“A secondary corollary is alarm management. This may be more appropriate. Here is also the idea of reducing risk of an event (safety or financial) by ensuring that operators respond to actual process conditions rather than trying to sort through an alarm avalanche to determine what really is wrong. Thus alarm management is a work process, using a variety of hardware and software tools in order to reduce the risk of a process event being mishandled.”
Good and secure network architecture needs go through a complete risk assessment. There are two important steps in this risk assessment process.
Step 1: Risk Evaluation – threat analysis of the overall network architecture, such as identifying threats using checklists and establishing a risk level. Through a threats analysis, the level of vulnerability should be understood.
Step 2: Business Impact Analysis―balance the business needs on how much security is able to support your business objectives in the short term and long term
Another important aspect of a secure network for industry automation is the plant security life cycle. The plant security life cycle includes two key elements: security life cycle and plant life cycle. In order to achieve and keep the security level of all assets, a corporate policy should be in place to follow an appropriate procedure to ensure the security assurance level according to its cybersecurity management needs. Then, the corporate personnel should execute it through the design and engineering phase, testing and commissioning phase, and the operating and management phase after hand-over from vendor to the end user. Ensuring that people follow the guideline and enforce the action is also an important element of measuring security.
As an automation systems and instrumentation vendor, Yokogawa could broadly support our customers through all these phases, not just design and engineering, by offering system elements with a good security posture that have been certified with a public program or accredited with a proven security test, or a thorough in-house testing. We can also propose best practices for implementing a good security management system with the main control systems, such as a recommended network design and a recommendation of security controls deployment. Furthermore, it would be better if the best practices help these control systems comply with industrial standards, governmental regulations and corporate risk management systems. Yokogawa is not only able to provide technology to customers, but also services to help in implementing, operating and managing cybersecurity managementsSystems with industrial automation/ control systems.
By combining a resilient network architecture design with a complete risk assessment, along with the plant security life cycle, you can make your network secure enough to support your business objectives. Ultimately, it is a business decision as to what cost is required to reduce the risk to an acceptable level.
What is the difference between "compliance" and "security"?
Compliance is usually used to declare or measure conformance against a particular group of regulations or standards. Compliance can be part of a security program because a particular network element’s performance and robustness, including software and/or hardware can be accredited and tested.
However, security includes more than just compliance. Security is part of the network architecture, and the network provides the platform for security.
No comments:
Post a Comment