Section 2
General security deployment guidelines
12
protection and control relays. Protection and control relays are from the automation
system perspective on the lowest level and closest to the actual primary process. It is
important to apply defense-in- depth information assurance concept where each layer
in the system is capable of protecting the automation system and therefore RIO600s
are also part of this concept. The following should be taken into consideration when
planning the system protection.
•
Recognizing and familiarizing all parts of the system and the system's
communication links
•
Removing all unnecessary communication links in the system
•
Rating the security level of remaining connections and improving with applicable
methods
•
Hardening the system by removing or deactivating all unused processes,
communication ports and services
•
Checking that the whole system has backups available from all applicable parts
•
Collecting and storing backups of the system components and keeping those up-
to-date
•
Changing default passwords and using strong enough passwords
•
Separating public network from automation network
•
Segmenting traffic and networks
•
Using firewalls and demilitarized zones
•
Assessing the system periodically
•
Using antivirus software in workstations and keeping those up-to-date
It is important to utilize the defence-in-depth concept when designing automation
system security. It is not recommended to connect a device directly to the Internet
without adequate additional security components. The different layers and interfaces
in the system should use security controls. Robust security means, besides product
features, enabling and using the available features and also enforcing their use by
company policies. Adequate training is also needed for the personnel accessing and
using the system.
1MRS757488 H
Installation and Commissioning Manual
RIO600