This document discusses the differences between industrial control systems (ICS) and information technology (IT) in terms of cyber security. ICS are used in industrial production to control systems like SCADA and DCS, while IT refers to general business computing. Key differences are that ICS have stricter availability requirements, longer lifecycles, proprietary protocols and specialized software. The document also notes that modern ICS now leverage more off-the-shelf IT components and standards, making them more interconnected and vulnerable to cyber threats like hacking. Finally, it presents ABB's approach to ICS cyber security which includes assessment, first aid services, monitoring with Industrial Defender, and lifelong maintenance through assessment and training.

1. Marco Biancardi, Power Systems Division, BU Power Generation, October 2013
Cyber Security
Differences between Industrial
Control Systems and ICT approach

2. Introduction
Definitions
Information Technology (IT)* is the application of computers
and telecommunications equipment to store, retrieve,
transmit and manipulate data, often in the context of a
business or other enterprise. The term is commonly used as
a synonym for computers and computer networks
Industrial Control System (ICS)* is a general term that
encompasses several types of control systems used in
industrial production, including supervisory control and data
acquisition (SCADA) systems, distributed control systems
(DCS), and other smaller control system configurations such
as programmable logic controllers (PLC) often found in the
industrial sectors and critical infrastructures
* Source: Wikipedia

3. Introduction
Cyber security: a definition
Measures taken to protect a computer or computer system
(as on the Internet) against unauthorized access or attack*
*Source: Merriam-Webster’s dictionary

4. Introduction
Why is it an issue?
Isolated devices
Point to point
interfaces
Proprietary
networks
Standard
Ethernet/IPbased networks
Interconnected
systems
Distributed
systems
Modern SCADA, automation, protection and control systems :
 leverage commercial off the shelf IT components (i.e. MS Windows, Internet
Explorer)
 use standardized, IP based communication protocols
 are distributed and highly interconnected
 use mobile devices and storage media
Modern control systems are specialized IT systems, with multiple vulnerabilities
Hacking
Employee Mistake
Malicious software
installed via USB port

5. Differences
Office IT vs Utilities/Industry: …they are different!
Corporate/Office IT
Utilities/Industry
Environment
Offices and «mobile»
«in the field»
People/Equipment
Ratio
# of Equipment ~= # of people
Few people, many equipment.
Object under protection
Information
Industrial process: availability
Risk Impact
Information disclosure, $$$
Safety (life), Health, Environment, Information disclosure, loss of
production, downtime, repairing costs, $$$
Availability
requirements
3,65 days)
System lifetime
3-5 years
15-30 years
Security focus
Central Servers (CPU, memory,…) and
PC
Server/PC + distributed systems, Sensors, PLC,…
Operating systems
Windows
Windows + proprietary
Software
Consumer Software , normally used on
PC
Specific
Protocols
Well known (HTTP over TCP/IP ,…) /
mainly web
Industrial (TCP/IP, Vendor specific) / polling
Procedure
Well known (password,…)
Specific
Main actors
IBM, SAP, Oracle, etc.
ABB, Siemens, GE, Honeywell, Emerson, etc.
95%-99% (accept. downtime/year: 18,25 –
99,9%-99,999% (accept. downtime/year: 8,76 hrs – 5,25 minutes)

6. Introduction
A definition in the context of power and automation
technology
*source
MerriamWebster’s
dictionary
Measures taken to protect a
computer or computer
system (as on the Internet)
against unauthorized access
or attack*
translates into
Measures taken to protect
the reliability, integrity and
availability of power and
automation technologies
against unauthorized
access or attack

7. Threats
Where are attack sources?

Accidents / Mistakes

Rogue insider

Malware

Thieves / Extortionists

Enemies / Terrorists
Likelihood

Likelihood is unknown

Consequences are potentially huge

8. Threats
What if…

What if this information gets disclosed

What if someone opens a breaker

What if it does not open when it should

What if I cannot operate a device/PLC

What if someone else can operate a device/PLC

What if a transformer is overloaded due to a wrong
temperature reading?

What if a protection is not working properly?

What if a not-authorized person can access
supervision/control network?

What if a not-authorized person can access DSO/TSO
network?

What if a blackout happen in cold winter?

9. Threats
World news

10. Solutions
How can you proceed?
Keeping up-to-date
Awareness
Check Actual Status
Assessment
What if…
Follow-up
Dedicated solutions
Continuous monitoring
Cyber
Security Cycle
Operational
Security
100% Security does not exist. Security:
 Is not a product but a process
Risk
Mitigation

11. Solutions
ABB Service Approach
Different
service
levels,
based on
project
status
1. ASSESSMENT
Site Inventory
Risk Assesment
2. FIRST-AID SERVICE
Design Review
HW update & Hardening
SW service
Analysis
Report
Patch management
Account management
Antivirus management
Backup&Restore management
3. INDUSTRIAL DEFENDER
Manage
Monitor
hardware/software
4. ACROSS-LIFE
Keeping up-to-date
Training
Recurrent Reports/ Coursewares

12. Why ABB
Defense in depth
Strong
(Secure)
ABB
products
+
Industrial
Defender
Solutions
Defense in depth