Maintaining effective barriers between the different levels of your organization’s network is essential to protecting your control systems from cybersecurity breaches. Implementing a layered network topology, with monitored security equipment forcing authentication between layers will help you mitigate risk.
Taking the right steps to segment and lock down your network can mean the difference between rejecting and inviting a cybersecurity breach:
1. Segregate your control networks from other networks in use at your site
- Each network must be separated from the next level network
- Network equipment including firewalls should be monitored at all times
2. Block access to the internet from the control system level
- Never allow direct access to the internet from the DeltaV™ distributed control system environment
- Make sure communication ports allowed to/from control systems do not expose any risks
- If known vulnerable services or protocols are required, the risks should be mitigated as part of the cybersecurity design for the given deployment
3. Ensure that employees with access to any on-site system have only the “least privileges” access necessary to perform their job functions
- Not everyone should be a system administrator!
- Review all assigned user accounts periodically, update accounts for personnel changing jobs
- Proactively disable accounts used by temporary or terminated employees
Want to learn if your organization is as secure as it could be? Attend a cybersecurity workshop at Emerson Exchange 2017.
Session: 3-15108 - Are Your Plants Cybersecure? - Attend This Workshop Before You Answer
Date: Tuesday, Oct 3 or Thursday, Oct 5
Time: 3:15 PM - 4:00 PM
https://www.emersonexchangeregistration.org/2017/connect/sessionDetail.ww?SESSION_ID=15108
Rick Gorskie
Global Sales Manager - Cybersecurity
Emerson Automation Solutions