Bedrock Automation, the maker of the world’s first Open Secure Automation (OSA™) platform, has released an informative white paper on the cyber security vulnerabilities and defense of industrial control systems. The 20-page document, Securing Industrial Control Systems - Best Practices, covers the threat landscape and presents a holistic approach to defending it, including assessing risk, physical security, network security, workstation and server security, as well as the fundamentals of OSA.
“As we discuss cyber security with users of automation, we find that many are aware of the threat potential but are not sure if they are doing enough to protect themselves. We saw the need for a technical paper that explains both the mindset and motives of an attacker, as well as the tools and technologies of defense. This paper defines the issues in a practical, holistic way while providing recommendations on how to begin and sustain best practices for cyber defense,” said Albert Rooyakkers, Bedrock founder and CEO.
The first half of the paper covers conventional cyber security practices that apply to all industrial control systems. It provides an assessment of the threats, including drive-by attacks, advanced persistent threats (APTs), espionage, process attacks, and ransomware. It also looks at assessing the related risks, with an introduction to Process Hazards Analysis (PHA) and Hazards and Operability (HAZOP) methodologies used to identify malfunctions that might harm people, the process, or the environment.