Managing Cybersecurity for Control System Safety System development environments

Mudingay, Remy; Armanet, Stephane

doi:10.18429/JACoW-ICALEPCS2019-WEPHA104

Joint Accelerator Conferences Website

The Joint Accelerator Conferences Website (JACoW) is an international collaboration that publishes the proceedings of accelerator conferences held around the world.

BiBTeX citation export for WEPHA104: Managing Cybersecurity for Control System Safety System development environments

@InProceedings{mudingay:icalepcs2019-wepha104,
  author       = {R. Mudingay and S. Armanet},
  title        = {{Managing Cybersecurity for Control System Safety System development environments}},
  booktitle    = {Proc. ICALEPCS'19},
  pages        = {1343--1346},
  paper        = {WEPHA104},
  language     = {english},
  keywords     = {controls, network, software, ISOL, monitoring},
  venue        = {New York, NY, USA},
  series       = {International Conference on Accelerator and Large Experimental Physics Control Systems},
  number       = {17},
  publisher    = {JACoW Publishing, Geneva, Switzerland},
  month        = {08},
  year         = {2020},
  issn         = {2226-0358},
  isbn         = {978-3-95450-209-7},
  doi          = {10.18429/JACoW-ICALEPCS2019-WEPHA104},
  url          = {https://jacow.org/icalepcs2019/papers/wepha104.pdf},
  note         = {https://doi.org/10.18429/JACoW-ICALEPCS2019-WEPHA104},
  abstract     = {At ESS, we manage cyber security for our control system infrastructure by mixing together technologies that are relevant for each system. User access to the control system networks is controlled by an internal DMZ concept whereby we use standard security tools (vulnerability scanners, central logging, firewall policies, system and network monitoring), and users have to go through dedicated control points (reverse proxy, jump hosts, privileged access management solutions or EPICS channel or PV access gateways). The infrastructure is managed though a DevOps approach: describing each component using a configuration management solution; using version control to track changes, with continuous integration workflows to our development process; and constructing the deployment of the lab/staging area to mimic the production environment. We also believe in the flexibility of visualization. This is particularly true for safety systems where the development of safety-critical code requires a high level of isolation. To this end, we utilize dedicated virtualized infrastructure and isolated development environments to improve control (remote access, software update, safety code management).},
}