Interested in linking to "Come together "?
You may use the Headline, Deck, Byline and URL of this article on your Web site. To link to this article, select and copy the HTML code below and paste it on your own Web site.
Hardison explains that CSU is integrating its networks into an overall historical database, which it will use to drive its Maximo work management system and preventive, run-time-based maintenance program. He adds that subsequent reading and diagnostics will let CSU run its plant on a more unmanned basis using a VPN, and increase capacity to handle the 3,000 taps it’s added annually for the past several years without adding manpower.
“We’re able to do this because we have a good working relationship and a common vision with out IT department, “ says Hardison. “Our IT people participate on the plant-floor, learn about our controls, and even go to control conferences. Meanwhile, they’ve educated us about Ethernet, switches, routers, and firewalls. We usually meet twice each month to talk about security and how to marry different plant and business-level applications. If we had an adversarial relationship with IT, we’d never have been able to do what we’ve done.”
Primary methods for ensuring effective integrated network security should include:
Source: Honeywell Process Solutions
In its “Process Control Network—Reference Architecture” whitepaper, Invensys Process Systems recommends segmenting process control networks into four major security zones, including Internet, data center, plant network, and control network, as well as several supplementary sub-zones as needed. Each zone is separated by a firewall. Secure network design dictates that the perimeter firewall comes from a different manufacturer to provide maximum resistance to penetration. This one firewall might be a pair of high availability units in a fail-over mode. For networks that require real-time or near real-time communications to the process control network, it’s recommended that at a minimum this device be a high-availability or redundant unit.
The network is divided into the following major zones and sub-zones:
Field I/O—Communications in this zone typically are direct hardwired communications between the I/O devices and their controllers. Security is accomplished by physical security means.
Controls Network—This zone has the highest level of security and carries process control device communications. Traffic on this network segment must be limited to only the process control network traffic as it is very sensitive to the volume of traffic and protocols used.
Plant Network—Carries general business network traffic such as messaging, ERP, file and print sharing, and Internet browsing, etc. This zone might span multiple locations across a wide area network. Traffic from this zone may not directly access the Control Network Zone.
Data Center—This could be one or multiple zones that exist at the corporate data center.
Internet—This zone consists of the unprotected public Internet.
Sub-Zones—Added sub-zones may be implemented to provide an extra level of control. These commonly are implemented as DMZs on the firewall. Typical uses of these sub-zones are:
ControlDesign.com is the only multimedia source dedicated to the controls, instrumentation, and automation information needs of industrial machine builders, those original equipment manufacturers (OEMs) that build the machines that make industry work.