Sign Up for FREE Daily Energy News
Canadian Flag CDN NEWS  |  US Flag US NEWS  | TIMELY. FOCUSED. RELEVANT. FREE
  • Stay Connected
  • linkedin
  • twitter
  • facebook
  • youtube2
BREAKING NEWS:

Copper Tip Energy Services
Vista Projects
Vista Projects
Copper Tip Energy


Not All Built-in Cyber Security is Equal: 13 Questions for Your Automation Vendor

December 23, 2019 EnergyNow Media

These translations are done via Google Translate
Print 🖨

Bedrock Automation Feature Logo 400x270

ROBERT BERGMAN,  Bedrock Automation

If any of today’s large vendors of automation systems offer cyber security protection, odds are good that it has been bolted on after the fact. Cyber security was not an issue when these systems were originally designed, so swapping them out now would be a major challenge for both the vendor and the end user. But those systems are due for update eventually and legacy vendors are now striving to build in as much security as they can.

Over the next several years, more and more companies will be claiming to offer some degree of built-in cyber security.  Although they will be guided somewhat by standards such as ISASecure (IEC 62443), each will likely interpret such standards differently and integrate them into their operations at different levels and degrees. As you evaluate your next PLC, SCADA RTU, DCS or other industrial control system claiming to have built-in cyber security, ask the following questions to determine if you are getting maximum protection.

  • Is there an embedded public key infrastructure (PKI) to manage an encryption and authentication of messages based on a known 3rd party root of trust?
  • Does the authentication support Transport Layer Security (TLS) 1.2?
  • Is encryption compliant with NMIST SP800-57, Suite B?
  • Does the system have secure boot?
  • Does security extend to sub-components as well as to the device itself?
  • Is there anti-tamper protection at the component level?
  • Are the modules all-metal, anti-tamper, sealed and FIPS 140-2 compliant?
  • Does the system use a pin-less I/O backplane?
  • Is the system firmware secure and protected?
  • Are open communications protocols such as OPC UA and MQTT secure and protected?
  • Does the system have a secure component supply chain?
  • Does the system have the built-in bandwidth to support high-performance hardware accelerators without disrupting performance?
  • Is the security included in the basic cost of the control system?

For a truly intrinsically secure control system, the answers to all these questions must be yes. For more detail on them and many other essential components of an intrinsically secure system, Bedrock Automation offers a free white paper: Chapter Three: Intrinsic Cyber Security Fundamentals.

 

Not All Built-in Cyber Security is Equal - 13 Questions for Your Automation Vendor

Bedrock Automation’s OSA industrial control system has an embedded PKI that manages authentication and encryption using the same cyber security technology that protects military and aerospace applications. For more information visit bedrockautomation.com.



Share This:


Previous Article

 

Next Article

 

More News Articles


FEATURED EVENT

 

Offshore Technology Conference 2024
Gastech 2024
Gastech 2024
Offshore Technology Conference 2024

GET ENERGYNOW’S DAILY EMAIL FOR FREE

 

ABOUT ENERGYNOW

EnergyNow.com is an energy news media service dedicated to providing information on the U.S. energy sector's latest news, technology, innovations, commentaries, events, data and press releases. From oil & gas, to renewables, to the energy transformation, we've got it for you right here and right now!

Help us to improve EnergyNow, Give us your feedback

 GIVE US FEEDBACK

Quick Links

  • Stay Connected
  • linkedin
  • twitter
  • facebook
  • youtube2

USEFUL LINKS