Product Details Supplier Info More products

Invensys Operations Management has unveiled a range of technology and services designed to help clients protect plant assets from cyber attacks.

Part of the company’s I/A Series 8.5 suite of offerings, the cyber-security solution includes control system enhancements and consulting services that support compliance requirements of new cyber-security standards, such as those put forth by the North American Electric Reliability Corporation (NERC).

The Federal Energy Regulatory Commission (FERC) is adopting NERC standards CIP-001 through CIP-009, encouraging companies to become NERC compliant by 2010.

This means having to learn the requirements, design and implement the policies and procedures and, in some cases, install additional equipment.

Ernie Rakaczky, principal security architect at Invensys Operations Management, said: ‘Technology solutions implemented through the control system, intrusion prevention, firewall and other technology are important, but comprehensive cyber protection also involves changes in policies and practices that have little to do with technology.

‘Emerging standards reflect this.

‘We are pleased that we can offer our clients the technology they need and to do so as a consultative partner, first to help them identify vulnerabilities in their current operations and then provide standards-compliant solutions to fill those gaps,’ he added.

Through a combination of system-centric and consulting solutions, the company claims that it delivers a number of benefits, the first of which is a reduction in risk associated with cyber-security threats.

This enables a higher level of performance and predictability of client systems and networks, prevents possible business outages and diminishes the threat of lost revenue as a result of serious safety, environmental and personnel catastrophes.

Among the I/A Series technology features that support cyber-security protection and compliance are: the ability to create stronger passwords, such as by mixing types of characters, controlling length and managing failed-password attempts and password ageing; the ability to reduce lock-down security vulnerability; and strengthening workstation hardware to remove unused programs, services and ports.

Both of the primary control processors used in I/A Series systems, for example, have received Level 1 Achilles Certification from Wurldtech, a provider of cyber-security testing and certification for critical infrastructure industries.

Matthew DeAthos, manager of portfolio marketing for Invensys, said: ‘A distributed control system retrofit and implementation can increase production performance, while at the same time provide cyber-security protection and compliance.

‘We recently installed a DCS for a power industry client that helped it meet NERC standards well before the deadline, as well as increased its engineering functionality by approximately 50 per cent, giving it the ability to add new displays, implement logic changes and install new parameter interlocks for the better handling and management of alarms,’ he added.

Depending on the client’s situation, a typical Invensys cyber-security consulting offering includes: gap analysis assessment against standards; the development of a plan to address shortcomings; the development of an overall security architecture; integration with IT and other systems and procedures; the validation of cyber-security policies and procedures; and the execution and implementation of security upgrades and procedures.

Power companies that do not comply with new standards could face fines levied by NERC and FERC auditors beginning in 2010.

Fines will be based on the percentage of requirements met and the number of days the plant remains non-compliant.

In addition to the NERC cyber-security standards, which apply only to the power industry, other standards are emerging from the Department of Homeland Security (DHS), the International Society of Automation (ISA) and the National Institute of Standards and Technology (NIST).

While these do not yet have compliance deadlines, they provide manufacturers with additional guidance in protecting assets.

Invensys Operations Management

View full profile