Cyber Security for Power Automation Systems - Effects on Business Processes in Power Plants
(Room Rheinsaal 6)
29 Jun 17
9:00 AM
-
10:30 AM
Tracks:
Track B - Mastering the Digital Era
Cyber-attacks on critical industrial infrastructure are a fact. In the EU the losses caused by these intrusions can be as high as 1.6% of gross domestic product, costing tens of billions of Euros annually. Plant operators need to implement their compliance program to meet the required regulatory guidelines. Cyber security is an important factor in all phases of a system life cycle and is an integral part of the control system. Each stage needs to be addressed - from design and development to operations and maintenance. This paper highlights the solutions for a secure and reliable system: Implementing application whitelisting to prevent unauthorized programs from running; ensuring that a proper patch management program is in place; and reducing the attack surface area of the control system by isolating it from untrusted networks like the Internet. The target is to minimize the cyber risk for customers’ control systems and production processes. There is no one and single solution to keep a system cyber secure. Instead, we recommend a defense in depth approach, where multiple security layers detect and deter threats; and to embed cyber security at each stage of the DCS product life cycle, from design and development to operation and maintenance. Security workplace is a program that includes fingerprinting to gauge the ability of the control system to withstand attack; patch delivery to evaluate all software updates for relevance and system compatibility; application whitelisting to ensure that only approved software and processes are allowed to run; and file sanitization to minimize the risk of introducing an infected file into the control system. Cyber security is an ongoing process. After an automation system has been commissioned, it continues to communicate with its users. So it is crucial: doing the right things - right!