Security: The Difference Between IT and Industrial Control

Nov. 1, 2012
While some computer security processes are far reaching in terms of their use across industries and applications, industrial control systems require additional precautions.

When your “nail” is computer system security, the “hammer” is often commercial IT security measures. And though a good dose of IT security is essential to industrial control system security, successfully securing a control system requires additional steps.

A recent release from Tofino Security highlighted the unique aspects of industrial control systems that set their security measures apart from most IT systems. Some of these factors included control systems placement on the plant floor, rather than a climate controlled data center; their potential for placement in or close to hazardous environments; plus the fact that the average life span of equipment on the plant floor is measured in decades rather than a few years.

Referencing information from a Belden Industrial Ethernet Infrastructure Design Seminar, the Tofino release boiled down the differences between IT and ICS (industrial control system) security solutions to the fact that each system has different:
• Performance requirements;
• Reliability requirements;
• Operating systems and applications;
• Risk management goals;
• Security architectures; and
• Security goals.

Security goals are an essential difference between the two.  For example, the number one goal of IT security is focused on privacy, i.e., protecting the data; whereas the number one goal of ICS security is based on safety, i.e., protecting the process. An image attached to this story highlights the ranking in priority of system concern differences between IT and ICS.

To help clarify the differences in security requirements for ICSs, three major categories of ICS security issues are outlined in the seminar. Those issues are:

Soft Targets. According to Belden, control networks are full of what are known as  “soft” targets – devices vulnerable to disruption through their network interface. The PCs in many plants run for weeks or months without any security updates, and some even operate without any anti-virus tools. In addition, many of the controllers in these networks were designed in an era when cyber security was not a concern; as a result, many of these devices can be disrupted by malformed network traffic or even by high volumes of proper traffic.

Multiple Pathways. Many control networks have multiple pathways through which cyber security threats can enter the plant. These pathways often bypass existing security measures in the plant, and some don’t even appear on a network diagram. For example, laptop computers carried in and out of facilities, or USB keys that move from one PC to another. These can easily bring malware into the plant and rapidly spread it from one system to another.

Flat Networks. Many ICS networks are still implemented as large, “flat” networks with no isolation between unrelated subsystems. This means that if a problem occurs in one part of the plant, it can spread very quickly to other unrelated subsystems and even to remote plant sites.

Companies in this Article

Sponsored Recommendations

Understanding and Using E-Stops

E-stops, or emergency stop switches, are used to ensure machine as well as personnel safety. They are used to provide a consistent and predictable failsafe response on a wide ...

Demystifying motor disconnect switches: What are they and how are they used?

From conveyor belts to drum mixers, motors are used in virtually every industrial application to drive machinery. Equipment downtime is the main motivation behind monitoring and...

Full Line of DIN Rail Terminal Blocks Video

Altech offers an extensive line of DIN Rail Terminal Blocks including all major Connection Technologies available in the industry to meet requirements for a vast variety of applications...

The Value of Integrating DIN Rail Cylindrical Fuse Holders Into Your Designs

What short circuit currents do I have to consider when purchasing a DIN rail cylindrical fuse holder? That data is available from the manufacturer. For example, Altech cylindrical...