This document discusses cybersecurity testing of control system networks. It notes that industrial control systems are often connected to open networks or the Internet, exposing vulnerabilities. It advocates testing control system software using hardware-in-the-loop simulations to improve safety and security. A first step is designing and operating control systems according to international standards for industrial automation. Important tests include probing networks for vulnerabilities and testing resilience under high traffic loads. DNV GL's cybersecurity and network resilience testing aims to reveal vulnerabilities from highly skilled hackers to hardware and software failures. Testing can actively provoke failures or take passive measurements to gather network status snapshots over time. The overall scope of testing covers issues like stress testing, penetration testing, screening services and vulnerabilities. An integrated

1. ©xxx
SAFER, SMARTER, GREENER
CYBERSECURITY AND
NETWORK RESILIENCE
Technical assessment of cybersecurity
Inherent to most control system networks today is the design
perspective that programmable logic controllers (PLCs) and the
network infrastructure interconnecting them operate in a secure
environment sealed from malicious attackers. In practice, these
industrial control systems are often connected to other networks
that also allow remote access through open networks or the
Internet. Considering the possible impact of failures and the
criticality of these systems, vulnerabilities call for action.
Verification and testing of control system software
with Marine Cybernetics services
Hardware-in-the-loop (HIL) testing of control system software has been shown to improve
the safety of offshore operations and to reduce downtime. This successful approach can be
complemented with the verification of cybersecurity to treat safety and security together
and to secure the integrity of control systems.
MARITIME
The first step towards securing control systems is to make sure
they are designed and operated according to recognized inter-
national standards and recommendations, such as the ISO 27000
series, the NOG 104 guidelines, the NIST 800 or the IEC 62443
set of standards for industrial automation.
In addition, testing and probing these networks for possible
vulnerabilities and for robustness under high traffic loads are

2. DNV GL – Maritime, Brooktorkai 18, 20457 Hamburg, Germany; Phone: +49 40 36149 0, www.dnvgl.com/mcs
© DNV GL 05/2016 ID: 1020752 Design: Maritime Communications
important in order to verify that the implementation of the
design is safe, secure and carried out in accordance with the
documentation.
The competence of DNV GL within control systems and IT
architectures is beneficial when examining critical parts of
control system networks. Our tests aim to reveal vulnerabilities,
regardless of whether they can only be exploited by a highly
skilled malicious attacker, a determined hacker or a disgruntled
employee, or can be caused by a hardware or software failure.
Network resilience
Control system networks often receive attention when operations
are disrupted by unexpected and intermittent failures. Assess-
ment of these networks can evaluate the current observable
quality, and it can be repeated to gain insight into degradation
of equipment and connections at a defined interval.
Tests can actively provoke failures, for example by generating
specially tailored network traffic, or encompass passive measure-
ments. The aim of taking passive measurements is to gather
snapshots of the current status of the network. These snapshots
can then be used as reference points when the measurements
are repeated at a later point in time. The types of communication
media we target are ethernet-based networks, typically serving
human machine interfaces (HMI), historians, various servers,
operator stations and controllers, as well as fieldbuses providing
connectivity to sensors and actuators in the field.
The overall scope of cybersecurity and network resilience
testing from DNV GL covers:
■■ Stress and robustness testing
■■ Penetration testing and testing of network segregation
■■ Screening running services, patches and firmware
■■ Authentication weaknesses
■■ Portable media security
■■ Known and unknown vulnerabilities
■■ Traffic anomalies
■■ Degradation of networked equipment
Today, an integrated approach for handling software and software
updates is essential. Combining HIL and cybersecurity testing
increases safety and security in the maritime and offshore
industry. As threats to cybersecurity continue to increase in
number and appear from unexpected new angles, a novel
methodology is required to secure safe operations at sea. Not
all tests, however, can be integrated into tools and be automated.
The experience of a tester, such as one from the DNV GL
Marine Cybernetics services team, is vital to the discovery and
investigation of specific holes in cyber defence.
CONTACT
Mate J. Csorba
Principal Specialist
Phone: +47 486 03 646
E-mail: mate.csorba@dnvgl.com