Abstract
Since Stuxnet, the focus of Industrial Control Systems (ICS) security audits has been in the field devices and controllers. However, the commonly use ISA-95 reference model for industrial integration contains four layers: enterprise resource planning, manufacturing execution, process control and field devices. This hierarchy usually shares network components and systems not only internally but also with various external systems like camera monitoring, premises security systems, building automation etc. From automation viewpoint these external systems create critical access path into the core automation. They have different operators and subcontractors but can share network infrastructure. The ICS security therefore should be viewed as a whole where the risk any device introduces must be considered not only by the ISA-95 level it operates on but also with the assets it shares within the company. This paper presents analysis of various ICS devices mapped against ISA- 95 levels. The analyses show that the shared components create a real security risk.
Original language | English |
---|---|
Title of host publication | International Conference on Computer Security in a Nuclear World: Expert Discussion and Exchange, 1-5 June, 2015, Vienna, Austria |
Publisher | INTERNATIONAL ATOMIC ENERGY AGENCY |
Number of pages | 8 |
Publication status | Published - 2015 |
Publication type | D3 Professional conference proceedings |
Event | International Conference on Computer Security in a Nuclear World: Expert Discussion and Exchange - Vienna International Centre (VIC), Vienna, Austria Duration: 1 Jun 2015 → 5 Jun 2015 |
Conference
Conference | International Conference on Computer Security in a Nuclear World: Expert Discussion and Exchange |
---|---|
Country/Territory | Austria |
City | Vienna |
Period | 1/06/15 → 5/06/15 |
Keywords
- Security analysis
- Industrial Control Systems
- shared resources
- ISA-95
ASJC Scopus subject areas
- Control and Systems Engineering
- Information Systems