Subscribe to be notified for updates: RSS Feed

Christy Thomas

Home
Industrial Control Systems Cybersecurity
Christy Thomas

Christy Thomas

ICS SECURITY ADMINISTRATOR, TECHNOLOGY IMPROVEMENT DEPARTMENT, EQUATE Petrochemical Company

Christy Thomas has close to 33 years of experience in automation and control systems. He has working experience in the design, commissioning and maintenance of Industrial Control Systems (ICS) network. Having worked in steel and petrochemicals processing facilities since his engineering graduation in 1984 and post graduation in MBA in 2003, he had been serving as Senior Engineer for industrial process control network. He is a TUV certified Functional safety engineer with additional knowledge in establishing ICS networks for grass root facilities. At present, he is the Senior process Automation Engineer working as ICS Security Administrator for EQUATE petrochemical Co., in Kuwait.

Industrial Control Systems Security – Myth or Reality

Industrial Control Systems Cybersecurity

Abstract: Over the past decade, process industries witnessed dramatic changes in process control systems including hardware platforms, operating systems, network structures and system infrastructures over and above rapid advancements in IT. Today’s open protocols are revolutionizing solutions for process control and data acquisition. End users benefit from the flexibility of sharing data among many functional areas within their facility, but with an added tax – “face the vulnerabilities that corporate networks come across”.
Proprietary control systems have given way to open systems. Adoption of IT platforms for operations technology brought with it the primary challenge of multi skilled resources to support the new environment. This necessitated, either the control systems professional to orient on IT discipline or to the more harder reality of changing the mindset of IT professionals.
Commonly misunderstood myths on ICS security are: ‘we are not connected to internet, we are secure because we have a firewall, hackers do not understand DCS, PLC and SCADA systems, our facility is not a target, and Our safety systems will protect against any harm’. It’s a common conception that for Industrial Control Systems Security is that getting it right is a technical challenge. However, looking back at almost a decade of ICS Security administration, the technical challenges were the least. The more significant challenges are about people and process. Next to the ubiquitous disconnect between OT and IT, one need to deal with local cultural imperatives and legislation, efficacy of security assurance and risk management and the unavoidable multi-vendor control systems platforms.
A structured process control topology with a robust backbone enables a right security environment. Security frame work shall drive the process control network security policies and customized procedures such as – patching and hot fixes of legacy control systems, security incidents management etc.
A proactive ICS security model consisting of threat & risk assessment, assets identification and inventory, security controls, vulnerability management, incident response, policies and procedures, lessons learned & security awareness.
The presentation is designed to throw light on the Myths & Reality of ICS security assurance, by analyzing the IT and OT Convergence as well as OT Security Assurance.

Copyright 2016 DMS Global - Design by DMS Cybernation