Week 4 - Industrial Control System

Question 1

Industrial Control System

Answer 1

A control system that is designed for use in an industrial environment.

It perform several actions such as logic, sequencing, timing, counting and arithmetic to control multiple machines and/or processes.

These actions are performed by sensing the environment through their inputs and generating appropriate signals on their output​.

Prioritized safety and reliability, however, the integration of digital technology in CPSs brings new challenges

Question 2

Safety

Answer 2

Measures and protocols put in place to prevent accidents, disasters, or incidents that could harm people or the environment.​

Question 3

Reliability

Answer 3

Ensuring that critical infrastructure systems operate consistently and predictably without unexpected failures.

This often involves redundant systems, regular maintenance​

Question 4

Fault detection, Isolation & recovery

Answer 4

The process of identifying when something goes wrong in the system.

Involves determining the source of the problem and separating it from the rest of the system to prevent further damage.

Refers to the actions taken to restore the system to normal operation after a fault has been identified and isolated​

Question 5

Level 4 & 5: Enterprise zone

Answer 5

Business networks and enterprise systems.

Internet protocol (IP).

All IT security solutions can be applied here.​

Question 6

Level 3: Control zone

Answer 6

Real-time control elements in SCADA* systems.

Could be IP.

Devices in this zone may not be updated as often.

Few cybersecurity solutions can be applied here​

Question 7

Level 2,1,0: Field zone

Answer 7

Devices and networks in charge of control and automation.

It hosts the CPSs.

Devices in this zone have embedded devices, programmable logic control (PLC).

Variety of protocols including IP.

IT security solutions are rarely applicable.​

Question 8

AMI Headend

Answer 8

In the context of Advanced Metering Infrastructure (AMI), refers to a central system or server that serves as the nerve center of the AMI network.

The term “headend” is borrowed from the telecommunications industry, where it typically refers to a facility that receives and processes signals from multiple sources and then distributes them to the appropriate destinations.​

Question 9

Field Systems

Answer 9

Real-time (interact with its environment, continuously accepting requests from the environment and continuously producing reactions)​.

Strict requirements in terms of reliability and safety.

Implemented with severe resources constraints.

Often relying on legacy platforms that are not updated or patched, and using proprietary communication protocols​.

Lack of antivirus software for embedded systems​.

Monitoring and software protection is limited due to limited power and resources of embedded devices​.

Question 10

Purdue Model

Answer 10

A structural model for industrial control system (ICS) security, concerning physical processes, sensors, supervisory controls, operations, and logistics​.

Defines the different levels of critical infrastructure used in production lines and how to secure them.

Similar to TCP/IP or OSI models but for ICS security and generally OT not IT.

There are different variations of the reference model, just like OSI and TCP/IP models​.

Question 11

Purdue Model Level 4 & 5 (Enterprise)

Answer 11

This is typically the IT network where primary business functions occur.

It provides business direction and orchestrates manufacturing operations.

Disruptions can lead to significant downtime and potential revenue loss.

Question 12

Purdue Model - Level 4 & 5 (Enterprise) - ERP Systems

Answer 12

Systems that drive plant production schedules, material use, shipping, and inventory levels.

Examples include Oracle, SAP, Microsoft, and Epicor.

Question 13

Purdue Model - Level 4 & 5 (Enterprise) - Core Business Services

Answer 13

Includes email, management, billing, customer services, and remote access to IT network.

These services are managed by IT personnel.

Question 14

Purdue Model Level 3: Site-Wide Supervisory

Answer 14

Monitoring and operational support for a site or region.

Components:
Management servers,
Human-machine interfaces (HMIs), Alarm servers,
Analytic systems,
Historians (if scoped for an entire site or region);

Key Functions:
Oversee and manage site operations.

Question 15

Purdue Model Level 2: Local Supervisory

Answer 15

Supervisory control for a single process, cell, line, or distributed control system (DCS).

Components:
HMIs,
Alarm servers,
Process analytic systems,
Historians,
Control room (if scoped for a single process, not site/region);

Key Functions:
Control and supervise individual processes.

Question 16

Purdue Model Level 1: Local Controllers

Answer 16

Automated control of a process, cell, line, or DCS.

Components:
PLCs (Programmable Logic Controllers),
Control processors,
Programmable relays,
RTUs (Remote terminal units),
Process-specific microcontrollers;

Key Functions:
Automate specific processes.

Question 17

Purdue Model Level 0: Field Devices

Answer 17

Sensors and actuators for a process, cell, line, or DCS.

Components:
Basic sensors and actuators,
Smart sensors/actuators using fieldbus protocols,
IEDs (Intelligent Electronic Devices),
IIoT devices (Industrial Internet-of-Things,
Communications gateways,
Other field instrumentation;

Key Functions:
Sense and actuate physical processes.

Question 18

Key Aspects of the Purdue Model

Answer 18

The boundary point between Levels 0-3 (ICS/OT) and Levels 4-5 (IT) is crucial.

Historically, an “air gap” separated IT and OT, but as data demands increased, firewalls with DMZs were introduced.

Some believe it’s outdated due to technological advances, while others find it useful for conceptual security framework.

Question 19

SANS ICS410 Reference Model

Answer 19

Expands upon the Purdue Model and offers explicit enforcement boundaries for ICS devices and cybersecurity controls.

It introduces segmentation for various ICS applications, including WAN communication and safety systems.

Question 20

Common Concepts in ICS Cybersecurity Standards

Answer 20

Various frameworks and publications provide guidance for securing ICS, emphasizing segmentation and security controls at network boundaries.

Key concepts include asset management, security program development, secure architecture, incident response, access management, data protection, and security event monitoring.

Question 21

Best Practices for Modern ICS Security Architectures

Answer 21

Effective network architecture is critical for ICS security.

Perimeter firewalls and enforcement boundaries control communication and provide choke points for monitoring.

Baseline “normal” communication to detect anomalies and threats.

Detailed network architecture guidelines, including secure remote access and dedicated infrastructure.

Question 22

Cloud Integration and Evolving ICS Architectures

Answer 22

Devices requiring cloud access should be placed in separate zones restricting network access to the cloud controllers and on-premises systems they need to communicate with.

Question 23

Secure Remote Access for ICS

Answer 23

Should pass through the demilitarized zone (DMZ) between IT and OT segments. DMZ services include hosting remote access connections, managing cloud connectivity, serving as IT gateways into OT, and OT gateways into IT environments.

Question 24

Best Practices for Remote Access Connectivity

Answer 24

Remote connections through DMZs enhance visibility, tracking, logging, authentication, and access control.

Remote connectivity for OT staff involves a VPN connection into the ICS DMZ, followed by a second connection using hardened Remote Desktop (RD) via a jump host with role-based access into OT systems.

Question 25

Components of Secure Remote Access

Answer 25

1. Authentication,
2. Active Directory,
3. Jump Hosts,
4. File Transfers,
5. Direct Connection Best Practices,
6. Preventing Unauthorised Remote Access.

Question 26

Authentication

Answer 26

Users must connect using named accounts, no shared accounts.

Multi-factor authentication (MFA) for VPN.

Log and monitor logon activity.

Question 27

Active Directory

Answer 27

Create an OT/ICS-side AD domain in the DMZ (Level 3).

Must not connect to corporate AD.

Offers security advantages but should be managed by experienced staff.

Question 28

Jump Hosts

Answer 28

Role-based access for remote users.

Enforce boundaries for communication.

Limit software execution and data transfer.

Question 29

File Transfers

Answer 29

Secure file transfer setup within DMZs.

Antivirus scanning for transferred files.

Multiple sets of Write and Read folders with role-based permissions.

Question 30

Direct Connection Best Practices

Answer 30

Disallow direct connections whenever possible.

Management approval required for provision.

Third-party contractors need to adhere to security protocols.

Question 31

Preventing Unauthorized Remote Access

Answer 31

Monitor and prevent unauthorized connections.

Educate staff and vendors on security measures and policies.

Question 32

Purdue Level 0

Answer 32

Physical process: This is the physical equipment that actually does the work and is known as the equipment under control. This consists of valves, pumps, sensors, actuators, compressors, etc.

Question 33

Purdue Level 1

Answer 33

Basic Control: These are the control devices such as programmable logic controllers that monitor and control Level 0 equipment and safety instrumented systems.

Question 34

Purdue Level 2

Answer 34

Area Supervisory Control: Control logic for analyzing and acting on Level 1 data. Systems include human-machine interface (HMI); supervisory and data acquisition (SCADA) software.

Question 35

Purdue Level 3

Answer 35

Site Control: This level includes systems that support plant-wide control and monitoring functions. Level 3 systems also aggregate lower level data that needs to be pushed up to higher-level business systems.

Question 36

Purdue Level 4

Answer 36

IT Systems: Business logistics systems can include database servers, application servers, and file servers.

Question 37

Purdue Level 5

Answer 37

Corporate Network: A broader set of enterprise IT systems, including connections to the public Internet.

Question 38

ICS components​

Answer 38

Programmable logic controller (PLC)
Remote terminal unite (RTU)
Intelligent electronic device (IED)
Engineering workstation (EWS)
Human machine interface (HMI)
Data historian
Communication gateway
Front end processor
Field devices

Question 39

Programmable logic controller​

Answer 39

The brain of the ICSs,

A specialized micro-controller that performs the logic for controlling the machines and processes.

Reads input signals from sensors, executes programmed instructions using these inputs as well as orders from supervisory controllers, and creates output signals which may change/switch settings or move actuators.

The first type of ICS controller and is the boundary between the cyber world and the real-world.​

Has revolutionized how controlling functions are implemented. They allowed the logic to be implemented using software through the use of relays (electrical switches).

Question 40

Remote Terminal Unit​

Answer 40

Functions like a PLC, controlling machines and processes with microcontroller logic.

Serves as a boundary between the digital world and physical processes in the real world.

Historically used proprietary programming languages, but now adopts standard PLC languages.

Commonly employed in remote or distributed applications, communicating with central SCADA systems through various protocols (e.g., Modbus).

Question 41

Intelligent Electronic Device (IED)​

Answer 41

Functions like a PLC or RTU, using a microcontroller to control machines and processes.

Features a visual display and operator controls on its front panel.

Offers protective control, communication, and monitoring capabilities, including digital protective relays.

Provides protection functions like detecting substation faults such as over-current, earth faults, phase discontinuity, and over/under voltage conditions.

Question 42

IEC-1131 PLC Standard

Answer 42

Provides standards for developing control algorithms.

Offers five control languages for programmers.

Utilizes “program organization units (POUs)” like Functions, Function Blocks, and Programs.

Includes a library of pre-programmed functions and function blocks.

Supported as “firmware” libraries in IEC-compliant controllers.

Standardizes syntax similar to other programming languages.

Question 43

IEC-1131 5 languages

Answer 43

Instruction List (IL) - Assembler.

Structured Text (ST) - High-Level

Ladder Diagram(LD) - Electrical Technicians’.

Function Block Diagram (FBD) - Graphical.

Sequential Function Chart(SFC) - “Everything”

Question 44

PLC ladder-logic​

Answer 44

One of the standardized languages to write PLC programs​.

The control logic is written from top to bottom hence making it look like a ladder with each step being called a Rung​

The control logic program is executed from left to right of each rung. Once a rung is executed it moves to the lower rung from top to bottom​

​

Question 45

Controllers​: Advantages of PLC

Answer 45

Reliability

Versatility and flexibility

Simple installation and troubleshooting

Quick modification through changing
the code/program

Small footprint

Low power consumption

High processing speed

Question 46

Controllers​: Disadvantages of PLC

Answer 46

Expensive initial cost​

Highly specialized repair​

Non uniform programming language​

Prone to vulnerability and cyber attacks as it has software and not purely mechanical​

Question 47

Controller vulnerabilities​

Answer 47

PLC designers lacked cybersecurity expertise in their implementations.

Legacy PLC devices were created in an era with no security concerns.

Many PLCs now connect to networks for remote monitoring and management (IT/OT convergence).

Question 48

Engineering Workstation​

Answer 48

Desktop computer or server running a standard OS (e.g., Windows or Linux).

Hosts programming software for controllers (PLC, RTU, IED) and applications.

Engineers use this platform to modify controller logic and industrial applications, adjusting and deploying automation process logic to controllers.

Question 49

Human Machine Interface (HMI)​

Answer 49

A software application that monitors multiple processes and provides situational awareness to operators, displaying values, alarms, and data trends

Can be programmed to allow operators to send commands to a controller.

Offers controls for plant operators to manually manage components like valves, pumps, and more.

Question 50

Data Historian (historian)​

Answer 50

Collects real-time process data and stores it in a database for concurrent and later analysis.

Data displayed by HMI is saved in the historian, with each data point timestamped.

It may have interfaces with industrial protocols like Modbus or OPC to connect to HMIs, PLCs, or RTUs for data retrieval.

Question 51

Communication Gateways​

Answer 51

Allows devices with different protocols or transport methods to communicate.

An example is translating Modbus messages on a serial link (RS-232/RS-485) to OPC messages on Ethernet.

Question 52

Front end processor (FEP)​

Answer 52

A dedicated communications processor.

It is used when an HMI or control center server needs to poll status information from multiple RTUs or IEDs.

FEP may include Communications Gateway functions, like converting from vendor proprietary protocols to open standard ones.

Question 53

ICS Field Devices​

Answer 53

Interface with controllers (PLC, RTU, or IED) through digital or analog I/O modules.

They often use industrial protocols like Modbus or PROFIBUS for communication.

Field devices include sensors for measuring various physical characteristics like temperature, humidity, and pressure.

They also encompass actuators that control tasks such as valves, motors, frequency converters, and more in industrial processes.

Question 54

Types of ICS​

Answer 54

Can be categorized based on their usage and the geographical distribution of components, including:

Process Control System
Safety Instrumented System (SIS)
Distributed Control System
Building Automation System
Supervisory Control and Data Acquisition (SCADA)
Energy Management System

Question 55

Process Control System (PCS)

Answer 55

Controls an automation process in a manufacturing environment​

Question 56

Safety Instrumented System (SIS)

Answer 56

Take actions to prevent an unsafe plant state or operation.

Has sensors sending input signals to a controller which is programmed to actuate equipment to prevent an unsafe state or mitigate the impact of unsafe operations.

A process separate from a PCS.

Drives the system towards a safe state when there is an unsafe state that can risk plant, personnel or general public.

A simple example of an unsafe plant state is the flame-out of an incinerator which could result in accumulation of fuel gas​

Question 57

Distributed Control System (DCS)

Answer 57

Controls multiple automation processes at a single site (or plant).

May monitor and supervise several PCSs at a plant​.

Question 58

Building Automation System (BAS)

Answer 58

A type of ICS which monitors and controls a building’s infrastructure services such as heating, ventilation, air conditioning and cooling (HVAC), lighting, sunshields, elevators, fire protection, energy management and security​

Question 59

Supervisory Control and Data Acquisition (SCADA)

Answer 59

Collects and monitors data across geographic areas.

SCADA control center oversees remote field controllers (RTUs and IEDs).

Provides information to operators via HMI.

Supervises multiple DCSs or PCSs.

Monitors PLC status information.

Can be located far from RTUs.

Varies in monitoring frequency compared to DCS or PCS.

Question 60

Energy Management System (EMS)

Answer 60

EMS monitors and controls electricity generation and transmission.

Part of the national and international power grid.