The tools and techniques used to defend the communication networks of financial institutions, other large corporations and federal government agencies from cyber-attacks can also secure process control and SCADA networks. This paper describes how enterprise security tools such as firewalls, IP Security (IPsec) virtual private networks (VPNs), Advanced Encryption Standard (AES) encryption and RADIUS authentication, in addition to techniques such as defense-in-depth and event log audits, can defend field process control and SCADA networks against cyber-attacks.

Modern process control and SCADA systems require two-way information flow to increase business and process interaction. Oil exploration, production and refining sites are turning to Internet Protocol (IP)-based wireless networks to monitor and control thousands of devices such as programmable logic controllers (PLCs) and SCADA endpoints. While IP networks provide substantial value, they come with fear of increased exposure to cyber-attacks.

However, IP networks also confer security advantages. The tools and techniques used to thwart cyber-attacks on IP networks have been honed for years by enterprises and are constantly updated to battle emerging threats. For over a decade, enterprises have faced, and have largely been successful in defending against, the security challenges that now confront IP-based process control and SCADA networks. Proven and time-tested tools and techniques are available to combat cyber-attacks. Enterprises with stringent security requirements have transitioned to IP while strengthening their security capabilities. Industry standard tools can provide cyber security for process control and SCADA networks that is comparable to that of the most mission-critical enterprise networks in the world.

IP-based process control and SCADA networks provide many advantages. By securing these networks using enterprise tools and techniques, oil exploration, production and refining companies can reap the benefits of IP networking while simultaneously enhancing cyber-security.

You can access this article if you purchase or spend a download.