Table of Contents Table of Contents
Previous Page  714 / 1143 Next Page
Information
Show Menu
Previous Page 714 / 1143 Next Page
Page Background

Institute of Measurement and Control. Functional Safety 2016

Page 4

IT is focused on, in order of priority,

Confidentiality-Integrity-Availability

whereas OT needs a

different priority order namely

Availability-Integrity-Confidentiality

.

For example while it may be acceptable to routinely patch IT related operating systems as soon as

patches are available, for OT there will need to be a degree of assurance that the patch will not

adversely affect the operation and safety of the process. Applying OS patches must be done in

conjunction with vendor recommendations after the patches have been tested for compatibility.

Typically the higher up the automation hierarchy, the more the dependence on IT technologies so a

cross-over of expertise becomes necessary. OT needs to become more expert in the world of IT and

the IT department, where the expertise on cyber security has traditionally resided, needs to

understand and be more involved in meeting the more availability focussed, real-time requirements

of OT.

The emphasis on availability for OT makes for additional cyber security challenges. Implementing

operating system upgrades or IACS software upgrades requires investment and careful planning.

Which guidelines to follow?

Siemens focuses on the following guidelines as being most applicable:

·

NERC CIP

(North American Electric Reliability Corporation Critical Infrastructure Protection).

NERC Standards CIP-002-3 through CIP-009-3 provide cyber security framework for the

identification and protection of critical cyber assets to support reliable operation of the bulk

electric system.

·

WIB M-2784

. WIB Report: M 2784 - X-10, version 2.0. This document specifies requirements

and gives recommendations for IT security to be fulfilled by vendors of process control and

automation systems to be used in process control domains (“PCDs”).

·

IEC 62443 (under development)

internationally supported, it involves the component

supplier, asset owner, and systems integrator in the solution and supports a defence-in-

depth approach. It gives a holistic perspective of industrial security.

Of these Siemens views IEC 62443 as a leading standard because it is international in scope, vendor

neutral, and incorporates important elements from other relevant standards including WIB M-2784

and NERC-CIP. It supports a defence-in-depth approach and promotes involvement of all

stakeholders including the asset owner, system integrator, and component supplier.

IEC 62443 is holistic in nature and covers the following aspect.

Figure 2

1 708-709 710 711 712 713 714 715 716 717 718 719 720 1143  FlippingBook