ISA TR99.00.01-2004

Protecting manufacturing automation and control systems computer environments is absolutely critical. This ISA Technical Report provides recommendations and guidance for effectively using electronic security technology, and developing a site or corporate security program and plan for the manufacturing and control systems environment. It was developed by world-renowned cyber security and automation systems experts under the auspices of the ANSI accredited procedures of the ISA Standards and Practices Department.

This ISA Technical Report provides an evaluation and assessment of current types of electronic security technologies and tools that apply to the manufacturing and control systems environment (including development, implementation, operations, maintenance, engineering and other user services). It provides guidance to manufacturers, vendors, and security practitioners at end-user companies on the technological options for securing these systems against electronic (cyber) attack. It is the first ISA technical report in a series, and deals with analyzing technologies and determining applicability to securing the manufacturing and control systems environment.

This ISA Technical Report provides a current assessment of security tools and technologies that apply to the manufacturing and control systems environment. It describes several categories of security technologies, the types of products available in those categories, the pros and cons of using those products in the manufacturing and control systems environment, relative to expected threats and known vulnerabilities, along with preliminary recommendations and guidance for using those security technologies. Each technology is discussed in terms of:

• Security Vulnerabilities Addressed by the Technology
• Typical Deployment
• Known Issues and Weaknesses
• Assessment of Use in the Manufacturing and Control Systems Environment
• Future Directions
• Recommendations and Guidance
• References

The concept of manufacturing and control systems electronic security is applied in the broadest possible sense, encompassing all types of plants, facilities, and systems in all industries. Manufacturing and control systems include, but are not limited to:

• hardware and software systems such as Distributed Control Systems (DCS), Programmable Logic Controllers (PLC), Supervisory Control and Data Acquisition (SCADA) systems, networked electronic sensing systems, and monitoring, diagnostic, and assessment systems;
• associated internal, human, network, or machine interfaces used to provide control, safety, maintenance, quality assurance, and other manufacturing operations functionality to continuous, batch, discrete, and combined processes.

Similarly, the concept of cyber security technologies is also broadly applied and includes, but is not limited to, the following technologies:

• Authentication and Authorization
• Filtering/Blocking/Access Control
• Encryption
• Data Validation
• Audit
• Measurement
• Monitoring and Detection Tools
• Operating Systems

An additional non-cyber technology is an essential requirement for some aspects of cyber-security and is also discussed in this report.

• Physical Security Control

The need for protecting manufacturing and control systems computer environments has grown significantly over the last few years. The combination of open systems, an increase in joint ventures, alliance partners and outsourced services, growth in intelligent manufacturing equipment, increased connectivity to other equipment/software, enhanced external connectivity, along with rapidly increasing incidents of network intrusion, more intelligent hackers, and malicious software all lead to increased threats and probability of attack. As these threats and vulnerabilities increase, so does the need for protection of electronic manufacturing and control systems.

Get this definitive guide today developed by the world's experts working with the world's leading automation systems standards developer.