Recently I wrote about one of the fundamentals of industrial cyber security, which is the concept of Defense in Depth.Today I am going to write about another foundation concept, which goes hand-in-hand with Defense in Depth, and that is using ANSI/ISA-99 Standards to improve control system security.

Factors that have degraded Control Network Security

There are two opposing trends impacting control network design today:

1. The trend toward greater “interconnectedness” of control systems with enterprise systems as organizations seek increased business productivity and as they increase the use of Ethernet-TCP/IP technology.
2. The trend to isolate control networks as an attempt to block advanced malware threats such as Stuxnet.

How does a controls engineer deal with the conflicting requirements of more integration and more isolation? My advice is to accept and plan for high integration with business systems, and to dismiss the idea that control systems can be isolated. Read more »