Process Control Networks Digital Security Id=ssues
I've wrote down some notes here and i just hope its right (you are more than welcomed to evaluate , add, modify, and let me know what do you think )
We must respect the following rules when working around production Control Systems:
>>=No Connection of any type should be established between Business network & Control network , sound practice is a complete physical separation
>>=Control network not to be connected with operator network
>>=Different control network are to be kept separated
>>=ABB DCS networks are to be kept separated
>>=Control networks traffic to be kept separated from user network traffic , especially at the Radio level or around it.
kindly review attached & let me know you feedback
Cyber Security is not an easy topic to discuss casually on a forum thread.
I agree with your notes, but there are probably a lot more to think about if hardening against intrusion is desired.
Isolating outside networks (internet, office, etc) from the control system networks (plant network, control network, backbones, etc.) is recommended. Isolation must be properly made, e.g VLAN is not a very secure method to keep two networks apart.
Today, when practically every employee inside an otherwise access controlled facility is carrying a personal phone capable of internet connection sharing introduces new "a rouge on the inside" sponsored attack vectors. A harmless TeamViewer session could in the next moment also be hosting a VPN tunnel to wherever...
If you need to discuss cyber security, please ask your regional ABB sales representative for assistance with getting in reach with our Cyber Security staff.
ABB can also offer Security Fingerprint auditory services.