Way Forward towards System under Consideration (SuC) Challenges (Part-2)
Amit Singh
Sr. Control Systems & Instrumentation Engineering Professional I Functionally Safe & Cyber Secured Critical OT Infra Engineering Specialist I IEC 61511 FSE Certified TUV I ISA99/IEC 62443 Certified Fundamental Specialist
In my previous article I have tried to explain definition and boundaries of IACS system under consideration in-line with IEC62443 and associated challenges. In this part, I will try to explain how to deal with such challenges.
Basically, I will break-up ICS/IACS system under consideration in two parts as shown in above pictorial. One which is already existing with critical infrastructure since decades and other which is planned to take birth as a part of new planned facilities since inception and conceptualize from scratch.Later case is much more systematic and straightforward while the complexity of challenges mainly remains with already existing system(s) and associated architecture.
One of the key challenges drivers is aging of existing Legacy System and associated sub-system interfaces. Over the time evolution of Industrial Automation and Control System technologies have taken unprecedented shift be it interconnectivities beyond enterprise and to open world OR disruption in legacy way of maintaining life cycle, be it advancement in components and system design in terms of inherent capabilities OR way doing the things, be it conservativeness mindset OR more open challenging environment ever.
Over the time existing reference architecture alteration is one of the obvious inevitable acts and nonavailability of stringent management of change process is one of the loopholes. These days another biggest hurdle is also nonavailability of as-built documentation and "IACS Asset Inventory" which is one of the key while analyzing OR organizing the risk assessment. Hence an immediate measure needed to strengthen MOC process, as-built creation & thorough population of asset inventory.
Over the time "Purdue Enterprise Reference Architecture" model have been much more mature in-line with IEC62443 guidelines. One of the disruptive changes which is seen over the time is flow of information over Organization enterprise OR even beyond due to global geographic presence, expanded life-cycle remote support which is non-stoppable and need of time in such a globalized business era. Still biggest gap which is identified in present time is nonavailability of isolation buffer zone/demilitarized zone, deployment of firewalls and right way of implementation/rulesetting with reference to layered reference system architecture which strengthening is immediate need of time. Zoning & Conduiting is even beyond however same shall be hardened to minimize the risk gradually over the time (a strategy needs to be established).
领英推荐
21st century remains the unprecedented technological disruption which is never ever witnessed with such a fast pace if we compare last couple of decades. In previous decade technological shift happen but in gradual manner. Following are few key changes I would like to list out:
What I am just trying to highlight is that what were employed decades ago is no more sustainable from future perspective as well as maintaining the statuesque. Hence strategic migration in consideration to enhanced reference architecture is the key at least move closure to the future of reality.
In summary Brownfield Legacy IACS systematic system hardening, upgrades & phased migration in consideration to IEC62443 is only the key to sustain in future not only from security point of view but also to remain in the race of change.
Further strategic evaluation & planning of system hardening / upgrades & migration is another deeper area to dive-in and Greenfield critical IACS infrastructure is totally different strategy all about which I would like to cover-up with another post. Hence keep following-up.
OT/ICS Cybersecurity | Author | GICSP
3 个月Nice explantion Amit Singh