Please ensure Javascript is enabled for purposes of website accessibility
Powered by Zoomin Software. For more details please contactZoomin

AVEVA™ System Platform

TABLE OF CONTENTS

AVEVA security perspective

Save PDF
Save selected topicSave selected topic and subtopicsSave all topics
Share
Share to emailCopy topic URL
  • Last UpdatedAug 12, 2024
  • 2 minute read

Information systems in manufacturing facilities are evolving rapidly. The evolution of information systems is driven by the need of manufacturers to integrate with business/ERP and production systems, provide access to production data across the enterprise (both from inside and outside the environment), and reduce system maintenance costs.

Security risks also evolve as new vulnerabilities and targets are discovered in the various systems.

Numerous incentives exist to protect a control system:

  • The technical knowledge, skills and tools required to penetrate your IT and plant systems are widely available.

  • Regulatory mandates and government guidelines

  • Guidelines and best practices for securing plant control systems from advisory groups, such as the ISA SP99 committee, IEC 62433, NIST Process Control Security Requirements Forum (PCSRF), North American Electric Reliability Corporation (NERC), etc.

The AVEVA approach to site networks and control system security is driven by the following principles:

  • View security from both Management and Technical perspectives.

  • Ensure security is addressed from both IT/IS and Control System perspectives.

  • Design and develop multiple network, system, and application security layers.

  • Ensure industry, regulatory and international standards are taken into account.

  • Prevent security breakdowns and intrusions in critical in plant control systems, and detect these issues if and when they occur.

Realizing these principals is accomplished by implementing the following security recommendations:

  • Maintain a prevention philosophy to support security policies and procedure/s using the following security components:

    • Firewalls

    • Network-based intrusion prevention/detection

    • Host-based intrusion prevention/detection

  • Include a clearly defined and clearly communicated change management policy, for example, firewall configuration changes.

  • Converge IT and plant networks.

  • Maintain secure and insecure protocols on the same network.

  • Enforce monitoring, alerting and diagnostics of plant network control systems and their integration with the corporate network.

  • Move to an off-platform data collector in a DMZ.

  • Retain forensic information to support investigation/legal litigation.

  • Enable secure connectivity to wireless devices.

TitleResults for “How to create a CRG?”Also Available in