Process control vendors are migrating plant control technologies to more open network and operating environments. This White Paper explains how layered security can be accomplished by adopting a "best practices" model, developing and implementing an access control plan, and compartmentalizing the network.10/15/2004
This 9-page paper summarizes the various applications and benefits of the use of fingerprints to restrict access to information and transactions. It covers access via the Internet and other networks as well as physical access.10/15/2004
Operations staff and plant engineers also have a keen interest in the security of control networks. They are responsible for the reliability, availability, safety and integrity of the process. Their facilities are the ones producing products and earning revenues, so their concerns, priorities and knowledge must also be considered when determining security options.10/15/2004
Plant security is a key priority at many plants. This 10-page paper provides background what the methodology for a plant vulnerability analysis involves. It covers topics such as how to get started, available tools, and risk assessment.12/02/2004
This nine-page PDF whitepaper discusses the pitfalls of alarm management and how mistakes in the past have been quite costly. It then addresses these mistakes and gives an overview of proper alarm management.02/10/2005
This 17-page whitepaper discusses the application of two popular methods of determining SIL requirements risk graph methods and layer of protection analysis (LOPA) to process industry installations.04/19/2005
Plant security is a key priority at many plants. This 10-page paper provides background what the methodology for a plant vulnerability analysis involves. It covers topics such as how to get started, available tools, and risk assessment.04/21/2005
OSHAs Hazard Communication Standard (HCS) is based on a simple conceptthat employees have both a need and a right to know the hazards and identities of the chemicals they are exposed to when working.08/30/2005
In the real world, sharing PCN data with external systems and accessing PCN systems from external sources is fast becoming a business necessity. This paper provides some generic guidelines for enabling secure connectivity between PCNs and external systems.09/16/2005
This document describes best practices for the reference architecture for a process control system network and its interfaces to a corporate network. The papers objective is to give the reader an understanding of the techniques utilized to securely connect these networks.01/11/2006
The power industry is susceptible to a variety of cyber threats, which can wreak havoc on control systems. Management, engineering and IT must commit to a comprehensive approach that encompasses threat prevention, detection and elimination.03/27/2006
This document provides an understanding of intrusion detection and prevention systems, why they are necessary, how and where they fit in the control system environment, and gives example scenarios.03/27/2006
Ensuring the security of industrial control systems is hardly a new topic. The earliest users of modern control systems in power stations and chemical plants saw the need to protect access to vital control functions from unauthorized use. Similarly, in industries such as fine chemical or pharmaceutical where the process is the product, manufacturers have always sought to protect the secrets of their unique processes from the prying eyes of industrial spies. This white paper by ARC describes how the Siemens AG PCS7 Security Concept bundles key security measures in seveal specific areas to create a deep hierarchy of security known as defense in depth.02/25/2008
David A. Moore, PE, CSP, president and CEO of AcuTech Consulting Group, testified at a June 2006 hearing on Inherently Safer Technology in the Context of Chemical Site Security at The Senate Environment and Public Works Committee01/11/2010
This 10-page document discusses how the reference from the Center for Chemical Process Safety -- "Inherently Safer Chemical Processes, A Life Cycle Approach," 1st Edition, 1996 -- was updated in 2007. Inherent Safety has been well received by industry, but there has been significant advancement in the concept of inherently safer design over the last 10 years. This overview highlights lessons learned and best practices in inherent safety.01/11/2010
Working on your Site Security Plan (SSP)? The next stage in the Chemical Facility Anti-Terrorism Standards (CFATS) compliance process requires covered facilities to submit a SSP. Given the importance of the SSP, covered facilities should address a number of factors while they complete this step in the CFATS regulation. Download this complimentary whitepaper now: Ten Tips for Completing your SSP.03/10/2010
Remain informed about adjustments to MTSA and learn how the program continues to evolve. This paper provides regulatory updates on the current state of MTSA and information about Transportation Worker Identification Credential (TWIC). Find out about new challenges, such as harmonization with Chemical Facility Anti-Terrorism Standards (CFATS). The paper also covers the current discussion among industry and government officials regarding the differences associated with the MTSA and CFATS programs, including ways to coordinate chemical security regulations. Learn about TWIC reader pilot program updates, as well as practical tips for compliance. Download MTSA Tips & Updates Paper01/11/2012
The technology advances in control systems and open systems have afforded us improved efficiency, productivity and the ability to advance our operations. However, these improved technology advances have also come with risks that threaten these efficiencies. Viruses; an increased dependency on uptime, availability and reliability; operator errors and increased regulations are just some of the threats today's manufacturers need to contend with when managing their operations. In this Putman Media Special Report, we take a look at the cyber security issues today's manufacturers need to contend with; identify control systems vulnerabilities and offer a three-step approach for building better cyber security at your operations.02/09/2012
The past two years have been a real wakeup call for the industrial automation industry. For the first time ever it has been the target of sophisticated cyber attacks like Stuxnet, Night Dragon and Duqu.
In addition, an unprecedented number of security vulnerabilities have been exposed in industrial control products and regulatory agencies are demanding compliance to complex and confusing regulations. Cyber security has quickly become a serious issue for professionals in the process and critical infrastructure industries.
If you are a process control engineer, an IT professional in a company with an automation division, or a business manager responsible for safety or security, you may be wondering how your organization can get moving on more robust cyber security practices.
In order to provide you with guidance in this area, Tofino Security and exida Consulting LLC have condensed material from numerous industry standards and best practice documents. They also combined experience in assessing the security of dozens of industrial control systems.
The result is an easy-to-follow 7-step process.02/28/2012