Cybersecurity considerations for electrical distributionsystems
Introduction
Every day, cyber-attacks against government and commercial computer networks number in the millions. According to U.S. Cyber Command, Pentagon systems are probed 250,000 times per hour. Similar attacks are becoming more prevalent on other kinds of information-based smart networks as well, such as those that operate buildings and utility systems. Whether the objective is to steal intellectual property or halt operations, the tools and the techniques used for unauthorized network access are increasingly sophisticated.
Connectivity—whydoweneed to address cybersecurity for industrial control systems (ICS)?
There is increasing concern regarding cybersecurity across industries where companies are steadily integrating field devices into enterprise-wide information systems. This occurs in discrete manufacturing and processes industrial environments, a wide range of general and specific purpose commercial buildings, and even utility networks. Traditionally, electrical systems were controlled through serial devices connected to computers via dedicated transceivers with proprietary protocols. In contrast, today’s control systems are increasingly connected to larger enterprise networks, which can expose these systems to similar vulnerabilities that are typically found in computer systems. The differences between information technology (IT) and ICS networks can be summarized as follows:
• The main focus of the IT network is to ensure the confidentiality and the integrity of the data using rigorous access control and data encryption
• The main focus of the ICS network is the safety, availability, and integrity of data
• Enterprise security protects the servers’ data from attack
• Control system security protects the facility’s ability to safely and securely operate, regardless of what may befall the rest of the network