Speaking at
the 2014 WIB* Seminar in The Hague last month, Ted Angevaare outlined
Shell’s control systems security reference architecture. The SRA is
intended to steer vendors to deliver a safe, robust and secure
architecture for the process industry. The SRA will also encourage the
standard implementations amenable to optimization and use in R&D
programs and training.
A
‘threat-based’ SRA needs to enumerate which threats have been
addressed. The plan is to use an industry standard threat library
rather than a detailed risk assessment. One possibility is to use the
‘smartgrid’ Nescor cyber failure scenario.
The WIB is asking vendors to present their ‘vision’ of the SRA as
implemented in their own products. To date Siemens, Dupont, Rockwell,
ABB, Emerson, Honeywell, Invensys and Yokogawa are involved. Target
audience for the SRA includes owner operators, certification bodies,
system integrators, EPCs and cyber security institutes such as US-CERT.
A first draft of the SRA will be issued for comment in Q3 2014. More
from WIB.
* Dutch process automation users group.
© Oil IT Journal - all rights reserved.