Security, Compliance, Change Converge

Wednesday, August 1, 2012 @ 05:08 PM gHale

By Nicholas Sheble
“After Hurricane Katrina, 90% of the companies that were not fully operational within three to five days were out of business within a year,” said Brian Ahern Wednesday during a discussion on disaster recovery.

The “backup, restore, and recovery” (BURR) of a facility’s control system is of paramount importance to maintain continuity of production and, indeed, the survival of the company itself, Ahern said during the webcast “What You Need to Know about Automation Systems Management and Operational Continuity” broadcast by Industrial Defender.

Threat Alert Reaches New High
DoD Readies for Stuxnet-like Attack
Cyber Report: Bad Guys Winning
Security Best Practices will Cut Downtime

Because of the significant changes in the ICS (industrial control system) threat landscape, the complexity of operational systems, the increase in the number of field devices, and the networking of information systems, the Internet, and other infrastructures, the load has become too much for operations staff who need to devote their efforts to their production assets.

BURR should be moved offsite to secure data centers, said Ahern, president and chief executive at Industrial Defender. “These types of backup and disaster recovery services help ICS professionals maximize plant uptime by enabling rapid recovery from unforeseen events, by meeting compliance mandates, and by reducing security exposures.”

In the event of a disaster, whether it is cyber or physical, how will the company move forward, how will it survive and prosper? Ahern said the questions to ponder include: Is your control system and data backed up? Do you have a BURR – a backup, restore, and recovery plan? Is your BURR unified or vendor specific? How do you ensure daily successful backup? Is your BURR strategy an operational technology (OT) or information technology (IT) responsibility?

Operational technology involves production automation systems like ABB, Siemens, and Honeywell while information technology is associated with products like Oracle. “OT is IT with consequences,” Ahern said. “Automation systems are more complex, you need increased security, and there are compliance requirements that dictate play.”

The point is, your BURR must handle all the above questions and ensure critical operational information is preserved and readily available for recovery. BURR provides backup and disaster recovery of critical automation system data from clients, servers, and other devices unique to the control system environment including select intelligent electronic devices (IEDs); human machine interfaces (HMIs), engineering workstations, and remote terminal units (RTUs).

The concepts and practices Ahern speaks of are gaining traction in the control systems business particularly those associated with the critical infrastructure industry sectors like power & utilities, oil & gas, chemicals, and others that are attractive targets for mayhem, sabotage, terrorism, and profitable cyber intrusions.
Nicholas Sheble ( is an engineering writer and technical editor in Raleigh, NC.

Leave a Reply

You must be logged in to post a comment.