When adding, modifying, or upgrading a system, many critical infrastructures conduct a factory acceptance test (FAT). A FAT includes a customized testing procedure for systems and is completed before the final installation at the critical facility. Because it is difficult to predict the correct operation of the safety instrumented system or consequences due to failures in some parts of the system, a FAT provides a valuable check of these safety issues. Similarly, because cyber security can also impact the safety of critical systems if a system is compromised, it makes sense to integrate cyber security with the FAT.
An integrated factory acceptance test (IFAT) is a testing activity that brings together selected components of major control system vendors and plant personnel at a single place for validation and testing of a subset of the control system network and security application. An IFAT provides important benefits, including time savings, cost savings, improved ability to meet compliance requirements, and increased comfort level with integrated security solutions.
Integrated Controls Testing
Industrial control system (ICS) is a general term that encompasses several types of control systems used in industrial production, including the familiar supervisory control and data acquisition (SCADA) systems, distributed control systems, and other smaller control system configurations such as programmable logic controllers, which are often found in critical infrastructures such as electricity, water, and gas utility systems.
Over the past three decades, several hundreds of these protocols have been developed for both serial, local area network, and wide area network communication systems in industries including wastewater and electrical generation/distribution. Approximately 10 protocols currently dominate the industrial marketplace, including Modbus, Distributed Network Protocol (DNP3), EtherNet/IP, process fieldbus (Profibus), and Foundation fieldbus.
The choice of protocol is typically a function of the operating requirements, industry preference, vendor, and the system’s design history. For example, in a power utility’s SCADA system, a master located in a central facility could use the DNP3 protocol to query and control slave remote terminal units (RTUs) distributed in remote substations. SCADA systems and RTUs have published standards for communication between control centers, acceptance of alarms, issuance of controls, and polling of data objects such as Modbus. Over the past few years, these standards have moved toward a more open standard for SCADA systems and away from proprietary protocols, for example, TCP/IP Layer 3, and Layer 4. Other protocols, such as fieldbus and Profibus, are either analog or point-to-point, making them inherently difficult to secure.
SCADA applications are also very delay-sensitive, and newer protocols such as Frame Relay, Gigabit Ethernet, and Asynchronous Transfer Mode introduce data delay that can cause SCADA protocols to assume errors in the link. The traditional SCADA system was a closed serial network that contained only trusted devices with little or no connection to the outside world. As control networks evolved, the use of TCP/IP and Ethernet became commonplace, and interfacing to business systems became the norm. This connectivity increases the exposure to security risks and, as a result, increases vulnerabilities to process and SCADA networks.
Email
Comments
Print
Reuse
