The troubled frontier of IT and control system security

Andrew Ginter (Industrial Defender) webinar pinpoints differences between IT and process systems.

In a webinar this month, Industrial Defender’s (ID) Chief Security Officer Andrew Ginter addressed the concerns that arise when connecting process control systems to enterprise IT.

Corporate IT is faced with the management of thousands of desktops, servers and a potentially large number of applications for ERP, CRM and more. In this context, standardization is everything, ‘standard is better than better.’ Security dovetails with the standard approach and has led to mature solutions for virus protection, intrusion detection and patch management. Corporate IT’s pecking order starts with confidentiality, next comes integrity and finally availability—‘CIA.’ It is preferable to shut down an e-commerce system than allow it to expose client credit card information.

Control systems are different. They leverage IT too, but the endgame is the management of large, dangerous physical processes like power generation, pharmaceuticals and refineries. Such systems are at risk of explosion, loss of life—and there are laws to control operations. In a sense the CIA paradigm is inverted. Control system availability is critical to safety and comes first in system design. Confidentiality is no longer the number one concern, even though trade secrets need protecting.

There has been a long history of attempts to bring the two worlds together. Initially the systems were kept apart, but this is no longer an option. It is now desirable to couple enterprise application like SAP with the plant. But problems arise—inside the plant there is a lot of older hardware, software and unpatched stuff. Why? Safety is costly to achieve and certify. Once a system is certified, you don’t mess with it. Four levels of safety may be good news, but they make change hard to achieve. Moreover, plant managers are very conservative. They have developed a sophisticated understanding of risks and will reluctantly accept say a new screen—but shy away from a big new application. Even patch management is problematical as the safety situation after a patch may change. Testing on operations networks requires vendor cooperation and is carried out on dedicated test rigs. Even then, there are surprises. A patch once shut down the whole plant!

Port scan vulnerability tests and anti-virus software are problematical as they can slow down and break mission critical components. Many vendors do not support anti-virus. Reluctance to change means that plants run some antiquated communications protocols—many in plain text and hence vulnerable to sniffing and spoofing. Password sharing is rife and even essential to avoid undue delay in logging-on to up to a dozen systems on crew change.

What’s the answer to security at the corporate IT/control system frontier? You need to pick and chose and be careful about what is deployed. Help is available—from a few specialists—including Industrial Defender of course. More from

Click here to comment on this article

Click here to view this article in context on a desktop

© Oil IT Journal - all rights reserved.