Managing Security for Application Server

This section provides a general overview on how to securely deploy your AVEVA software product as an Industrial Control Systems (ICS) application.

This section is not meant to be comprehensive, and it does not provide any detailed instructions. It is only a collection of basic concepts and recommendations that you can use as a checklist to secure your own systems. If you need help with a specific item in this guide, see the official documentation for that item -- for example, if you need help with your anti-virus software, see the documentation for that software.

AVEVA's approach to securing site networks and ICS software is driven by the following principles:

• View security from both Management and Technical perspectives

• Ensure that security is addressed from both IT and ICS perspectives.

• Design and develop multiple network, system and software security layers.

• Ensure industry, regulatory and international standards are taken into account.

• Aim to prevent security breaches, supported by detection and mitigation.

These principles are realized by implementing the following security recommendations:

• Prevent security breaches using the following components:

  • Firewalls

  • Network-based intrusion prevention/detection

  • Host-based intrusion prevention/detection

• Segregate IT and Plant networks

• Include a clearly defined and clearly communicated change management policy. For example, firewall configuration changes.

  Note: AVEVA strongly recommends following the guidelines prescribed by the U.S. Department of Commerce for securing ICS software. The document "Guide to Industrial Control Systems (ICS) Security" [NIST Special Publication 800-82 Revision 2] (https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-82r2.pdf) provides detailed information about ICS, typical system topologies, security threats and vulnerabilities, and recommendations for implementing security measures.