Beruflich Dokumente
Kultur Dokumente
Security
Safety vs. Security
Rick Kaun
Department Manager
Network Security Solutions
Matrikon
Bruce McHardy
Instrument and IT Supervisor
Teck
ABSTRACT
Safety systems in the industrial environment have evolved over the years to become increasingly
complex and are relied upon to function to a level of adequacy to protect employees, production,
and the environment surrounding a particular facility. The investment in these systems is great, but
the ramifications of their malfunction are even greater. The media has made it even easier for us to
understand the impact of safety on companies and on their surrounding communities, and with
incidents such as those that transpired in Texas City with a BP refinery explosion, and with the
Bhopal disaster, involving a chemical leak, the potential impact of our operations has become
greater than ever before.
The evolution of safety systems is largely accredited to our ability to connect our systems and to
automate notifications and alarm in the event of a safety breach. Safety systems have now become
automated, more sophisticated, and since being connected by networks, for example being TCP/IP
routable, they have also become more vulnerable to security infringements. At the same time,
connecting our systems has allowed them to become more efficient, and to become a more
dependable, de facto component of a facilitys infrastructure. Increasing regulations and standards
are a direct result of the importance being placed on safety systems, not just as a reactive alert
system to crisis, but as a more proactive and predictive way of avoiding disastrous situations. Much
like our telephone and internet connections, our safety systems have become something we expect
to function correctly, and something that we rely on to alert us if the need arises. We cannot expect
to become mindful that these systems may not be functioning correctly thanks to security issues.
security breaches that occur, whether intentional or unintentional, result from the mishandling of
sensitive business data to the wrong people, from within the organization itself.
processes it is useless. Think of security as a 3 leg table where all are required to prevent it from
falling down. A security vulnerability assessment should approach security with these 3 distinct
pillars: People, Processes, and Technology. This comprehensive approach delivers a thorough
assessment of your initiatives including policy review, training programs, and technological and
physical concerns.
Technology is the foundation for security and it is necessary to have the right systems installed.
Companies should ensure they have good firewalls, antivirus, patch management, tape backup,
remote access, authentication, and physical security in place.
When we talk about People in the context of security it refers to the employees, contractors and any
visitor to the organization. In order for a security program to be successful, it is necessary for the
participants and stakeholders to have the necessary awareness, training, documentation and roles.
Everyone needs to understand appropriate system use and why it is important, and technical people
also need to know how to identify and address security risks. It is recommended from an
organizational perspective to have a dedicated security group with the authority and executive
support to enforce security violations. But, it is more important to have a security awareness
program for employees to share the importance of security and how they can participate. If
organizations do not focus on their people, security policies will not be followed, staff will not
understand security issues, and technical staff will not manage systems effectively.
The third aspect of security is Process. When discussed in the context of security, process refers to
the policies, procedures and action plans. Regardless how hard you try, there will always be
residual security risks and potential incidents. The measure of your preparedness and of the
validity of your security program will determine how well you contain the incident and how
quickly you recover from it. It is necessary to have documents in place like an appropriate use
policy, backup policy, and wireless policy to define how company assets should be used and
deployed. Policies determine the rules of using a system; define procedural countermeasures for
potential security risks, and any best practices. Procedures are step-by-step instructions on how to
perform or execute a plan without being the expert on the system. Both policies and procedures are
required for a good security program. Processes or procedures are also vital in outlining the overall
security mentality and approach your organization wishes to implement. As your business evolves,
so too will your environment. By having clearly defined expectations of future programs and
applications you can evolve your business while maintaining the highest possible level of security.
Finally, a security vulnerability assessment should be scalable to meet specific organization
requirements and should include, but not be limited to: ongoing policy reviews, exhaustive system
by system site audits, front-end engineering and technical implementation.
With the integration of process control systems, and particularly, our safety systems, we also need
to examine the way in which data is transferred and shared. What tools are we using to connect our
systems and how is the data being pulled and combined with other sources? Certification programs,
such as the Achilles Certification by Wurldtech, work with compliance organizations and standards
bodies to create certification programs that encompass the necessary security requirements for all
software, including OPC software used to create interoperability among systems. It is important to
ensure that every step of your process is secure, starting with the data that feeds the rest of your
business. If your data itself is not secure, this will have a domino effect on the rest of the process
from that point onward.
A Secure Process Environment (SPE) design creates a layered network that segregates all process
equipment from the Business LAN, creating a network that is dedicated to Process Equipment,
while allowing the movement of data that is necessary for business decision making. The design
incorporates a method of rejecting all communications from the Business LAN to the Process LAN,
but still allows the movement of data to exist.
Problems such as Software Virus, Trojan Horses and Worms are controlled without the
requirement of loading Anti-Virus software on process systems. This provides Anti-Virus
protection for those industrial systems that are not certified for running with anti-viral software.
This design also removes the requirement of ensuring all systems are loaded with Security patches
to remove vulnerabilities to attack. As always it is still recommended to load all service packs and
Security patches on all systems as required but the problems associated with not doing so is
reduced significantly. The loading of Security and Service packs on process systems is often not a
Process Engineers primary concern and these patches are often left till all other tasks are
completed. A Security Controlled Network layer, the Process DMZ LAN, is constructed between
the Business LAN and the new Process LAN. This network provides an area for security control.
Both the Business LAN and the Process LAN are able to communicate with systems on the Process
DMZ LAN. This design provides a security focus in a small and limited area of the networks,
reducing administration costs. All security programming on the Firewall and the process LAN
Router is now focused only on rejecting or authorizing communications to the Process DMZ LAN
and not to Process equipment. The security focus is now directed to a limited number of servers
and not to all equipment on the Process LAN.
CONCLUSION
The overall impact of implementing a comprehensive security program in the process control
environment is far reaching, and typically includes:
By understanding the complexity and breadth of an effective security program in the process
control environment, we can see the direct correlation between security and its role in the
maintenance of appropriate safety levels. The volume of information that is moving around a
facility at any given time makes it imperative that security controls are put in place and maintained.
Furthermore, the traditional focus of variety of process industries has been safety and productivity.
However, recent threats to North American critical infrastructure have prompted a tightening of
security measures across the different industry sectors. Reducing control system vulnerabilities
against physical and cyber attack is necessary to ensure the safety, reliability, integrity and
availability of these systems.