Environments with industrial or automation control systems are built to ensure process availability and resilience. Availability is defined as "the quality of being able to be used or obtained" and resilience as "the capacity to recover quickly from difficulties; toughness." These days, these definitions do not necessarily take into consideration the rampant connectivity happening today within automation environments.
So, what happens to availability and resilience when process control technologies are connected to an ethernet network and become digital, cyber assets? Organizations must immediately change their perception of threats and risk and ask: How do control environments achieve "cyber availability" and "cyber resilience?" The answer is as complex as the multitude of different types of industrial and automation control system environments.
Steps to Ensure Availability, Resilience
For complex systems, the best road to availability and resilience is to break the system down into simpler parts and manage each as a part of the whole. For example, an electric utility may have separate electrical substations and natural gas compressor stations with a central control center that receives information from all remote locations. The approach to addressing these parts depends on your role in the organization and whether you will provide systemic change (strategic efforts) or tactical change (technical implementation). Tactical changes provide rapid risk reduction at a specific location while systemic changes address an organization’s cultural behavior.
For environments rushing to address the rapid deployment of control environments that are remotely accessible from the internet, the efforts of strategic and tactical teams must be coordinated to ensure these systems are resilient to attack and remain available. A plan that focuses on defense-in-depth, process recovery plans, and network service reduction is one approach to consider.
Risk reduction requires knowledge of deployed assets and current operational procedures at each location. This information is necessary to implement a defense-in-depth methodology that prepares for process recovery while reducing risk from external threat actors. You cannot protect what you do not know; a list of hardware and software assets, categorized by criticality, will provide a team with the starting point for evaluating the current implementation.
Process recovery plans need to be regularly reviewed and updated to address a prioritized list of digital network and fieldbus communications that include remote access, critical server and application unavailability, compromised credentials, and protection of device configurations. Many processes can be run manually for specific time periods. However, safe operations these days have heavy reliance on information from remote assets, require management from a central control center, or depend on administration by integrator-provided subject matter experts (SMEs).
Read more here.