To effectively secure a facility, plant managers must take an inside-out approach—they must start with securing the heart of their plants (the process control network) and gradually build layers of cybersecurity protection that extend all the way to the property perimeter.
There are several thorough steps that must be taken to achieve these layers of protection and ensure effective integration, such as:
- A site vulnerability assessment
- Understanding available security systems
- Determining mitigation steps
- System implementation
A site vulnerability assessment determines possible holes in a plant’s overall security system and prioritizes improvement opportunities. When completed, the assessment will have examined the impact of a security breach and the effect it can have on security personnel and process operators and will have examined the gaps that exist in the plant’s physical security application.
After the site vulnerability assessment, a thorough understanding of the latest security technology is necessary to determine threat mitigation steps and how to fill the observed security gaps. Physical security subsets like access control, visitor management, video surveillance, and perimeter and intrusion control all factor in to the effectiveness of plant security, and the understanding of the latest technologies and their advancements is essential to having an effective, holistic approach to security.
Once vulnerabilities are categorized and prioritized, mitigation steps must be identified. Mitigation steps are unique to each site, but practices like strengthening the situational awareness of process operators and security personnel can help integrate process control and security systems. Security personnel are made more aware of non-security incidents, and process personnel are made more aware of security incidents. This type of compromise and awareness creates a more effective, holistic approach to industrial security.
System implementation will create an integrated architecture that will allow plant operations staff to improve collaboration and responsiveness to reduce security risks. As mentioned, a DVA can help integrate security and process systems, and its ability to tie third-party systems together makes it important when making integration a reality. Without a standard such as DVA, it is difficult to achieve effective communication that allows a site to be more aware of a security issue, and awareness allows for increased responsiveness.
About the Author
Scott Hillman (firstname.lastname@example.org) is the global solutions director for Honeywell Process Solutions. He has over 25 years of process automation experience and is based in Phoenix, Ariz.