Security Topics Page
Tom Moriarty, P.E., CMRP, contributing editor, says determine the reasonableness of policies you impose.
In this edition of In the Trenches, Acme learns what happens when a supervisor can't cope.
Strategies for leveraging scarce resources.
Russ Kratowicz, P.E., CMRP, says piracy, fakery and bogusity have become all too common in the maintenance world.
White Papers: In Depth Research
Stuxnet and security dos and don'ts revisited
In all of the panic and anxiety caused by Stuxnet, there's been lots of highly technical discussions of how the latest technology (e.g., application whitelisting, data diodes, etc.) might have been able to contain it. But all of this focus on what could have been done potentially distracts us from what is really at issue. There is no silver bullet. No matter what system you buy or what program you put in place, there is always going to be a way around or a possible/plausible threat. Your product may block what we see today, but what is on the horizon? What gets lost in all of this distraction is the importance of security fundamentals and of having proper expectations of your security program: provide a program or tools that minimize your exposure and maximize your ability to contain and recover from an event when it happens — and it will.
An IT perspective of control systems security
Author: Andrew Ginter
Enterprises with industrial operations typically utilize at least two types of computer networks: Information Technology (IT) — a network that supports enterprise information system functions like finance, HR, order entry, planning, email and document creation; and Operational Technology (OT)— a network that controls operations in real time. This second type of network supports real-time or control system products, generally referred to as Supervisory Control and Data Acquisition (SCADA) systems, Distributed Control Systems (DCS), Energy Management Systems (EMS) or Manufacturing Execution Systems (MES), depending on the industry.
There has been much discussion and debate around the convergence between Information Technology (IT) and Operational Technology (OT). In an effort to provide better visibility and information flow between revenue generating OT assets and enterprise applications, these systems have often been interconnected, in many cases without properly securing the control systems from cyber attack first. If the IT and OT networks are interconnected, yet not properly secured, a breach to one network can easily transverse to the other, leaving the entire computing infrastructure at risk.
This paper is intended to educate IT professionals on the unique requirements of operational technology and what is required to properly secure these networks from cyber attack, so that organizations can assure security, reliability and safety of information and revenue generating assets.
Perimeter Security: Deter, Detect, Delay, and Deny
Author: Master Halco
In this era of vulnerability with potential for increased terrorist activity, how can you best guarantee the safety of your facility? Even though we’ve come a long way from the days of castles and moats, the principles of perimeter security are the same: a total response that deters, detects, delays, and denies intruders access to your vital holdings.
Industrial Security and Compliance
This 10-page whitepaper from Matrikon talks about each of the areas of concentration for process sucurity in detail--people, processes and technology--as well as the priority of developing a security philosophy which will in turn foster a security culture.
- Honeywell's OneWireless Video Solution allows plants to enhance their perimeter security and employee safety
- Ideal Industries' Plant Facility Lockout/Tagout Kit helps plants avoid workplace injuries and unproductive downtime
- Honeywell's Digital Video Manager R400 features an upgraded system architecture and integrates with the OneWireless mesh network
- Banner Engineering's EZ-Screen LP safety light screen delivers low-profile design and continuous detection
- Featured White Papers