Addressing ISA/IEC-62443 Cyber Security

PUBLISHED ON Feb 19, 2014


Cyber Security Concept.ISA/IEC-62443 is a series of standards, technical reports, and related information that define procedures for implementing electronically secure Industrial Automation and Control Systems (IACS). This guidance applies to end-users, system integrators, security practitioners, and control systems manufacturers responsible for manufacturing, designing, implementing, or managing industrial automation and control systems.

A number of strategies may be employed to achieve the improved Cyber Security levels described in ISA/IEC-62443. One of the most effective strategies is the implementation of a system-wide whitelisting solution. With whitelisting, administrators create lists of all acceptable Executables, DLL’s, Users, Devices, Trusted sources, etc. for each endpoint asset (computer). Anything other than the listed objects (down to the kernel level) is blocked by the whitelisting engine. This is a very effective strategy for process control systems because this content tends to be very stable over time. Therefore we achieve a high level of protection with a relatively low cost and low maintenance solution.

NovaTech Automation has recently implemented our preferred whitelisting solution at a major specialty chemical customer site in the United States. The solution utilizes the Bit9 Security Platform running on all D/3® Distributed Control Systems (DCS) server and client assets. The solution provides a significant improvement with respect to control system Cyber Security and aligns with the customer’s corporate IT standards for computer and network Cyber Security. The whitelisting platform has minimal impact on system administrators, is easily managed, and provides a corporate-wide platform to prevent, detect, and report on cyber-attacks.

In the initial planning phases of the project, the NovaTech Automation team met with the client’s process control engineers and IT staff to identify and define project challenges, goals, and schedules. These challenges included:

  • Implement whitelisting Cyber Security in the background with no interruption on process control system integrity or production
  • Develop specific D/3 security policies, whitelists, rules, and filters that comply with corporate standards and methods
  • Design and develop the system over the period of three months; installation and commissioning in less than three days

Bit9 Parity Suite

The team defined the whitelists and grouped D/3 DCS computer assets by “policy.” A low impact “Monitor” policy was established first. This policy allowed engineers to develop and test protection schemes without impacting process control.

Next, a “Prompt” policy was enacted as an increased level of enforcement. This medium-security policy is referred to as a “Block-and-Ask” policy. Operations not adherent to this policy are challenged by a notification alerting the system administrator of an unapproved action by the system.

After all of the rules and policies were set, views were constructed using pre-defined filters. These views allow administrators to easily view and quickly identify the most pertinent information with respect to system cyber security performance. Furthermore, the system provides an “Alert” tool to create custom alert notifications in order to inform system administrators of default and designated changes to the whitelisting database. Alert occurrences are then stored in an alert database which can be configured to automatically distribute critical alerts by email, text or page.

By incorporating the Bit9 Security Platform into the D/3 DCS, NovaTech Automation is able to offer forward-thinking Cyber Security solutions to address ISA/IEC-62443 compliance and one more American chemical manufacture is better protected against cyber-attacks.