Compliant Security of Control Systems
Cyber attacks pose a major challenge for the operational reliability of decentralized power plants in critical infrastructures. Many power plants and industrial plants are not armed for dealing with malware targeted on industrial automation and control systems (IACS).
Especially PLC, HMI and SCADA systems are vulnerable targets as cyber attacks on such systems could lead to a massive disruption in operation or even outage of the entire power plant. These direct impacts on the power supply often come along with economic losses as well as loss of reputation and trust.
International standards and regulations provide guidelines for effective cyber security in plant operation and create secure, CRITIS-compliant environments for manufacturers, integrators and operators.
As a specialist for power plant control systems, Kuhse is your competent partner for “cyber secure“ and CRITIS-compliant control solutions. Whether consulting, production, commissioning or service - we offer all services from a single source.
Challenges
Increasing complexity in the field of IT security due to
- digitization of Industrial Automation & Control Systems (IACS), including control systems for decentralized power generation systems
- rapidly growing technologies for Industry 4.0
- increasing interconnectivity between industrial data networks (OT) and enterprise data networks (IT)
Interconnectivity
- Protection of previously isolated areas and network zones against possibilities of cyber attacks
- Increasing number of vulnerabilities in industrial control systems (IACS), of which 20% is related to the energy sector
- Application of IT security concepts on the OT environment under considera-
tion of disparate priorities:- IT: data and information protection
- OT: reliability and availability as well as a long life span
Standards and Certifications
International standards and Cyber Security programs are based on global best IT practices and technologies for the development and integration of secure and CRITIS-compliant systems.
Spectrum of Technical Measures for Integrators
Depending on their needs, we support our customers in selecting and implementing the relevant technical measures for their application:
Kuhse as a System Integrator
In the cyber security standard IEC 62443, tasks and services for the different roles are predefined.
Kuhse as a System Provider and Integrator of “cyber secure“ industrial control systems for decentralized power generation applications is responsible for
- the professional cyber security engineering of the control system (according to architecture and design)
- the integration of the control system into the decentralized power generation plant regarding cyber security aspects.
Kuhse as a Service Partner
In the role of a Service Partner for integrators and asset owners resp. operators of decentralized power generation applications Kuhse takes care of
- professional extended maintenance of our industrial control systems to ensure continuously cyber- secure operation
- supporting the owner‘s service personnel in case of cyber attacks and other according violations.
KUHSE CYBER SECURITY PREMIUM PACKAGE
for Power Generation Plants with extended cyber security requirements
Technical Measures
- Network architecture & enhanced network security by means of suitable segmentation
- Central management of user accounts, access and permissions
- User authentication via two-factor-authentication
- Minimizing the physical and logical accessibility and thus points for potential attacks
- Hardening and strengthening of the control system (hardware, software, services)
- Logging of logins, login attempts and respective violations
- Backup / restore and disaster recovery tools and procedures
Service Measures
- Process manual for operation, maintenance and dealing with cyber attacks
- Training of the owner‘s operators and service personnel
- Repeating tests for ensuring the effectiveness of technical measures and implemented procedures
- Updates for network security devices, relevant control system components and implemented security tools (after verification) (patching, anti-malware, application whitelisting, digital certificates)
KUHSE CYBER SECURITY BASIC PACKAGE
for Power Generation Plants with basic cyber security requirements
Technical Measures
- Network architecture & basic network security by means of suitable segmentation
- Management of user group accounts, accesses and permissions
- User authentication via two-factor-authentication
- Limitation of physical and logical accessibility and thus points of potential attacks
- Hardening of network & security devices, relevant control system & maintenance devices
- Logging of logins and login attempts
- System backup after delivery and commissioning
