Shell proposes process security reference architecture

Threat-based architecture to leverage ‘smart grid’ cyber security protocols.

Speaking at the 2014 WIB* Seminar in The Hague last month, Ted Angevaare outlined Shell’s control systems security reference architecture. The SRA is intended to steer vendors to deliver a safe, robust and secure architecture for the process industry. The SRA will also encourage the standard implementations amenable to optimization and use in R&D programs and training.

A ‘threat-based’ SRA needs to enumerate which threats have been addressed. The plan is to use an industry standard threat library rather than a detailed risk assessment. One possibility is to use the ‘smartgrid’ Nescor cyber failure scenario. The WIB is asking vendors to present their ‘vision’ of the SRA as implemented in their own products. To date Siemens, Dupont, Rockwell, ABB, Emerson, Honeywell, Invensys and Yokogawa are involved. Target audience for the SRA includes owner operators, certification bodies, system integrators, EPCs and cyber security institutes such as US-CERT. A first draft of the SRA will be issued for comment in Q3 2014. More from WIB.

* Dutch process automation users group.

Click here to comment on this article

Click here to view this article in context on a desktop

© Oil IT Journal - all rights reserved.