More and more industrial sites are taking advantage of Ethernet as a mature, end-to-end, standards- based networking, communications and data transmission protocol because it offers convenience and efficiency that bring higher performance and lower cost. In addition, the standards that are in place support interoperability among many competing equipment vendors as well as world-wide interconnectivity. At the same time, more extensive use of Ethernet/IP and other well-documented protocols will make hacking and disruption easier if adequate security measures are not taken. Password protection, encryption, access authorization and firewalls are some of the many tools available to protect against cyber invasion.
INDUSTRIAL SECURITY INITIATIVES
While there are similarities between security in enterprise business IT systems (which protects activities such as bank and stock transactions and on-line purchases), and that required by industrial control systems, several groups have been chartered to address the technology opportunities and challenges specific to industrial applications. At the broadest level, the Instrumentation Systems and Automation Society (ISA) and the National Institute of Standards and Technology (NIST) are looking at overall security practices for industry. (See APPENDIX A)
On a more specific industrial level, there are groups such as the North American Electric Reliability Council, which has been named by the US DoE as the electric energy sector’s coordinator for critical infrastructure protection. The NAERC’s Critical Infrastructure Protection Committee addresses security concerns and provides guidelines and requirements for utility systems including SCADA and EMS.
ETHERNET SECURITY – THE SWITCH VENDOR’S OPPORTUNITY
No single vendor or single technology is going to make industry safe from intentional cyber attacks. Nonetheless, it is critical that vendors of industrial equipment look at ways in which to support the overall security effort. Standards-based Ethernet networks, with cost effective hardware and software available from many competing vendors, can make a significant impact. For example, leading Ethernet switch vendors are adding security in the switch with IEEE and other standards support for security features.