Practical Industrial Cybersecurity E-Book

Table of Contents

Cover

Title page

Foreword

Introduction

What Does This Book Cover?

Reader Support for This Book

Chapter 1: Industrial Control Systems

Introduction

Basic Process Control Systems

OT/IT Network Integration

Industrial Safety and Protection Systems

Review Questions

Exam Questions

Chapter 2: ICS Architecture

Introduction

Network Transmission Media

Field Device Architecture

Industrial Network Protocols

Enterprise Network Protocols

Review Questions

Exam Questions

Chapter 3: Secure ICS Architecture

Introduction

Boundary Protection

Security Topologies

Security Zoning Models

The SANS ICS410 Reference Model

Wireless Networking

Review Questions

Exam Questions

Chapter 4: ICS Module and Element Hardening

Introduction

Endpoint Security and Hardening

OS Security/Hardening

Application Software Security

Anti-Malware

Embedded Device Security

Network Hardening

Review Questions

Exam Questions

Chapter 5: Cybersecurity Essentials for ICS

Introduction

Basic Security Tenets

Vulnerability and Threat Identification

Events, Incidents, and Attacks

Cryptographics

Review Questions

Exam Questions

Chapter 6: Physical Security

Introduction

Infrastructure Security

Intrusion Detection and Reporting Systems

Video Surveillance Systems

Physical Security for ICS

Review Questions

Exam Questions

Chapter 7: Access Management

Introduction

Access Control Models

Application Runtime and Execution Control

User Access Management

ICS Access Control

Access Control for Cloud Systems

Review Questions

Exam Questions

Chapter 8: ICS Security Governance and Risk Management

Introduction

Security Policies and Procedure Development

Risk Management

Review Questions

Exam Questions

Chapter 9: ICS Security Assessments

Introduction

Security Assessments

ICS Device Testing

ICS Penetration Testing

Security Testing Tools

Review Questions

Exam Questions

Chapter 10: ICS Security Monitoring and Incident Response

Introduction

ICS Lifecycle Challenges

Change Management

Monitoring

Logging and Auditing

Incident Management

Review Questions

Exam Questions

Chapter 11: Disaster Recovery and Business Continuity

Introduction

Business Continuity Plans

System Backup and Restoration

Disaster Recovery

Review Questions

Exam Questions

Appendix A: GICSP Objective Map

ICS410.1 ICS: Global Industrial Cybersecurity Professional (GICSP) Objectives

Overview

ICS410.2 Architecture and Field Devices

ICS410.3: Communications and Protocols

ICS410.4: Supervisory Systems

ICS410.5: Security Governance

Appendix B: Glossary

Appendix C: Standards and References

Reference Links

Appendix D: Review and Exam Question Answers

Chapter 1: Industrial Control Systems

Chapter 2: ICS Architecture

Chapter 3: Secure ICS Architecture

Chapter 4: ICS Modules and Element Hardening

Chapter 5: Cybersecurity Essentials for ICS

Chapter 6: Physical Security

Chapter 7: Access Management

Chapter 8: ICS Security Governance and Risk Management

Chapter 9: ICS Security Assessments

Chapter 10: ICS Security Monitoring and Incident Response

Chapter 11: Disaster Recovery and Business Continuity

Index

Copyright

About the Author

About the Technical Editor

Acknowledgments

End User License Agreement

List of Tables

Chapter 2

TABLE 2.1 Fiber-Optic Cable Speeds and Distances

Chapter 4

TABLE 4.1 Legacy Ports

TABLE 4.2 Operating System Security Comparisons

Chapter 6

TABLE 6.1 Biometric Device Comparison

Chapter 8

TABLE 8.1 A Sample Risk Assessment Matrix

List of Illustrations

Chapter 1

FIGURE 1.1 Blocks of an automated process

FIGURE 1.2 A simple temperature control system

FIGURE 1.3 Closed-loop process blocks

FIGURE 1.4 Field device implementations

FIGURE 1.5 A typical PLC

FIGURE 1.6 PLC controlling a process

FIGURE 1.7 A typical compact PLC

FIGURE 1.8 Modular PLC rack and backplane

FIGURE 1.9 An RTU controller

FIGURE 1.10 A typical RTU implementation

FIGURE 1.11 Distributed controllers

FIGURE 1.12 A master controller configuration

FIGURE 1.13 Adding a supervisory controller

FIGURE 1.14 Providing the HMI

FIGURE 1.15 Adding a supervisory network loop

FIGURE 1.16 Multiple ICS network loops

FIGURE 1.17 Ethernet connections

FIGURE 1.18 PLC Ethernet connections

FIGURE 1.19 Adding the ICS segment to the network

FIGURE 1.20 ICS telemetry systems

FIGURE 1.21 Zigbee PAN

FIGURE 1.22 A WiMAX network

FIGURE 1.23 A utility network system

FIGURE 1.24 AMI mesh architecture

FIGURE 1.25 Industrial networks

FIGURE 1.26 Adding the ICS segment to the IT network

FIGURE 1.27 The ISA-95 standard

FIGURE 1.28 A simple heating process revisited

FIGURE 1.29 Adding an ESD system

FIGURE 1.30 Adding an FGS to the system

FIGURE 1.31 A simple differential pressure detection system

FIGURE 1.32 A simple BMS

FIGURE 1.33 Adding a vibration detection system

Chapter 2

FIGURE 2.1 UTP and STP cabling

FIGURE 2.2 Coaxial cable

FIGURE 2.3 Transmitting over fiber-optic cable

FIGURE 2.4 Point-to-point connections

FIGURE 2.5 USB to RS-232 serial connections

FIGURE 2.6 Serial connections

FIGURE 2.7 Remote access ICS communications

FIGURE 2.8 Remote access ICS communications

FIGURE 2.9 PLC structure

FIGURE 2.10 PLC address map

FIGURE 2.11 Jump instructions

FIGURE 2.12 PLC input power supply connections

FIGURE 2.13 Sinking and sourcing configurations

FIGURE 2.14 PLC output types

FIGURE 2.15 Stand-alone PLC implementation

FIGURE 2.16 DCS-based PLC implementation

FIGURE 2.17 Input signal processing blocks

FIGURE 2.18 Smart sensors

FIGURE 2.19 An SPST switch

FIGURE 2.20 An SPDT switch

FIGURE 2.21 A DPST switch

FIGURE 2.22 A DPDT switch

FIGURE 2.23 A typical toggle switch

FIGURE 2.24 Rocker switches

FIGURE 2.25 Push-to-make/break switches

FIGURE 2.26 NO and NC switches

FIGURE 2.27 Direct final element control

FIGURE 2.28 Actuator signal conversion

FIGURE 2.29 A typical industrial relay structure

FIGURE 2.30 The controlled circuit

FIGURE 2.31 Relay ladder logic diagram

FIGURE 2.32 A multiprocess unit production system

FIGURE 2.33 PLC communication connections

FIGURE 2.34 TCP/IP packet

FIGURE 2.35 TCP/IP routing

FIGURE 2.36 DNS process

FIGURE 2.37 Relay ladder logic diagram

Chapter 3

FIGURE 3.1 Connecting the OT and IT networks

FIGURE 3.2 Network firewall

FIGURE 3.3 Stateful firewall operations

FIGURE 3.4 Internetwork firewall

FIGURE 3.5 Internetwork router

FIGURE 3.6 Implementing firewalls

FIGURE 3.7 A DMZ

FIGURE 3.8 Minimum ICS/IT network connectivity

FIGURE 3.9 A dual firewall DMZ

FIGURE 3.10 Operation of a proxy server

FIGURE 3.11 Boundary protection with a proxy server

FIGURE 3.12 A network switch connection

FIGURE 3.13 A network router

FIGURE 3.14 Network zoning

FIGURE 3.15 Layered zones

FIGURE 3.16 Zone partitioning technologies

FIGURE 3.17 A data diode

FIGURE 3.18 A flat network configuration

FIGURE 3.19 ICS security zones

FIGURE 3.20 Where OT meets IT

FIGURE 3.21 Securing the enterprise zone

FIGURE 3.22 Additional ISA-95 zones

FIGURE 3.23 IIoT Purdue Architecture Model

FIGURE 3.24 IIoT Purdue Architecture Model

FIGURE 3.25a The SANS ICS410 Reference Architecture

FIGURE 3.25 A segmented network

FIGURE 3.26 A NAT-segmented network

FIGURE 3.27 Sample VLAN organization

FIGURE 3.28 VLAN partitioning

FIGURE 3.29 Intersegment DATA movement

FIGURE 3.30 Secure tunneling

FIGURE 3.31 A wireless ICS reference network

FIGURE 3.32 Wireless sensor communications

FIGURE 3.33 A WAP

FIGURE 3.34 Gateway operations

FIGURE 3.35 Cellular modem implementation

FIGURE 3.36 Small business network zoning

FIGURE 3.37

Chapter 4

FIGURE 4.1 The three perimeters

FIGURE 4.2 CMOS security configuration

FIGURE 4.3 Physical PC ports

FIGURE 4.4 PC chipset

FIGURE 4.5 Typical I/O port connectors

FIGURE 4.6 Port enabling options

FIGURE 4.7 Removable media systems

FIGURE 4.8 The position of the DOS in the computer system

FIGURE 4.9 Data encryption

FIGURE 4.10 Directory traversal

FIGURE 4.11 Local Security Policy/Security Settings

FIGURE 4.12 Microsoft Local User and Groups accounts

FIGURE 4.13 Windows/Linux lockout options

FIGURE 4.14 Fingerprint scanners

FIGURE 4.15 Hypervisors

FIGURE 4.16 Data historian security

FIGURE 4.17 SQL injection

FIGURE 4.18 Sanitizing files

FIGURE 4.19 Sanitizer deployment

FIGURE 4.20 Anatomy of a smart meter

FIGURE 4.21 Typical A/D converter operation

FIGURE 4.22 A NAN

FIGURE 4.23 Mandatory access control

FIGURE 4.24 Role-based access control

FIGURE 4.25 MAC spoofing

Chapter 5

FIGURE 5.1 Attack motivations

FIGURE 5.2 Cyber Kill Chain

FIGURE 5.3 Social engineering attacks

FIGURE 5.4 Shoulder surfing

FIGURE 5.5 Eavesdropping

FIGURE 5.6 Dumpster diving

FIGURE 5.7 Tailgating

FIGURE 5.8 A diversion

FIGURE 5.9 Phishing examples

FIGURE 5.10 Pharming

FIGURE 5.11 Payload deliveries

FIGURE 5.12 Broadcast storm

FIGURE 5.13 Multipath switch connections

FIGURE 5.14 IP header

FIGURE 5.15 Perimeter network protection

FIGURE 5.16 Secure authentication

FIGURE 5.17 MAC spoofing

FIGURE 5.18 ARP

FIGURE 5.19 DNS process

FIGURE 5.20 A denial-of-service attack

FIGURE 5.21 DoS attack

FIGURE 5.22 DDos attack

FIGURE 5.23 Smurf amplification

FIGURE 5.24 SYN flooding

FIGURE 5.25 Session hijacking

FIGURE 5.26 Clickjacking

FIGURE 5.27 Cross-site scripting

FIGURE 5.28 Man-in-the-middle attack

FIGURE 5.29 The Social Engineering Toolkit

FIGURE 5.30 Cantenna

FIGURE 5.31 Kismet

FIGURE 5.32 WPA four-way handshaking

FIGURE 5.33 MDK3

FIGURE 5.34 Beacon flood attack

FIGURE 5.35 Symmetric vs. asymmetric keys

FIGURE 5.36 Viewing credentials

FIGURE 5.37 Digital certificates

Chapter 6

FIGURE 6.1 Security subsystems

FIGURE 6.2 Physical barriers

FIGURE 6.3 Access control

FIGURE 6.4 Common security tools

FIGURE 6.5 Keyfob operations

FIGURE 6.6 RFID systems

FIGURE 6.7 Rouge ID badge reader

FIGURE 6.8 Smart card ID technologies

FIGURE 6.9 Storing biometric data on a smart card

FIGURE 6.10 Using SMS messages for access control

FIGURE 6.11 Typical biometric authentication methods

FIGURE 6.12 Remote access communication options

FIGURE 6.13 Remote control/access operations

FIGURE 6.14 Remote monitoring systems

FIGURE 6.15 Basic intrusion detection and reporting system

FIGURE 6.16 Typical security system controller

FIGURE 6.17 Security panel zone inputs

FIGURE 6.18 Creating a physical zone

FIGURE 6.19 Zoning concepts

FIGURE 6.20 Automatic voice/pager dialer console

FIGURE 6.21 A basic video surveillance system

FIGURE 6.22 Video surveillance camera

FIGURE 6.23 An IP camera

FIGURE 6.24 PTZ camera

FIGURE 6.25 Analog and digital camera resolution

FIGURE 6.26 IR camera

FIGURE 6.27 Monitoring passageways

FIGURE 6.28 Asset monitoring

FIGURE 6.29 DAS video storage

FIGURE 6.30 NAS and SAN storage systems

FIGURE 6.31 Server security points

Chapter 7

FIGURE 7.1 Mandatory access control

FIGURE 7.2 Role-based access control

FIGURE 7.3 Attribute-based access control

FIGURE 7.4 Basic Active Directory structure

FIGURE 7.5 Active Directory relationships

FIGURE 7.6 Active Directory Users and Computers

FIGURE 7.7 Linux directory service menu

FIGURE 7.8 Password policies

FIGURE 7.9 Extended ISA-95 architecture

FIGURE 7.10 VPN connections

FIGURE 7.11 General structure of a cloud system

FIGURE 7.12 Cloud access avenues

Chapter 8

FIGURE 8.1 Typical penetration tests

FIGURE 8.2 A risk assessment scoring document

FIGURE 8.3 Risk assessment executive summary template

Chapter 9

FIGURE 9.1 ISA/IEC-62443 document series

FIGURE 9.2 Attack surfaces

FIGURE 9.3 TCP/IP header

FIGURE 9.4 Black-box testing

FIGURE 9.5 White-box testing

FIGURE 9.6 Gray-box pentesting

FIGURE 9.7 A packet analyzer tool

FIGURE 9.8 Network enumeration

FIGURE 9.9 Nmap output

FIGURE 9.10 Port scanning

FIGURE 9.11 Vulnerability scan

FIGURE 9.12 Wireshark

FIGURE 9.13 Snort

FIGURE 9.14 Nmap utility

FIGURE 9.15 Metasploit operation

Chapter 10

FIGURE 10.1 A patch decision tree

FIGURE 10.2 Viewing security audit logs

FIGURE 10.3 Configuring auditing in Windows

FIGURE 10.4 Establishing a local security policy setting

FIGURE 10.5 Linux auditing system

FIGURE 10.6 IT/OT network logging

FIGURE 10.7 Incident response phases

FIGURE 10.8 CSIRT members

FIGURE 10.9 Distributed IDS

FIGURE 10.10 IPS systems

Chapter 11

FIGURE 11.1 RAID 1

FIGURE 11.2 RAID 5

FIGURE 11.3 Server clustering/load balancing

FIGURE 11.4 Appliance-based virtualization

FIGURE 11.5 Switch-based storage virtualization

FIGURE 11.6 The architecture of a typical cloud storage solution in a privat...

FIGURE 11.7 Full or total backup

FIGURE 11.8 Incremental backup

FIGURE 11.9 Differential or modified-only backup

FIGURE 11.10 Selective or copy backup

FIGURE 11.11 The Grandfather-Father-Son method

Guide

Cover

Table of Contents

Title Page

Copyright

About the Author

About the Technical Editor

Acknowledgments

Foreword

Introduction

Begin Reading

Appendix A: GICSP Objective Map

Appendix B: Glossary

Appendix C: Standards and References

Appendix D: Review and Exam Question Answers

Index

End User License Agreement

Pages

iii

xxi

xxiii

xxiv

xxv

xxvi

xxvii

xxviii

1

2

3

4

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37

38

39

40

41

42

43

44

45

46

47

48

49

50

51

52

53

54

55

56

57

58

59

60

61

62

63

64

65

66

67

68

69

70

71

72

73

74

75

76

77

78

79

80

81

82

83

84

85

86

87

88

89

90

91

92

93

95

96

97

98

99

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

217

218

219

220

221

222

223

224

225

226

227

228

229

230

231

232

233

234

235

236

237

238

239

240

241

242

243

244

245

246

247

248

249

250

251

252

253

254

255

256

257

258

259

260

261

262

263

264

265

266

267

268

269

270

271

272

273

274

275

276

277

278

279

280

281

282

283

284

285

286

287

288

289

290

291

292

293

294

295

296

297

298

299

300

301

302

303

304

305

306

307

308

309

310

311

312

313

315

316

317

318

319

320

321

322

323

324

325

326

327

328

329

330

331

332

333

334

335

336

337

338

339

340

341

342

343

344

345

347

348

349

350

351

352

353

354

355

356

357

358

359

360

361

362

363

364

365

366

367

368

369

370

371

373

374

375

376

377

378

379

380

381

382

383

384

385

386

387

388

389

390

391

392

393

394

395

396

397

398

399

400

401

402

403

405

406

407

408

409

410

411

412

413

414

415

416

417

418

419

420

421

422

423

424

425

426

427

428

429

430

431

432

433

434

435

436

437

438

439

440

441

442

443

444

445

446

447

448

449

450

451

453

454

455

456

457

458

459

460

461

462

463

464

465

466

467

468

469

470

471

472

473

474

475

476

477

478

479

481

482

483

484

485

486

487

488

489

490

491

492

493

494

495

496

497

498

499

500

501

502

503

504

505

506

507

508

509

510

511

512

513

514

515

516

517

518

519

520

521

522

523

524

525

526

527

528

529

530

531

533

534

535

536

537

539

540

541

542

543

544

545

546

547

548

549

550

551

552

553

554

555

556

557

558

559

560

561

562

563

564

565

566

567

568

569

571

572

573

574

575

576

577

578

579

580

581

582

583

584

585

586

587

588

589

590

591

592

593

594

595

iv

v

vii

ix

596

PracticalIndustrial Cybersecurity

ICS, Industry 4.0, and IIoT

Foreword

Imagine waking up in a house one day with no electricity. Or maybe your gas heater won't turn on, or you have no water flowing to your house. Simple everyday conveniences? No, these resources are critical dependencies that provide health, safety, nourishment, and general stability and security—not only in our homes and businesses but throughout society as a whole. These are exactly the outcomes of a coordinated cyberattack against critical infrastructure. Now imagine this type of cyber event on a national scale. We should all be concerned about this type of cyber event, not only regarding these basic necessities, but concerning stability if our financial or healthcare services are compromised. We are at an unbalanced period of cyberthreats versus our ability to identify and react to cyberattacks on this type of scale.

A few years ago, I had the pleasure of working with the coauthor of this book, Mr. Phil Craig Jr. Together we provided our skills to support a critical electric infrastructure security program sponsored by the Defense Advanced Research Projects Agency (DARPA). The project explored and developed cybersecurity tools to quickly recover the US electrical grid from a persistent and aggressive cyberattack that would severely impact the stability of a large-scale power grid. We learned that the threats were real, and the challenge could be overwhelming.

Understanding, operating, and defending the digital environments that provide stable controls and communications in a highly connected environment are paramount tasks when preventing the cyber events we fear will affect our daily lives. Mr. Craig and his colleagues have amassed years of experience in the evolution of operational technology systems and in creating technology to identify and mitigate cyberthreats in them, and Mr. Charles Brooks has been a significant contributor to exceptional “hands-on” training techniques and materials for many years. With their combined knowledge, the book provides a perspective of how immense the opportunity is for cyber intrusions and attacks and introduces impactful techniques to increase cyber defenses against them. Both Mr. Brooks's and Mr. Craig's technical acumen are surpassed only by their passion for educating new generations of cyber defenders to protect these essential systems and networks from those who try to alter our way of life.

This book is a useful resource for both newcomers and experienced individuals who are attempting to broaden their knowledge of industrial control systems and cybersecurity countermeasures as cyberthreats continue to grow. The book strongly supports and identifies critical skills that are desperately needed to provide protective measures to counter these threats. It is logically organized and provides references for technicians working in the OT trade and attempting certification as Global Industrial Cyber Security Professionals (GICSPs). Finally, this book provides a comprehensive resource for any cybersecurity professional who desires to expand their breadth of security knowledge on the latest cyber techniques used in the industry.

Mr. Joseph Minicucci

Lt. Col USMC

Introduction

Welcome to Wiley’s Practical Industrial Cybersecurity: ICS, Industry 4.0, and IIoT. This book is designed to provide a solid theory and practical platform for cybersecurity personnel in the industrial process control and utility environments.

While this book does not stand on its own as a complete guide to becoming an industrial cybersecurity professional, it does prepare readers to prepare for the leading industry certification in this area—the Global Industrial Cyber Security Professional (GICSP) exam from Global Information Assurance Certification (GIAC), an affiliate of the SANS Institute. The GICSP exam is designed to bring industrial control skills to the cybersecurity forefront. While there are multitudes of IT-centric computer, network, and cybersecurity courses and certifications in the field, there are not many individuals who possess the skills and knowledge of cybersecurity as it relates to industrial control systems and operations technology. The search for people with these skills and knowledge has becoming a driving force in the cybersecurity world.

The published topic areas for each GICSP Exam Certification Objectives & Outcome Statements are as follows:

Access Management—Knowledge of access control models, directory services, and user access management

Configuration/Change Management—Knowledge of change management, baselines, equipment connections, and configuration auditing

Configuration/Change Management-software updates—Knowledge of distribution and installation of patches, knowledge of software reloads and firmware management

Cybersecurity Essentials for ICS—Knowledge of attacks and incidents (e.g., man in the middle, spoofing, social engineering, denial of service, denial of view, data manipulating, session hijacking, foreign software, unauthorized access)

Cybersecurity Essentials for ICS—Knowledge of availability (e.g., health and safety, environmental, productivity)

Cybersecurity Essentials for ICS—Knowledge of cryptographics (e.g., encryption, digital signatures, certificate management, PKI, public versus private key, hashing, key management, resource constraints)

Cybersecurity Essentials for ICS—Knowledge of security tenets (e.g., CIA, non-repudiation, least privilege, separation of duties)

Cybersecurity Essentials for ICS—Knowledge of threats (e.g., nation-states, general criminals, inside and outside malicious attackers, hacktivists, inside non-malicious)

Disaster Recovery and Business Continuity—Knowledge of system backup and restoration

ICS Architecture—Knowledge of communication medium and external network communications

ICS Architecture—Knowledge of field device architecture (e.g., relays, PLC, switch, process unit)

ICS Architecture—Knowledge of industrial protocols (e.g., Modbus, Modbus TCP, DNP3, Ethernet/IP, OPC)

ICS Architecture—Knowledge of network protocols (e.g., DNS, DHCP, TCP/IP)

ICS Architecture—Knowledge of network segmentation (e.g., partitioning, segregation, zones and conduits, reference architectures, network devices and services, data diodes, DMZs)

ICS Architecture—Knowledge of wireless security (e.g., Wi-Fi, wireless sensors, wireless gateways, controllers)

ICS Modules and Element Hardening—Knowledge of application security (e.g., database security)

ICS Modules and Element Hardening—Knowledge of embedded devices (e.g., PLCs, controllers, RTUs, analyzers, meters, aggregators, security issues, default configurations)

ICS Modules and Element Hardening—Knowledge of network security/hardening (e.g., switchport security)

ICS Modules and Element Hardening—Knowledge of OS security (Unix/Linux, Windows, least privilege security, virtualization)

ICS Modules and Element Hardening—Configuration and endpoint hardening—knowledge of anti-malware implementation, updating, monitoring, and sanitization. Knowledge of endpoint protection including user workstations and mobile devices

ICS Security Assessments—Knowledge of security testing tools (e.g., packet sniffer, port scanner, vulnerability scanner)

ICS Security Assessments—Assessments and testing—knowledge of device testing (e.g., communication robustness, fuzzing) (e.g., risk, criticality, vulnerability, attack surface analysis, supply chain), penetration testing and exploitation, security assessment

ICS Security Governance and Risk Management—Knowledge of risk management (e.g., PHA/HAZOP usage, risk acceptance, risk/mitigation plan)

ICS Security Governance and Risk Management—Knowledge of security policies and procedures development (e.g., exceptions, exemptions, requirements, standards)

ICS Security Monitoring—Knowledge of event, network, and security logging, including knowledge of archiving logs

ICS Security Monitoring—Knowledge of event, network, and security monitoring

Incident Management—Knowledge of incident recognition and triage (e.g., log analysis/event correlation, anomalous behavior, intrusion detection, egress monitoring, IPS), knowledge of incident remediation/recovery, and knowledge of incident response (e.g., recording/reporting, forensic log analysis, containment, incident response team, root cause analysis, eradication/quarantine)

Industrial Control Systems—Knowledge of basic process control systems (e.g., RTU, PLC, DCS, SCADA, metering/telemetry, Ethernet I/O, buses, Purdue [ISA 95])

Industrial Control Systems—Knowledge of safety and protection systems (e.g., SIS, EMS, leak detection, FGS, BMS, vibration monitoring)

Physical Security—Knowledge of physical security

Additional information about the GICSP exam is presented in Appendix A.

What Does This Book Cover?

This book prepares readers to prepare for the leading industry certification in this area—the Global Industrial Cyber Security Professional (GICSP) exam from Global Information Assurance Certification (GIAC), an affiliate of the SANS Institute.

The Practical Industrial Cybersecurity: ICS, Industry 4.0, and IIoT book is a basic training system designed to provide a solid understanding of industrial cybersecurity challenges, tools, and techniques, as well as to develop the foundations of a professional cybersecurity skill set. This is accomplished in a progressive process, as follows:

Chapter 1: Industrial Control Systems

Unless you've been working in an industrial process environment, the operations, devices, protocols, and standards involved in those types of environments are probably foreign to you. This initial chapter is designed to introduce the reader to the functions of components and systems involved in basic industrial process control operations. The latter sections of the chapter address common industrial safety and protection systems.

Chapter 2: ICS Architecture

For individuals acquainted with typical enterprise/IT networking, an industrial network is still an alien environment in many ways. Even the most basic components and tenets of operating an OT network are different from those found in a traditional IT network. This chapter presents the reader with an introduction to basic OT field device architecture and contrasts the basic functions of common industrial and enterprise network protocols.

Chapter 3: Secure ICS Architecture

This chapter builds on the basic information introduced in the preceding chapter to show how those components are organized to produce secure operational technology (OT) network architecture. This involves two major topic areas—network segmentation and security zoning as well as wireless network security.

Chapter 4: ICS Modules and Element Hardening

Industrial network security efforts begin with hardening hardware. However, it also extends to the local host's operating system, its file system, and its applications. This chapter covers techniques and practices involved in OT module and element hardening in six major areas—endpoint protection, embedded device security, OS security, application security, and use of anti-malware products in IT and OT networks as well as network security/hardening efforts.

Chapter 5: Cybersecurity Essentials for ICS

The opening sections of this chapter deal with the most fundamental cybersecurity tenets—CIA, AAA, nonrepudiation, the principle of least privilege, and separation of duties policies. Unlike in the typical IT network environment, data confidentiality is not usually the top security tenet associated with OT networks. Instead, the most important tenet is typically availability. ICS networks are real-time environments, and having data available in real time is usually more important than its confidentiality.

The middle sections of the chapter turn to address the knowledge of threats to industrial/utility environments. This includes descriptions of the different players involved in cybersecurity realms, as well as the nature of different types of attacks conducted against them.

The final sections of the chapter deal with employing cryptographic techniques to encrypt and protect data. Information covered in these sections includes digital signatures, certificate management, PKI, public/private keys, hashing, and key management.

Chapter 6: Physical Security

The beginning of all security is physical security. Even though it is often not mentioned in the same text as computer, network, or cybersecurity, those forms of security cannot exist without physical security. This chapter defines physical security and examines how infrastructure security fits into cybersecurity. The information in this chapter will enable readers to differentiate between authentication and authorization, identify typical physical access control devices, and identify strengths and weaknesses of different types of security and surveillance systems and devices.

Chapter 7: Access Management

Access control is basically a strategy for identifying people doing specific jobs, authenticating them through some type of identification system, and then giving only them keys to the assets they need access to. The previous chapter addressed this at the physical level. This chapter deals with logical access control models and practices associated with controlling access in enterprise and OT networks. Key topics here include coverage of typical directory services and user access management procedures and policies.

Chapter 8: ICS Security Governance and Risk Management

Policies, procedures, and guidelines are governance elements that work together to provide employees with adequate guidance to perform their tasks within an organization. This chapter examines these elements and how they are developed to meet the needs of the organization. Key ICS topics developed here include standards, requirements, exemptions, and exceptions.

The chapter also deals with how organizations manage risk in the development, deployment, and maintenance of their policies and procedures. This includes calculating and evaluating risk factors to determine risk mitigation and risk acceptance strategies. When an organization undertakes an OT security assessment, risk mitigation, and security policy generation plan, they must address certain areas of risk. You will be introduced to standard risk management tools used in the ICS network environment, such as risk mitigation plans and PHA Hazard and Operability (HAZOP) studies.

Chapter 9: ICS Security Assessments

A security assessment involves testing the network architecture and its policies, procedures, and guidelines in a realistic way to determine its effectiveness. This chapter discusses penetration testing and exploitation in the OT network environment. This includes becoming familiar with security testing tools and the ICS device testing strategies involved in security assessments. You will be introduced to security assessment exercises designed to locate vulnerabilities within an organization's network and computing environment.

Chapter 10: ICS Security Monitoring and Incident Response

After the research has been conducted, the network has been designed and implemented, and the security assessment has been conducted and validated, continued security must be provided by monitoring and auditing the network for activities that indicate it is being threatened or has already been compromised. This chapter addresses ongoing security in the form of event, network, and security monitoring and logging activities. Key topics related to these efforts include change management, distribution and installation of patches, software reloads, and firmware management.

The second half of the chapter examines the implementation of an effective incident response plan. In modern networks of all kinds, it is naive to think that any of them will not be attacked—it's not if, it's when. The key to successfully managing these events is having a well-developed and tested incident response plan and being knowledgeable of incident recognition, triage, and remediation/recovery steps and techniques.

Chapter 11: Disaster Recovery and Business Continuity

Organizations must be able to continue operations despite all types of small emergencies and large disasters to ensure the health and continuation of the organization. This involves looking ahead and creating a robust disaster recovery plan and business continuity plan. This chapter examines best practices associated with creating these two interrelated documents.

The book concludes with discussions of how to recover from a successful attack or natural disaster. The best solution for these types of events is having the ability to recover quickly and get back to partial and then full operations. This section discusses different system backup and restoration options and practices.

An abundance of assessment material is available with this book. At the end of each chapter are 15 open-ended/fill-in-the-blank questions and 10 multiple-choice questions. The 10 multiple-choice questions test your knowledge of the basic concepts presented in the chapter, while the 15 open-ended questions are designed to test comprehension and critical thinking.

Appendix A contains information specific to enrolling and taking the GICSP exam from GIAC. The scope and sequencing of this course was developed from the objectives list of the Global Industrial Cyber Security Professional (GICSP) exam.

Appendix B contains an extensive glossary of GICSP terms.

Appendix C contains key references used in the development of this book and are provided to give you a source of materials to round out the topics covered here.

Reader Support for This Book

We provide email addresses for reader support in the following sections.

How to Contact the Publisher

If you believe you've found a mistake in this book, please bring it to our attention. At John Wiley & Sons, we understand how important it is to provide our customers with accurate content, but even with our best efforts an error may occur.

To submit your possible errata, please email it to our Customer Service Team at [email protected] with the subject line “Possible Book Errata Submission.”

How to Contact the Author

We appreciate your input and questions about this book! Email me at [email protected].

Chapter 1Industrial Control Systems

OBJECTIVES

Upon completion of this chapter, you should be able to:

Describe the functions of components and systems involved in basic industrial process control operations, including:

Closed loop

RTU

IED

PLC

DCS

SCADA

Metering/telemetry

Ethernet I/O

Bus (field)

Purdue (ISA 95)

Describe common industrial safety and protection systems, including:

SIS

EMS

Leak detection

FGS

BMS

Vibration monitoring

Introduction

In general, people everywhere are becoming more aware of how interactions involving internetworked systems can affect their personal and financial security. However, we tend to be less aware of how security issues associated with the critical industrial processing and utility services infrastructure involve us. These critical infrastructure sectors include the following:

Industrial processing

Manufacturing

Chemical processing

Agriculture

Utility services

Water

Electricity

Wastewater

Oil and gas

Transportation

Consider the areas called out in these two sectors and think about how much of your life would be impacted if any of these critical infrastructure sectors became severely damaged or disabled by a security event. Then consider that most participants in both infrastructure sectors have increased their usage of cyber technologies to make their operations more automated, efficient, and productive. In doing so, they have exposed their operations to the same types of cybersecurity threats that are associated with personal and organizational networks.

While cybersecurity policies and practices for industrial and utility organizations seem similar to those associated with enterprise network security, they are quite different in application. Personnel trained in enterprise network security may see only a passing similarity to the networks they are familiar with if they were introduced to an industrial or utility network environment.

It's not as though there are no transferable skill and knowledge sets between IT networks and industrial/utility network environments. In fact, as you read this book, we will blend basic organizational IT networking information with new information you will need to understand to be successful in the industrial/utility network security environment.

Basic Process Control Systems

The basis of all industrial production and utility services operations is the implementation of automated process control systems. Let's begin by examining the basic elements associated with any industrial process control system. Figure 1.1 depicts a generic automated process in block diagram format.

FIGURE 1.1 Blocks of an automated process

Within the block labeled “process” is some variable such as temperature, pressure, flow rate, level, rotational speed, or position that needs to be regulated. Any physical parameter that can change spontaneously or from external influences is a dynamic variable. A dynamic variable that is being controlled by the controller block is more specifically referred to as the process variable(PV).

The overall objective of process control is to cause the PV to remain at some specific predetermined value referred to as the set point(SP). The SP may be a fixed reference, such as a simple liquid level sensor mounted on a post, or it can be an adjustable reference like a common thermostat where the user can set a desired temperature to be maintained.

Because the PV is dynamic, the overall control system must constantly sample the state of the variable, compare it to the set point, and apply any corrective actions needed to maintain the PV at the desired SP. The devices that gather information about the system are collectively referred to as input transducers or sensors.

The output of the sensor may feed directly into the controller block, or this might be accomplished with an optional block titled “transmitter.” If the sensor is located at some distance from the controller or its output is simply incompatible with the controller's input, an interface device must be used to convert the transducer's output signal to a signal that is better suited for transmission or that is compatible with the controlling device.

The heart of any process control system is the block marked “controller.” The controller is responsible for taking the input information, comparing that information to a predetermined condition or a reference, making decisions about what action should be taken, and finally sending corrective error signals to the final element, which adjusts the manipulated variable. Industrial control units may consist of magnetic relays, a collection of digital integrated circuits, analog electronic circuitry, pneumatic devices, microprocessors, or some combination of these devices.

Operator settings and system status information are entered and obtained from the block titled “Input/Output” or “I/O.” The I/O block may be an integral part of the controller or located at some remote location. A portion of the I/O block may be dedicated to displays and control mechanisms that enable a human operator to interact with the control system.

The correction signal issued from the controller may be applied directly to the actuator block or to an optional output signal converter that is used to make the controller's output signal compatible with the actuator. The task of the actuator is to apply the corrective action necessary to regulate the process variable to the established set point. Typical industrial control actuators are devices such as electric motor starters and pneumatic or solenoid-activated valves.

To understand how these elements work together to provide process control, consider the simple temperature control system depicted in Figure 1.2. This example depicts a control system that employs a liquid-filled sensing device, a simple set of electrical switch contacts, and an electrically operated solenoid gas valve.

FIGURE 1.2 A simple temperature control system

In the example in Figure 1.2, the PV (liquid temperature) is constantly monitored by the fluid in the sealed bulb and capillary tubing. As temperature increases in the enclosure, the fluid expands in the bulb and tubing, causing it to press against a diaphragm at the end of the tubing. The movement of the diaphragm in turn pushes against one of a pair of electrical switch contacts, causing it to move closer to the other contact.

When the temperature in the enclosure reaches a predetermined level established by the sensor fluid's coefficient of expansion and the distance between the switch contacts, the contacts will go closed, creating an electrical circuit that activates a solenoid control valve. The electromagnet in the valve creates an electromagnetic field that pulls the valve stem upward, sealing off the flow of gas (the manipulated variable) to the heating element inside the enclosure (the final element).

The removal of the heat source will cause the temperature inside the enclosure to decrease until the bulb contracts and pulls the diaphragm away from the switch contacts. When this occurs, the contacts will open, cutting off the flow of electricity to the solenoid. The valve will open, and gas will once again flow into the heating element, causing the temperature to increase again.

Closed-Loop Control Systems

This simple temperature control system is a type of process control referred to as closed-loop control. As the block diagram in Figure 1.3 shows, there is a feedback pathway from the output of the process (temperature of the enclosure) that feeds back to the controller (the diaphragm and switch contacts), which then applies appropriate corrective action to the process input (the pneumatic gas valve and burner).

FIGURE 1.3 Closed-loop process blocks

The feedback loop through the controller enables the closed-loop system to be self-adjusting. The controller examines the measured process variable and compares it to the set point reference (in the earlier example the reference point was the position of the fixed-switch contact). It then creates an error response based on the outcome of the comparison.

Typically, if the process variable value is higher than the reference's value, a positive action is created, such as applying more gas to the heating element. Conversely, if the process variable value is equal to or higher than the reference value, the controller will produce a negative corrective action, such as shutting off the gas flow to the heating element.

In the example in Figure 1.3, the process control mode is simply On/Off: the valve is either completely open or completely closed. However, if analog output devices and input sensors are employed and the controller is intelligent (it has advanced decision-making capabilities such as a microprocessor-based controller), the closed-loop system can be built and configured to provide smooth, accurate, and sensitive control responses. These systems are the basis for all automated process control systems.

Industrial Process Controllers

As already discussed, the center of any process control system is its controller. Historically, process controllers have been based on a number of different technologies, including mechanical devices, pneumatic devices, analog electronics, discrete digital electronics, or microprocessor-based computer electronics. However, currently most process controllers are built on some type of microprocessor-based computer control technology.

While industrial process controllers (IPCs) share many qualities with microprocessor-based computing devices designed for the information technology (IT) industry (personal computers and network servers), they are very different in many ways. Unlike IT computers, industrial process controllers are not designed to store data and process it later. Instead, they produce output conditions based on the current states of their inputs according to their internal configuration or programming.

Industrial control systems are designed to control variables in the physical world, while IT systems are designed to manage data.

The following are key requirements for industrial process controllers:

Availability

: Many processes are continuous operations and require that the controller have high availability, reliability, and maintainability ratings. Availability is typically the highest objective in an industrial control system, along with data integrity. Confidentiality has traditionally been a secondary concern with process control systems; this is completely reversed from the general confidentiality, integrity, and availability (CIA) requirements associated with IT systems.

Timeliness

: Process control is a time-sensitive operation that requires quick response times. IT systems generally do not have timeliness constraints. For this reason, front-line intelligent process controllers operate on real-time operating systems.

Industrial interfacing

: Industrial controllers typically provide few if any user-friendly interface features, such as keyboards, pointing devices, or LCD displays. Instead, they provide industrial-style input and output ports for connecting sensors and actuators.

Physical hardening

: IPCs are designed to operate in harsh environments such as industrial factories and open air venues.

Field Devices

Industrial controllers that are designed to be deployed in close proximity to the process being controlled, as opposed to supervisory computing devices that are more routinely placed in an office or control room environment, are referred to as field devices. These are the most common field devices encountered in industrial and utility process control systems:

Programmable logic controllers (PLCs)

Remote telemetry units (RTUs)

Intelligent electronic devices (IEDs)

In a dedicated control system, the field device or devices are placed between the sensors that gather information from the physical process and the actuators that supply corrective actions to the physical process. However, in a distributed control system, the field devices are logically located between the sensors and actuators and the supervisory control system with its human machine interfaces. Figure 1.4 shows how field devices are typically implemented in industrial control systems.

FIGURE 1.4 Field device implementations

Programmable Logic Controllers

The preferred local control device in modern industrial processing and utility environments is the programmable logic controller, or PLC. PLCs are intelligent digital computing devices that are designed specifically to perform industrial control functions, such as opening and closing valves, switches, and relays to control processes.

Internally, PLCs like the one depicted in Figure 1.5 share most of their technology with IT computing devices. They contain a microprocessor, RAM memory, read-only firmware, and an operating system. However, this is where the similarities end.

FIGURE 1.5 A typical PLC

Because they are intelligent, PLC operation can be changed simply by reprogramming them with new instructions. PLCs use a programming method designed to resemble the relay ladder logic (because PLCs were originally designed to replace relay controllers that were widely used before digital processors were developed). These diagrams are discussed in Chapter 2, “ICS Architecture.” Newer PLCs can be programmed in many different ways, including through popular computer programming languages.

Programming can be downloaded or entered directly into the PLC's programmable RAM area. PLC instruction sets can be used to implement specific control functions such as counting and timing loops; three-mode proportional, integral, derivative (PID) control; arithmetic operations; and I/O control. Programming can be accomplished through a programming interface installed on a local host computer.

PLC inputs are connected to sensors—temperature, pressure, or positional switches—that monitor process variables. On the other side of the equation, the PLC's output terminals are attached to actuators—relays, solenoid valves, or mechanical positioners—which are devices used to control process variables, as illustrated in Figure 1.6.

The figure depicts a point-to-point wiring scheme for a PLC and its sensors and actuators. It also indicates that individual connections between the PLC and its devices can be made through wiring racks and junction boxes located throughout the production plant. However, each device is connected to an input or output terminal by a dedicated run of cable.

PLCs are available in different form factors including compact devices and modular units connected via a backplane system and housed in a common rack. Figure 1.7 depicts a typical compact PLC. It is a self-contained processing unit that offers input terminals along its top edge, output terminals along its bottom edge, and a power supply connection at its lower-left corner. The figure also illustrates that this PLC model makes provisions for connecting it to other devices through its serial communications terminals, as well as through a traditional Ethernet network connection.

FIGURE 1.6 PLC controlling a process

FIGURE 1.7 A typical compact PLC

Modular form-factor PLCs offer flexible input and output configurations, as multiple input or output modules can be added to the backplane. Figure 1.8 shows a typical PLC rack and backplane. The backplane is a printed circuit board that provides a common data bus and a series of slot connectors for connecting different modules to the system. One of the slot connectors is reserved for a power supply module. The other slot connectors (eight of them in this example) are designed to accept the CPU module and different types of I/O modules.

FIGURE 1.8 Modular PLC rack and backplane

Common PLC module types include the following:

Power supply unit (PSU) module

: This unit supplies power to the CPU and I/O modules through the backplane bus. PLC power supplies typically furnish 24Vac power to its components.

Central processing unit (CPU) module

: This is the PLC equivalent of the personal computer's motherboard. It contains the microprocessor, RAM and ROM memory, I/O interfacing circuitry, and communications support.

Input modules

: There are two basic types of input modules that can be installed in the PLC rack: analog input modules and digital input modules.

Analog inputs

: Analog input modules are designed to operate with sensing devices, such as thermocouples and pressure sensors, that produce a continuously variable range of output values between a minimum and maximum (such as 0–10V). Because microprocessor-based control devices do not understand analog signals, the modules must perform an A/D conversion process on the signal to achieve a digital equivalent of the measured analog value that the CPU can work with.

Digital inputs

: This type of module is used to handle discrete digital input devices such as limit switches, photo/optical switches, proximity switches, and any other device that provides a two-state output. These modules are available to handle from 8 up to 128 devices.

Output modules

: Like input modules, output modules come in two basic varieties, analog and digital.

Analog outputs

: These outputs provide analog signals that can be used to drive analog actuators, such as valve positioners. To produce this type of output signal, the module must perform a D/A conversion process on the values received from the CPU before they can be applied to the output terminals.

Digital outputs

: These modules provide On/Off output signals for controlling two position actuators. Like digital input modules, digital output modules are available that can supply from 8 to 128 different output connections.

Comm modules

: These are communication modules that allow the CPU to communicate with other intelligent devices across the backplane's I/O bus. This has historically been done through standard asynchronous serial communication protocols such as RS-232 and RS-485 channels. However, newer industrial communications options are being introduced to the PLC communications, including different IT and telephony-based protocols, such as TCP/IP communication over Ethernet, Bluetooth, and Zigbee.

Remote Telemetry Units

Another common industrial controller is the remote telemetry unit, commonly referred to simply as an RTU. RTUs are small intelligent control units deployed at selective locations within a process, or set of processes, to gather data from different sensors and deliver commands to control relay outputs. Figure 1.9 shows a typical RTU.

FIGURE 1.9 An RTU controller

Telemetry is the process of using sensors to collect information in a remote location and transmitting it to another location for processing.

Like PLCs, RTUs can employ digital or analog input sensor devices designed to measure variables such as electrical currents and voltages, pressure, light levels, flow rates, fluid levels, turbidity, pH, rotary speed, etc. The analog inputs accept input signals from sensors within a given range. Common analog input signal ranges include 0 to 1mA or 4 to 20mA current ranges, or 0 to 10Vdc ranges, as well as +/-2.5V or +/-5.0V ranges. For sensor types that produce signal ranges outside of these parameters, some type of signal level translating interface device must be installed between the sensor and the input port. These industry-standard signaling methods and ranges are selected by different equipment manufacturers based on sensors used in different applications.

Voltage signaling is used in many sensor applications because it is relatively simple to implement. However, voltage signaling is susceptible to electrical noise interference and transmission distance limitations. Current signaling standards have historically been the accepted method of transporting sensor information because their response is more linear than voltage signaling methods as well as providing greater noise immunity.

While there have been different current loop standards presented, the 4 to 20 mA DC current standard has been the go-to standard for the industrial sensor market. This standard offers linear signal response, good noise immunity, longer transmission distances, and intrinsic safety for personnel and in hazardous environmental conditions.

RTUs can also provide analog and digital outputs to work with a wide array of different control devices. However, analog outputs are not commonly used with RTUs. The digital outputs provide On/Off control for actuators such as electrical circuits, solenoid valves, lights, and heaters, etc., as needed to manage the process. RTUs that do offer analog output channels can be used to provide continuously variable control of devices such as valve positioners and heating elements.

Unlike PLCs, RTUs are not designed to be stand-alone controllers. Instead, they are better suited for operations in widely distributed control systems. While they have internal memory and do control local activities, they are designed to work with a supervisory controller in distributed or SCADA-based control systems. However, they can also receive process data from local IED controllers.

Communications with supervisory controllers and IED controllers are conducted using standard communication media and protocols. These include RS-232 and RS-485 serial connections as well as Ethernet network connections. Modbus is the prevalent protocol for communicating with RTUs.

Figure 1.10 illustrates a typical RTU implementation. In this example, multiple RTUs are involved in controlling different sections of a distributed process. As with the earlier PLC example, the RTUs maintain local control under the direction of the remote supervisory controller.

FIGURE 1.10 A typical RTU implementation

Intelligent Electronic Devices

In an electric power generation and distribution environment, a third type of intelligent process controller is becoming more popular—the intelligent electronic device, or IED. These controllers are a form of RTU designed to provide protection, control, monitoring, and communications directly with a supervisory controller. These devices provide a direct interface for monitoring and controlling the different sensors and actuators in the process, and they can communicate directly with the supervisory controller, a local RTU, or other IEDs.

Like RTUs, IEDs typically have small memory units that hold programming for controlling the local process so they can act without direct or constant instructions from the supervisory controller; however, they are not designed to take over full control of a process. Common IED applications include intelligent protective relays, digital fault recorders, power/current/voltage meters, and RTU functions.

Distributed Control Systems

When processes become too complex for a single controller or its components are geographically separated, it becomes necessary to distribute the control function over multiple controllers to form a distributed control system(DCS).

Figure 1.11 shows a process that is segmented into three discrete subsections, or process units, each of which has its own local controller. A unit process is defined as a group of operations within a production system that can be defined and separated from the other unit processes of the system. Each process unit is defined by a specific set of inputs and outputs associated with the tasks the process unit was designed to perform. Even though the process control function has been distributed across multiple controllers, the control system is not complete. In this example, there are three different devices applying control functions to their segments of a continuous process without regard to activities occurring in the other segments.

FIGURE 1.11 Distributed controllers

Field Buses

For efficient control of the entire process, some additional control method must be added to the control system to coordinate the activities of the three local controllers. The most fundamental method of doing this is to interconnect the controllers and then make one of them the master controller, as illustrated in Figure 1.12. The controllers are physically linked together through a field bus and logically linked through an industrial communications protocol. The protocols used over these buses include the Modbus and DNP3 protocols described in detail in the Industrial Network Protocols section of Chapter 2.

FIGURE 1.12 A master controller configuration

A field bus can be any one of several proprietary instrumentation buses designed by industrial control groups to provide communication and coordination between intelligent control devices. These buses can also be used to connect smart IED sensors and actuators to the controllers and eliminate the need to construct point-to-point wiring bundles from each process unit's controllers to their sensors and actuators.*

*Smart IED devices can be added to a field bus provided they can communicate through the same protocol as the other devices on the field bus. However, analog and non-microprocessor-based digital sensors and actuators still require independent wire runs between the devices and the controller's inputs and outputs.

Supervisory Controllers

The other method commonly used to efficiently control multiple process units in a distributed process operation is to add a supervisory controller to the ICS, as illustrated in Figure 1.13. In this configuration, the supervisory controller is programmed to monitor the operation of each local field control device and send coordinating instructions back to each controller as needed. In such systems, the supervisory controller does not directly control the different process units; it merely oversees and coordinates the operations of their local controllers.

FIGURE 1.13 Adding a supervisory controller

This arrangement represents a typical DCS that would be implemented to efficiently control a complex or widely distributed process. As with the previous example, the controllers in this distributed ICS could be interconnected through any one of several field bus types.

This distributed intelligence model optimizes the computing power of all the control devices to execute, control, manage, and protect the complete process. The local controllers are typically intelligent devices attached directly to the input and output devices used to monitor and control their portions of the overall process.

Most industrial process control scenarios require high-speed, real-time data acquisition and control functions to maintain proper control of the process. This is a very different requirement than those typically applied to enterprise computing devices that typically do not need to process data in real time.

One of the key differences between intelligent devices designed for use in industrial control systems and those designed for enterprise computing and networking environments is the need for real-time processing. This means that ICS devices and programming must be geared to high-speed, low-overhead processing.

Because the supervisory controller is not directly involved in the details of controlling the process, it does not need to be optimized for speed. These controllers are often normal stand-alone computers or industrial servers running supervisory control and data acquisition software applications.

The presence of the local field controllers enables more task-specific intelligent processing to be performed local to the process, while the supervisory controller provides coordination and cooperation between these devices through some type of industry-standard communications channel.

In addition to interfacing with the field-level controllers, the supervisory computers often provide interactive visual control panels, such as the one depicted in Figure 1.14, for human operators involved with the process. This control panel is referred to as a man-machine interface(MMI) or a