Tuesday, November 28, 2006

Site networking and beyond

During the past several years, information technology and process automation systems that support the manufacturing enterprise have evolved from individual, isolated computers and proprietary operat-ing systems and networks to interconnected systems and applications employing open architectures and standard protocols.

These manufacturing computer systems are now integrating with enterprise resource planning systems through site and corporate communication networks.

The business benefits are undeniable and manyfold. Along with the benefits of open systems and integrated architectures come potential risks to the business and manufacturing enterprise.

Historically corporations have implemented firewalls at the perimeter of their data communication networks.

The concept of having a safe operational environment within the corporate network perimeter will diminish over time as networks expand, more applications interoperate, and support of systems is done remotely.CRITICAL SECURITY QUESTIONS

The key to developing effective strategies to mitigate information security risks is the management of interdependencies of process, policies, procedures, and people in combination with the appropriate application of security technology.

The critical security questions are:

* What security issues relate to the physical connectivity between our process control systems and the rest of the world?

* How do we handle people who need to access our process control systems from the corporate intranet, from our trading partners on the extranet, or from the Internet? What guidance and/or constraints should we provide for those people who need to access the resources that are inside the process control domain?

* For people inside the process control domain such as operators and process engineers, what security guidance is required to access resources that are outside that process control domain-the intranet, extranet, or Internet?

To address these issues, DuPont developed a security analysis methodology to analyze the security risks associated with integrated manufacturing computer systems. The methodology has four major steps:

Review-The review phase entails understanding corporate information security policies and soliciting participation from all stakeholders, including process engineers, operations people, and local information technology staff.

Design-Analysis of risk is the basis for the selection of mitigation strategies and tactics.

Using several tools helps provide the basic understanding to select appropriate mitigation strategies. These include a process control network (PCN) characterization form to inventory process control system/network components, simple network block diagrams to depict the relationship of devices' applications with their associated information flow, and the risk analysis completed in the review phase.

Upon defining strategies, the network and system architecture form and incorporate appropriate security technologies such as firewalls, strong (two-factor) authentication, digital certificates, and data encryption.

Designers develop or modify security policies and procedures to accommodate and support mitigation strategies. Firewalls and authentication methods are designed to be choke points and may create a single point of failure in the network architecture.

Implementation-Configuration, testing, and rolling out security policies and technology solutions take place during this phase. Attention must go to proactive communication and education of all personnel affected by security systems, policies, and procedures.

Support and Maintenance-To support the security infrastructure, policies and procedures must be implemented to address subject areas such as access control, auditing of policy implementation, auditing of event journals, authorization mechanisms, disaster recovery planning, intrusion detection, change management, definition of roles and responsibilities, and periodic vulnerability analysis.

MEDIEVAL DEFENSE LINE

The following risk mitigation strategies provide the basis for a robust security policy to protect process control systems and networks:

* All process control networks shall be isolated by a firewall or disconnected from any external network (local-area network, wide-area network, Internet).

* Interactive access to the process control network shall require strong (two-factor) authentication and authorization.

* Noninteractive access shall be source-destination controlled using static rules based on Internet protocol addresses and services.

* Business-critical data traversing nonprotected (public) networks shall be encrypted.

* Virus protection software shall be run on process control computers, servers, and operator stations

No comments: