Article | REF: S8257 V1

Cybersecurity of Industrial Control Systems. SCADA and Industrial IoT

Author: Jean-Marie FLAUS

Publication date: November 10, 2018

You do not have access to this resource.
Click here to request your free trial access!

Already subscribed? Log in!


Overview

Français

ABSTRACT

The cybersecurity of industrial facilities and Internet of Things systems is a very important issue. Systems are increasingly interconnected, and attacks are becoming more numerous. Consequences can be dramatic. This article explains the specifics of these systems and describes their main vulnerabilities. It then reviews the main standards and guides, before presenting the methods and technical solutions that make it possible to implement a risk management approach.

Read this article from a comprehensive knowledge base, updated and supplemented with articles reviewed by scientific committees.

Read the article

AUTHOR

 INTRODUCTION

In today's world, many physical systems are driven by computer systems. Almost all industrial systems, water and energy distribution systems, transportation systems and even everyday appliances are in this category. These systems are increasingly interconnected via the Internet, making them a major target for malicious computer attacks. The consequences can range from a production stoppage or loss of service, in the case of a manufacturing site or an electrical power distribution infrastructure, to the endangerment of human life, in the case of a high-risk chemical site or a vehicle.

Project Aurora, in 2007, demonstrated that a software modification could lead to the physical destruction of a facility. Shortly afterwards, in 2010, the notorious Stuxnet virus led to the destruction of Iran's uranium separation facilities.

This threat is therefore real, and control of this cyber risk by critical infrastructure operators, industrial plant operators and product manufacturers is becoming unavoidable. This is all the more the case now that public authorities have begun to introduce regulations such as the NIS Directive, which applies from 2018.

However, the cybersecurity of industrial plants poses specific problems in relation to information processing systems.

This is because operating constraints are different, the life cycle is longer, which means that existing equipment has to be taken into account, equipment is very heterogeneous, and the culture of those involved is not the same as in the IT world.

To help manufacturers in their approach, various standardization bodies and institutes in charge of digital security have proposed standards and guides. One of the most important standards is the IEC 62443 developed by ISA.

In this article, after detailing the specific features of industrial facilities and their main vulnerabilities, we present the main approaches and methodological and technical solutions for managing cybersecurity risks.

You do not have access to this resource.

Exclusive to subscribers. 97% yet to be discovered!

You do not have access to this resource.
Click here to request your free trial access!

Already subscribed? Log in!


The Ultimate Scientific and Technical Reference

A Comprehensive Knowledge Base, with over 1,200 authors and 100 scientific advisors
+ More than 10,000 articles and 1,000 how-to sheets, over 800 new or updated articles every year
From design to prototyping, right through to industrialization, the reference for securing the development of your industrial projects

This article is included in

Safety and risk management

This offer includes:

Knowledge Base

Updated and enriched with articles validated by our scientific committees

Services

A set of exclusive tools to complement the resources

Practical Path

Operational and didactic, to guarantee the acquisition of transversal skills

Doc & Quiz

Interactive articles with quizzes, for constructive reading

Subscribe now!

Ongoing reading
Cybersecurity for industrial facilities