are living documents (the standard is not totally completed yet) that will continually evolve to meet the dynamic needs of industry and stay current with changing technology. The defense-in-depth model is sustained as customer’s security scheme by the ISA-99 standard too, which recognizes that some attacks will inevitably penetrate the boundaries and thus requires further protections within the boundaries.

Programmable Logic Controllers (PLCs) represent the lowest level in the layers architecture of any control systems. As such, they are an essential link in any defense-in-depth strategy and must be considered as first class citizens in the chain of control².

Distributed Control Systems (DCS) General Reference Model³. Click on the graph to enlarge it.