Optimization of Secure Control System Network and Business Network Segregation Architecture for Industrial Control System Cyber Security Assurance
- business network, control system network, control system network segregation
Abstract – Nowadays, the evolution of Industrial Control System (ICS) environment from obsolete pneumatic control and proprietary platform into modern system with open protocol and common environment (e.g. Windows environment) has increase the threats (e.g. virus and malware, external or internal intruder, disaster) and system vulnerabilities (e.g. system unprotected properly against virus threats, registry errors due to un-updated system) on its environment.
The interconnection between Control System network and Business network has become one of the most critical part of ensuring security framework for ICS. Secure and robust system architecture and implementation for this interconnection should be considered as high priority. The system owner and custodian should consider to assess, strategize and implement the critical requirements by using the existing standards (global or company standards) in order to ensure secure interface between these two networks.
This paper explore and analyze one of the most secure and appropriate interconnection architecture by implementing some networking equipment (router and switch, firewall and nIPS) and proper set up of those equipment in order to ensure the secure data traffic and host access control framework between Control System network and Business network. This paper also describes some recommended practices on ICS environment as one of the prevention framework to protect the access (logical and physical) of ICS environment, either from internal ICS or external entities (including Business network and External access).
For complete technical journal of the above abstract, please follow this link to access:
Optimization of Secure Control System Network and Business Network Segregation Architecture for Industrial Control System Cyber Security Assurance Rev.Final
(password to open the journal: fedcoint.com; password to copy and edit the journal: “please contact us”)
The above journal has been elected to be presented in ISA Automation Week 2012 (September 2012) in Orlando, Florida USA, for reference to the full shcedule of this event, please refer to this link: ISA Automation Week 2012 Full Program and Schedule