The document introduces control system security, detailing what control systems are and their unique risks, strengths, and weaknesses. It covers protections through people, processes, and technology, emphasizing the importance of network separation and regular security assessments. Additionally, it outlines governance policies, compliance audits, and resources for further learning about industrial control system security.

1. Securing Control Systems An introduction to security techniques for use in Control System Networks

2. Introduction Crispin Harris Security Specialist [email_address] 10 th May, 2010

3. Overview Part 1 – Understanding What is a Control System?

4. Why they are different?

5. Key attributes

6. Understanding the risks Part 2 – Protection Design & Network

7. Hosts & Operating Systems

8. Applications & Vendors

9. Vulnerability Management Part 4 - Summary Review & summary

10. Web Resources

11. Aus Gov Resources

12. US Gov Resources Part 3 – Governance Policy & Process

13. (Penetration) Testing

14. Vendor Relationships

15. Information/Software stores

16. Learning Objectives Be able to identify: Key attributes of a Control System

17. Strengths and weaknesses of normal CS design

18. Useful non-technical controls

19. Safe & useful technical controls Be able to Find further resources But most importantly: Be able to Knowledgeably discuss Control System security

20. Intro to Control Systems Security PART 1 – UNDERSTANDING CONTROL SYSTEMS

21. What is a Control System? A Control System is any computerised or automated system that is used to control, monitor, support or operate a known process. Most Control Systems manage an Industrial Process such as: Manufacturing, Energy, Water, Gas, But they are also found where other repeatable processes occur: Rail & Air Transportation, Healthcare, Finance,

22. Road Infrastructure, Fleet Management, etc

23. What is a “Control System”? A “Control System” (“Industrial Control System”) is an umbrella term that refers to a broad set of control systems. These include: SCADA (Supervisory Control and Data Acquisition)

24. DCS (Distributed Control System)

25. PCS (Process Control System)

26. EMS (Emergency Management System)

27. AS (Automated System)

28. SIS (Safety Instrumentation System) And any other automated control system.

29. Why are ICS networks special? Control Systems are designed to provide day-in, day-out management of a well known process. The integrity and continued operation of this process frequently has key safety or financial impact. Control Systems need: INTEGRITY

30. AVAILABILITY And a bit of: CONFIDENTIALITY

31. Attributes of ICS networks Constant & Unchanging

32. Stable

33. Well documented

34. Old & un-patched systems

35. Isolated*

36. Internally redundant