The move by most, if not all, DCS vendors towards “open systems” and the resulting incorporation of off-the- shelf technologies represented a significant shift in control system design. System integration became easier, product development by manufacturers was accelerated, and training was simplified as it leveraged common tools and concepts. While the benefits have been tremendous, at the same time, open technology has now allowed control systems to be exposed by frequent and significant security vulnerabilities, putting production, assets, and human safety at risk. Gone are the days of proprietary operating systems and communication busses, isolated systems, and inherently secure processing environments.
A detailed cyber risk assessment will rigorously evaluate the Industrial Automation Control System (IACS) and ensure the design and procedures are capable of satisfying the corporate risk criteria. To do this, identification of the potential threat vectors and associated countermeasures is essential.