Managing Cybersecurity for Control System Safety System development environments

Mudingay, Remy; Armanet, Stephane

doi:10.18429/JACoW-ICALEPCS2019-WEPHA104

Joint Accelerator Conferences Website

The Joint Accelerator Conferences Website (JACoW) is an international collaboration that publishes the proceedings of accelerator conferences held around the world.

RIS citation export for WEPHA104: Managing Cybersecurity for Control System Safety System development environments

TY  - CONF
AU  - Mudingay, R.
AU  - Armanet, S.
ED  - White, Karen S.
ED  - Brown, Kevin A.
ED  - Dyer, Philip S.
ED  - Schaa, Volker RW
TI  - Managing Cybersecurity for Control System Safety System development environments
J2  - Proc. of ICALEPCS2019, New York, NY, USA, 05-11 October 2019
CY  - New York, NY, USA
T2  - International Conference on Accelerator and Large Experimental Physics Control Systems
T3  - 17
LA  - english
AB  - At ESS, we manage cyber security for our control system infrastructure by mixing together technologies that are relevant for each system. User access to the control system networks is controlled by an internal DMZ concept whereby we use standard security tools (vulnerability scanners, central logging, firewall policies, system and network monitoring), and users have to go through dedicated control points (reverse proxy, jump hosts, privileged access management solutions or EPICS channel or PV access gateways). The infrastructure is managed though a DevOps approach: describing each component using a configuration management solution; using version control to track changes, with continuous integration workflows to our development process; and constructing the deployment of the lab/staging area to mimic the production environment. We also believe in the flexibility of visualization. This is particularly true for safety systems where the development of safety-critical code requires a high level of isolation. To this end, we utilize dedicated virtualized infrastructure and isolated development environments to improve control (remote access, software update, safety code management).
PB  - JACoW Publishing
CP  - Geneva, Switzerland
SP  - 1343
EP  - 1346
KW  - controls
KW  - network
KW  - software
KW  - ISOL
KW  - monitoring
DA  - 2020/08
PY  - 2020
SN  - 2226-0358
SN  - 978-3-95450-209-7
DO  - doi:10.18429/JACoW-ICALEPCS2019-WEPHA104
UR  - https://jacow.org/icalepcs2019/papers/wepha104.pdf
ER  -