Understanding of Manufacturing Industries
Manufacturing Industries Categorized into process-based and discrete-based manufacturing.
process-based manufacturing
(1) Continuous Manufacturing Processes
(2) Batch Manufacturing Processes
Both process-based and discrete-based industries utilize the same types of control systems and sensors. In both processes, communications are usually performed using a local area network (LAN).
Industrial Control Systems (ICS) Includes
- Supervisory Control and Data Acquisition (SCADA) systems,
- Distributed Control Systems (DCS)
- Control system configurations such as Programmable Logic Controllers (PLC)
Control systems are used in many different industrial sectors and critical infrastructures including manufacturing, distribution, transportation, oil and natural gas, pharmaceutical, electric, water and wastewater, chemical, food and beverage.
Use of ICS component in Manufacturing
- SCADA systems are generally used to control dispersed assets using centralized data acquisition and supervisory control.
- DCS are generally used to control production systems within a local area such as a factory using supervisory and regulatory control.
- PLCs are generally used for discrete control for specific applications and generally provide regulatory control.
Why tailored solutions are needed to secure manufacturing industries / ICS environments.
A one-size-fits-all approach won’t work, and tailored solutions are crucial for ICS environments and the corporate IT network. As IT systems manage the data but ICS control the physical world, special precautions, security solutions are needed that are tailored to the ICS environments.
Special consideration includes.
(1) Delayed data transmission can disturb critical processes, including production stoppages, equipment damage, etc. Network performance is crucial for the smooth operation of physical systems. Hence, it is required to isolate critical control systems from non-critical control systems to minimize congestion and prioritize control data transmissions.
(2) Typically, IT strategy rebooting components are not acceptable solutions due to their adverse impact on the requirements for high availability, reliability, and maintainability.
(3) ICS operating systems (OS) and control networks are often quite different from their IT counterparts, requiring different skill sets, experiences, and levels of expertise.
(4) Most IT components and some ICS are located in business and commercial facilities. The component location also needs to consider necessary physical and environmental security measures.
ICS this means a defense-in-depth strategy that includes:
• Addressing security at every stage, including architecture design, procurements, installation, maintenance, and decommissioning.
• Establishing a network architecture at the various tiers, where the most crucial communications take place.
• Providing logical separation between the corporate and ICS networks.
• Prevent direct traffic between the corporate and ICS Networks.
• Ensuring that critical components are redundant and are on redundant networks.
• Critical systems are designed to be fault-tolerant in order to stop disastrous cascading events.
• Disabling unused ports and services on connected devices after testing to assure this will not impact ICS operation.
• Restricting physical access to the ICS network and devices.
• Establishing role-based access control and configuring each role based on the principle of least
Privilege.
• ICS network accounts do not use corporate network user accounts.
• Implementing security controls such as intrusion detection, antivirus and file integrity checking software.
• Evaluating each security patch in the field on a test system before quickly deploying it and installing it on the ICS.
• Tracking and monitoring audit trails on critical areas of the ICS.
• Employing reliable and secure network protocols and services where feasible.
In summary,
It is necessary to implement cybersecurity and operational methods with more sophistication due to the operational and risk differences between ICS and IT systems. IT professionals need to know how to create secure networks for manufacturing businesses.