DCS; Industrial control system
Product
Article
NameDescriptionContent
NEW CENTER
Current Location:
Ensuring Cyber Resiliency for OT Systems
From:THOMAS
|
Author:H
|
Time :2024-11-27
|
289 Browse:
|
Share:
Cyber resilience is the ability for an entity to continuously deliver the intended outcome despite cyber-attacks. In this case, the “entity” could likely be your plant and the “intended outcome” is the results produced by your operational technology (OT) efforts. Stated simply, being cyber resilient means your operations stay in operation even though they may be under cyber-attack.
“Cyberworthiness” is an assessment of the resilience of a system from cyber-attacks. It is applicable to software and hardware elements like standalone software, code deployed on an Internet site, browsers, manufacturing equipment or Industrial Internet of Things (IIoT) devices.
Whether intentional—as in a cyber-attack—or unintentional—as in a failed software update—adverse cyber events negatively impact the availability, integrity, or confidentiality of networked OT and information technology (IT) systems and associated services.
Cybersecurity versus cyber resilience
Cyber resilience is designed to prevent systems and networks from being derailed in the event that security is compromised. The manufacturing line, refinery or pipeline “stays” operational. Cyber resilience means that cybersecurity is effective without compromising the usability of OT systems (Figure 1).
According to Phil Tonkin, field CTO at Dragos, cybersecurity is concerned with the protection of digital systems, whereas cyber resilience considers the real-world implications of cyber events—extending beyond the digital defense perimeter to encompass the ability of an organization to maintain its core functions and recover swiftly from any form of cyber disruption. “In the world of OT, infrastructure owners as asset managers are concerned with the integrity and reliability of their assets. An electric company needs to worry about keeping a reliable, efficient and clean energy supply to its customers, how they achieve that is resilience. It’s not just protecting the system against compromise but managing the risks of downstream effects.”
Greg Hale, editor and founder of ISSSource, said that resiliency is a plan to find ways to keep the plant/network/system up and running despite an ongoing attack. It is related closely to the business continuity plan. “Cybersecurity, on the other hand, is the overall general idea of protecting assets. The government says resilience entails the ability of a system to anticipate, withstand, recover from and adapt to cyberattacks and natural or accidental disruptions,” he said.
Hale wrote in a recent article in The Source: “A core meaning behind cybersecurity is keeping systems up and running and secure against any kind of attack. But when an organization does suffer a hit, the next step in the ladder of protection needs to be resilience—how to stay up and running no matter the type of assault.”
“Cybersecurity focuses on the implementation of capabilities and controls such as identification, detection, protection and so on, whereas resilience relates to the ability to withstand attacks, bring appropriate response and ability to recover swiftly,” said Mansur Abilkasimov, vice president of Cyber and Product Security Strategy and Governance at Schneider Electric.
Need for cyber resilience is real
Hale points out that one of the classic cases of a lack of cyber resilience is the Colonial Pipeline incident a few years back (Figure 2). “There was a ransomware attack on the company’s IT department and while OT systems remained up and capable of running, the company shut down completely for about four or five days ‘out of an abundance of caution.’ The real reason was the company’s billing system was run on the IT side and if that was held for ransom, the company could not bill its customers and therefore not make any money, so they had to shut everything down. Even though OT was not affected, they had no plan on what they should do to stay running in case of an attack.”
Roy Kok, senior partner and Alliances specialist CLPA at Mitsubishi Electric Automation Inc. said that cyber resilience becomes an interesting challenge for Mitsubishi Electric going forward “because we’re the only company that’s offering combined networking. Most industrial automation companies have a control network and an information network, the control network being focused on deterministic performance and also being dedicated to doing the control. And then of course, the information network is open to the IT world, performance management, quality and so on.”
With combined networking, cyber resilience is increasingly important. “Our protocol is called CC-Link IE TSN. IE stands for ‘industrial Ethernet.’ TSN [time-sensitive networking] is the enhancement to the Ethernet spec that happened back in 2016, which allows you to have deterministic performance. It’s like setting up a private channel on Ethernet that guarantees that your control will have deterministic performance regardless of anything else on the network. The spec has been enhanced to allow scheduling of communications, which means that means devices on a network know when they have an opportunity to speak—traffic shaping.”
-
GE SR745-W2-P1-G1-HI-A-L-R-E Feeder protection relay -
GE IS230TNDSH2A Discrete Output Relay Module Brand -
GE Fanuc IS200TDBSH2ACC Mark VI Terminal Board Brand -
GE PMC-0247RC-282000 350-93750247-282000F Disk Drive -
GE PMC-0247RC-282000 350-93750247-282000F Disk Drive
-
GE VMIVME-1150 Serial Communications Controller -
GE VMIVME-5576 Fiber-Optic Reflective Memory with Interrupts -
GE VMIC Isolated Digital Output VMIVME-2170A -
GE MULTILIN 760 FEEDER MANAGEMENT RELAY 760-P5-G5-S5-HI-A20-R-E -
GE IS200AEPAH1BKE IS215WEPAH2BB Printed circuit board -
GE IS210BPPCH1A Mark VIe I/O Pack Processor Card -
GE IS220PRTDH1A 336A4940CSP6 High-Performance RTD Input Module -
GE IS220PDIAH1BE 336A5026ADP4 Discrete Input Module
-
GE IS420ESWBH3A IONET Switch Module -
GE 516TX 336A4940DNP516TX 16-port Ethernet switch -
GE EVMECNTM13 Embedded control module -
GE EVPBDP0001 EVPBDP032 control module -
GE Hydran M2-X Enhanced Monitoring with Extended Sensor Life -
GE UR6CH Digital I/O Module -
GE IC695CPU315-CD Central processing unit -
GE 531X305NTBAMG1 DR Terminal Board -
GE 531X305NTBALG1 NTB/3TB Terminal Board 531X Series -
GE 531X305NTBAJG1 NTB/3TB Terminal Board. -
GE 531X305NTBAHG1 NTB/3TB Terminal Board 531X -
GE 531X305NTBAEG1 is a PCB that functions as a DR terminal board. -
General Electric 531X305NTBACG1 NTB/3TB Terminal Board 531X
-
GE Digital Energy D20 Analog Input Module -
GE 94-164136-001 main board Control board -
GE 269 PLUS-D/O-100P-125V Digital motor relay -
GALIL DMC-9940 High-performance motion controller -
FUJI NP1BS-08 base plate -
FUJI NP1Y32T09P1 Transistor drain type digital output module -
FUJI NP1Y16R-08 Digital Output Module -
FUJI NP1X3206-A High-speed digital input module -
FUJI NP1AYH4I-MR current output module -
FUJI NP1S-22 Power module redundancy -
FUJI RPXD2150-1T servo drive module -
FUJI FVR008E7S-2UX Ac frequency converter -
FUJI Ac frequency converter FVR008E7S-2 -
FUJI FVR004G5B-2 Small general-purpose frequency converter -
FUJI A50L-2001-0232 Industrial control module -
FUJI A50L-001-0266#N High-performance servo amplifier -
Honeywell FS7-2173-2RP Gas sensor -
Honeywell 10106/2/1 Digital Input Module in Stock -
FRCE SYS68K CPU-40 B/16 PLC core processor module -
Foxboro FBM I/O cards PBCO-D8-009 -
Foxboro AD916AE Digital Control System (DCS) Module -
GE SR750-P5-G5-S5-HI-A20-R-E Multilin Relay -
.jpg)
FOXBORO H90 H90C9AA0117S Industrial Computer Workstation -
.jpg)
FOXBORO RH928AW | I/A Series Relay Output Module -
.jpg)
Foxboro N-2AX+DIO Multi-functional input/output module -
Foxboro RH924WA FCP280 Fiber Optic Network Adapter -
FOXBORO H92 Versatile Hardware Component In -
Foxboro FBM218 P0922VW HART® Communication Redundant Output Interface Module -
Foxboro E69F-TI2-J-R-S E69F Series Current-To-Pneumatic Signal Converter -
Foxboro E69F-BI2-S Converter -
.jpg)
Foxboro H92A049E0700 The host of the DCS control station -
Foxboro H90C9AA0117S Industrial computer workstation -
Foxboro RH101AA High-performance industrial control module -
Foxboro P0922YU FPS400-24 I/A Series Power supply -
.png)
FOXBORO P0973LN Chassis-based managed switch with independent power supply -
.jpg)
FOXBORO P0926PA Input/output module -
Fanuc A06B-6050-H402 3 AXIS ANALOG AC SERVO DRIVE -
.jpg)
FOXBORO L0130AD L0130AE-0H Power module group -
_lVjBYb.jpg)
FOXBORO 0399085B 0303440C+0303458A Combination Control Module -
FOXBORO SY-0399095E (SY-0303451D+SY-0303460E) Process control board -
.jpg)
FOXBORO 0399071D 0303440C+0303443B Input/Output (I/O) Module -
.jpg)
FOXBORO RH924UQ Redundant Controller module -
FFOXBORO E69F-TI2-S current pneumatic converter -
FOXBORO FBM219 RH916RH Discrete I/O Module -
FOXBORO FBM227 P0927AC Module -
.jpg)
FOXBORO 0399144 SY-0301059F SY-1025115C/SY-1025120E I/O module -
.jpg)
FOXBORO SY-60399001R SY-60301001RB Industrial Control Module -
FOXBORO 0399143 SY-0301060R SY-1025115C SY-1025120E Combined control board -
FOXBORO 873EC-JIPFGZ electrodeless conductivity analyzer -
FOXBORO P0916PH (High-density HART I/O Module) -
FOXBORO 870ITEC-AYFNZ-7 Intelligent Electrochemical Transmitters -
FOXBORO Compact FBM240. Redundant with Readback, Discrete -
FOXBORO FBM208/b, Redundant with Readback, 0 to 20 mA I/O Module -
FOXBORO FBM201e Analog Input (0 to 20 mA) Interface Modules -
.jpg)
FOXBORO P0916WG Terminal cable -
FOXBORO P0926MX 2-Port Splitter -
.jpg)
FOXBORO AD908JQ High-Frequency Module -
.jpg)
FOXBORO AD916CC Processor module -
Foxboro DCS FBM206 Pulse Input Module -
FOXBORO FBM216 HART® Communication Redundant Input Interface Module -
Foxboro p0903nu 1×8 unit sub-component module -
Foxboro P0911SM Industrial control module -
Foxboro CM902WM I/O module -
Foxboro CM902WL Power module -
Foxboro P0972VA Industrial Control Module -
Foxboro Z-Module Control Processor 270 (ZCP270) -
Foxboro PO916JS 16-channel terminal block module -
Foxboro PO911SM High-performance digital/analog input/output module -
Foxboro P0972PP-NCNI Network Interface Module -
.jpg)
FOXBORO P0971QZ controller module -
FOXBORO P0971DP Thermal resistance input/output module -
FOXBORO P0970VB Cable connector -
FOXBORO P0970EJ-DNBX Dual-node bus expansion module -
FOXBORO P0970BP Redundant power supply system -
.jpg)
FOXBORO P0970BC-DNBI DeviceNet bus interface module -
.jpg)
FOXBORO P0961FX-CP60S Main control CPU module -
.jpg)
FOXBORO P0961EF-CP30B Network Interface Unit -
.jpg)
FOXBORO P0961CA Optical fiber local area network module -
.jpg)
FOXBORO P0961BD-GW30B gateway processor module -
.jpg)
FOXBORO P0961BC-CP40B/I/A Series high-performance control processor module -
FOXBORO P0960JA-CP40 High-performance control processor
-
FOXBORO P0926TM Control module
-
FOXBORO P0916BX Termination Assembly -
.jpg)
FOXBORO P0916AE P0916AG P0916AW Thermal resistance input type DCS card module -
FOXBORO P0916AC FOXBORO distributed control system (DCS) compression terminal assembly -
.jpg)
FOXBORO P0912CB High-performance interface module -
.jpg)
FOXBORO P0911VJ Thermal resistance input output module -
.jpg)
FOXBORO P0911QH-A High-precision module -
FOXBORO P0911QB-C P0911QC-C Thermal resistance input/output module -
FOXBORO P0904BH P0904FH P0904HB Distributed Control system (DCS) module -
FOXBORO P0903ZP P0903ZQ Embedded System Debugging Module -
Foxboro P0903ZL P0903ZN Industrial power module -
Foxboro P0903ZE I/A Series Fieldbus Isolator Module -
FOXBORO P0903NW Industrial Control Module -
.jpg)
FFOXBORO P0903NQ Industrial power module -
FFOXBORO P0903AA Control Module -
FOXBORO P0400DL Digital output module -
.jpg)
FOXBORO P0400BJ Digital output module -
FOXBORO GW30 industrial control module -
FOXBORO FBM231 Communication Output Module -
FOXBORO Fieldbus Communications Module, FCM10Ef -
FOXBORO Fieldbus Communications Module, FCM10E
