Journal of Critical Infrastructure Policy
1-4 which are considered the lower layers , mostly applicable to moving data . They do not consider real time performance or latency in any manner . Layers 5-7 , the upper layers , contain application-level data . Networks operate on one basic principle : “ pass it on .” Each layer takes care of a specific function , and then passes data to the next layer ( Shaw , 2018 ). 8
A typical control system is composed of Level 0,1 devices ( e . g ., process sensors , actuators , and drives ) connected to Level 2 controllers that are linked to process control networks and Human Machine Interfaces ( HMIs ), also known as operator displays , at Level 3 . In turn , they are connected to archival databases and offsite facilities including the Internet at Level 4 . Levels 3-4 have the capabilities for cyber security and cyber logging and generally use IP networks . There is another Level that could considered which is the “ the Cloud .” The process sensors and actuators operate almost exclusively in near-real-time ( microseconds to milliseconds ), whereas the HMIs ( operator displays ) provides information on the order of seconds to minutes . Sensors and actuators can operate , and in most cases were designed to function , without the IP network . In fact , following a 2015 Russian hack of the Ukrainian electric distribution network , 9 the electric distribution system was operated for months without the IP network as the network could not be trusted .
Figure 3 illustrates the equipment and information flows of a typical process system from the Process ( Purdue Reference Model Level 0 ) to the Enterprise Resource Planning ( ERP ) systems ( Purdue Reference Model Level 4 ). Generally , the Demilitarized Zone ( DMZ ) server resides at Level 3.5 — the interface between the control and business networks . Technology has moved the intelligence down to lower level devices , enabling modern smart sensors to not only sense , but , , to also serve as PLCs and gateways . Since they are equipped with Ethernet ports , these smart digital sensors can communicate directly to the Internet or the Cloud , bypassing the Level 3.5 DMZ . This capability , which provides improved productivity , also introduces significant cyber risk as many digital sensors have built-in backdoors to permit calibration and other maintenance without a firewall , authorization , or authentication .
This article examines control system cyber security needs in the context of differences in how engineers and cyber security specialists generally tend to approach the subject . Variations in perspective are discussed and the nature and extent of control system cyber security threats are addressed . The paper then provides recommendations on how to upgrade the cyber security of control systems through technological , organizational , and educational approaches .
116