Security Management Systems

Violation of the safety of process control systems can lead to disastrous consequences in terms of human casualties, negative environmental impact, damage to the production chain, damage to equipment, theft of confidential information and damage to the image of a company.

In recent years, a number of malfunctions in the operation of control systems have been noted, which had more or less serious consequences and were caused both by a combination of circumstances and by malicious actions. Here are some of them:

• Fan blackout in a number of regions of the USA and Canada in 2003. The cause of the accident is the coincidence of a number of adverse factors, including network congestion and a computer failure.
• The accident in 2005 at the electric substation No. 510 Chagino , as a result of which a number of districts of Moscow, the Moscow region and adjacent areas were deprived of power supply. The cause of the accident is the coincidence of a number of adverse factors: deterioration of equipment, heat, lack of professionalism of employees.
• The attack of the industrial malware Stuxnet , which hit Iranian industrial enterprises in 2010 related to the country's nuclear program ^[1] .
• Disaster in 2011 at the Fukushima nuclear power plant. Its cause was a failure due to a common cause of equipment after the earthquake and tsunami.
• Disconnection at the end of 2015 of power supply in several regions of Ukraine ( Ivano-Frankivsk , Chernivtsi and Kiev regions). The cause of the accident was the impact of the Industroyer malware, introduced, according to representatives of Ukrainian companies and special services, by Russian hackers ^[2] . The power failure repeated at the end of 2017. Ukrenergo again blamed the attackers from Russia ^[3] .

Industrial automation and control systems have become much more vulnerable due to trends that have been observed over the past 15-20 years. The main reasons for this are:

• Increasingly widespread adoption of standard commercial programs (COTS) and protocols. The integration of technologies such as MS Windows, SQL, and Ethernet means that process control systems are now often vulnerable to malware that affects public networks.
• The integration of the enterprise (using factory, corporate, and even public networks) means that often outdated process control systems today are exposed to impacts that were not taken into account in their development.
• Functional redundancy of ACS equipment. The widespread use of complex programmable controllers and processors for controlling standard and simple processes with a predetermined range of parameters where the use of unmodifiable, so-called “ hard logic ” solutions can be sufficient makes them vulnerable to failures or to reprogramming and monitoring by attackers.
• The growing demand for remote access. 7/7 round-the-clock access for engineering, operational or technical services, along with convenience, also means an increased risk of unsafe or malicious connections to control systems.
• Availability of information. Guides on the use of control systems are available to both legitimate users and attackers.

An increase in the number and rapid change in the types of threats by automated enterprise management systems occurred at the beginning of the 21st century. Despite the fact that the widespread adoption of industrial control systems took place several decades earlier, when the level of such threats was orders of magnitude lower, it is important to analyze the systems created then taking into account the current level of threats ^[4] .

• A detailed audit of the network security of enterprises and their process control systems. Particular attention should be paid to the architecture of those systems that were built several decades ago, when the danger level was at a much lower level. Audit of ACS failure risks for a common reason.
• Refusal of redundant systems with reprogrammable logic. When the number of control tasks to be performed is initially known, it is advisable to switch to systems with predetermined rigid logic isolated from external networks, which are practically impossible to intervene from without.
• The introduction of the so-called "diverse actuation system" (diverse actuation system), when the existing ACS is supplemented by another, built on other software or hardware and solving the basic security tasks. Similar systems are already used at some nuclear power plants and are recommended for even greater application by the IAEA ^[5] , since they reduce the risk of failure for a common reason - not only due to a programming error or malicious hacker attack, but also to such phenomena as overheating due to failure air conditioning systems, fire, flooding during fire fighting, etc. Similar protection systems are implemented, for example, by the Moscow Fizpribor plant at the Novovoronezh NPP and are currently being implemented by the French company Orano at the British nuclear power plant in Hinkley Point . However, this principle applies not only to the nuclear industry, but also to any hazardous process control systems.

It is generally accepted that the United States became one of the first countries to express concern not just about cybersecurity, but specifically the security of control systems. In particular, the US government Computer Emergency Response Team (CERT) has established a Security Management Systems Program (CSSP) ^[6] , which provides a large set of free national standards and technologies ^[7] (NIST) regarding security management systems.

European countries are also becoming increasingly concerned about these issues. For example, in the Federal Republic of Germany, the Federal Office for Information Security (Das Bundesamt für Sicherheit in der Informationstechnik) deals with information security issues and the National Cybersecurity Center controls the critical objects of the national IT infrastructure and economy, including the security of control systems. In addition, at the initiative of the German Ministry of Defense and the Ministry of Foreign Affairs, a new structure is being created - the Agency for Innovation and Cybersecurity (Agentur für Innovation in der Cybersicherheit) ^[8] .

Russia, according to the cybersecurity index for 2017 ^[9] , which is published by the International Telecommunication Union (ITU), entered the group of leading countries and ranks tenth - in front of Japan and Norway and after France and Canada. The issues of industrial systems security at the state level are dealt with by the Federal Service for Technical and Export Control (FSTEC of Russia) accountable to the Ministry of Defense. In April 2017, the national standard GOST R IEC 62443-3-3-2016 “System Security Requirements and Security Levels” ^[10] introduced by order of the Federal Agency for Technical Regulation and Metrology of June 1, 2016, No. 469-st, has been in force in Russia ^[10] . This standard is harmonized with the international safety standards of industrial control systems.

The ISA / IEC-62443 standard, developed by the International Automation Association, is a series of protocols, technical reports and relevant information that define the implementation procedures for electronically-protected industrial automation and control systems. This standard applies to end users, system integrators, security professionals, and control system manufacturers who are responsible for manufacturing, designing, implementing, or managing industrial automation and control systems.

This standard was originally called ANSI / ISA-99 or ISA99, after the International Automation Association (ISA), by which they were created. In 2010, due to the harmonization of ISA and ANSI documents with the relevant standards of the International Electrotechnical Commission (IEC), the standard was renamed ANSI / ISA-62443.