IT Security for Safety-Critical Automation Systems

The protection of safety-critical and infrastructure systems (such as automation systems for utilities, but also for manufacturing plants) against electronic and communication network based attacks becomes more and more important. This paper investigates how such safety-critical plants and automation systems can be secured against information system and network based attacks. The two common approaches, hard perimeter, and defense-in-depth are discussed. Based on the defense-in-depth approach, a conceptional, generic security zone model for use in analysis and synthesis of a plant security architecture is proposed, and for each of its zones a survey of the available and appropriate security mechanisms is given. Using an example from the substation automation domain, it is shown how threats and counter-measures can be systematically derived and how the specific system and usage characteristics of automation systems (or at least their restricted safety critical sub-functions) can be exploited in a positive way to deploy security mechanisms that would in this form not be available and applicable to home or office information systems.