• Skip to main content
  • Skip to primary sidebar

Spitzer and Boyes, LLC

Technical Services And Strategic Consulting For Technology Companies

  • Home
  • Services
    • For Suppliers, Manufacturers, And Representatives
    • For End-User Companies And OEMs
    • For Foreign Companies
    • For Lawyers
  • Products
  • Seminars
  • Downloads
  • Clients
  • About

Invensys and Process Security

October 4, 2005 by Walt Boyes

Several Invensys troopers gave interesting discussions on systems security. The most interesting of the Invensys staff was Ernie Rakaczky, whose sermon was about Prevention instead of Reaction to system attacks.
“Everything starts with a site security review,” he said, “that addresses your specific needs. This is really a risk assessment.”
“Being secure doesn’t mean giving up productivity,” he went on, “but it does mean that you may have to be more rigid with your processes.”
Your security system should be built of multiple layers, in which the judgement call is the risk vs. value assessment. You may want to consider data isolation strategies, building “data DMZs” for data that is critical and susceptible to attack. You may want to seriously consider data warehousing, instead of letting people go directly to the operating control system and pull down data.
“The key concern,” Rakaczky said,”is the impact of Day Zero. That’s the day the attack first starts.”
Day Zero is not attressed by anti-virus; it is not addressed by network detection and monitoring; it is not addressed by patch management– and this is not a Windows issue. This is true for all OSes.
Invensys, he reported, is security focused, building security from within, in new product development, in existing products, and with new validation and testing methodology. Invensys helps end users in the design phase of projects, in the implementation phase of projects, and, above all, Invensys offers security program management services. (There’s that “services” word again…)
Invensys has established a security-focused website: https://ips.csc.invensys.com. On this site are whitepapers, tutorials, links and etc.
Invensys also provides Security Review services, system hardening, and solution implementation.
“We are the industry leaders,” Rakaczky boasted. “We were the first DCS supplier to ship our product with integrated anti-virus. We run our vulnerability scans on our own equipment.”
Rakaczky implored his audience to get involved with the standards working groups like SP99 and PCSRF and others. “It is exciting to be part of this,” he said.

Filed Under: Walt Boyes' Blog

Primary Sidebar


Contact Us Using the Form Below or by Phone at:

  • +1.845.623.1830 (NY)
  • +1.630.639.7090 (WA)
  • +55 (21) 3958.1283 (Brasil)

Subscribe to David W Spitzer’s E-Zine and the Industrial Automation INSIDER

  • This field is for validation purposes and should be left unchanged.

Spitzer and Boyes is a proud member of the Measurement, Control and Automation Association

Follow Us on Social Media

  • LinkedIn
  • Twitter
  • YouTube

Copyright © 2023 · Magazine Pro on Genesis Framework · WordPress · Log in