Track Chair: Graham Speake
The modern day control system has morphed from the bespoke, proprietary systems of 30 years ago to sophisticated applications built on top a Microsoft Windows platform. The modern control room in a refinery or other industrial facility could equally well be located in the IT server room—Domain controllers, DNS and DHCP servers, firewalls, Anti-virus and Whitelisting servers, Microsoft Windows Server Update Servers. The control devices themselves may be proprietary, but often the communications to them is undertaken over networks with little security, such as Modbus/TCP.
The idea that industrial control networks can be or are isolated from the business network is hopefully long past. The business need (or want) to have data from the control networks flow upwards to the business network is growing every year. Companies now trade oil and gas as soon as it leaves the offshore platform and enters the pipe to the shore and do not wait until it arrives.
The threat to all companies is real whether it is from virus, worms, and other malware or from a determined hacker inside or outside your company. Large companies who take security seriously and have the luxury of budgetary and manpower availability are not immune from attack and compromise. In August 2012, for instance, Saudi Aramco (the world’s largest oil company) had to disconnect their systems from the Internet because of a virus outbreak and were still disconnected over seven days after the event. Although their industrial control systems were on isolated or firewalled networks and unaffected, disruption to their business network must have occurred as they have admitted over 30,000 computers were infected.
The pace we are moving forward in implementing new control systems is matched, if not exceeded, by the advances hackers are making. Control systems are not unknown systems anymore, and there are many conferences that devote all or part of their agenda to vulnerabilities and hacking of control systems—and ISA Automation Week is no exception.
If you develop, integrate, or operate a control system, for whatever reason or market, then you need to attend ISA Automation Week sessions and hear about the latest security countermeasures that are coming into the market. Additionally, hear from distinguished end-users who will tell you how they are managing their control systems in a safe and secure manner. Hear from two of the world’s largest oil companies, Chevron and Total. Chevron will give a presentation with regard to whitelisting and how it compares to traditional anti-virus technologies, while Total will be presenting on how to benchmark Process Control Security Standards.
