Targeted attacks and unintentional security breaches are no longer just the concern of corporate IT, but have become an urgent topic for plant process automation with its penetration of control systems. No one can accurately predict the cyber security threat for control systems. What we do know is, the potential is there, the technology behind it is rapidly evolving, and it is wise to take action. Because system security is influenced by a wide variety of different elements, many companies struggle to define the best strategy to mitigate these issues. A key element in defining the best strategy to approach system security is to define the areas in the system or organization that are vulnerable for cyber security breaches. Once these hazardous areas have been identified, a Cyber Security Assessment can be done on-site. This standardized assessment is based on a combination of industry standards, advanced services and security best practices. It gathers valuable information from different key players in the customers’ organization as well as critical computer configuration and settings. The results and recommendations of this assessment are used to define the Cyber Security Policy for the plant. The scope of this paper is to describe a case where the described methodology above has been applied in a real power plant.
展开▼