Improving SCADA and industrial control systems

Everyone agrees security for industrial systems should be easier to deploy and more effective.

Improving SCADA and Industrial Controls Systems

Plenty of disagreement exists about how to make security for industrial systems easier to deploy and more effective, but everyone agrees that SCADA and Industrial Control Systems (ICS) need to—and can—improve. Eric Byres of Tofino thinks one improvement would be the implementation of better standards for information exchange between security solutions.

 “It is great to have the latest security technologies like VPNs, anti-virus firewalls, intrusion detection systems, etc. on your plant floor,” says Byres. “Unfortunately getting them to interact with each other can be like pulling teeth.”

In one example, consider a remote access VPN for connection to the central control system. A number of criteria could be involved in determining access privileges including possession of valid certificates or passwords, meeting current AV or patch levels, being in the right location or even holding the correct role at the company. Simply put, getting information out of the various systems and into the VPN is no cakewalk.

But, according to Byres, a new specification by the Trusted Computing Group (TCG) could solve the SCADA and ICS problem. TCG, a standards group focusing on vendor-neutral specifications for interoperable trusted computing platforms, is best known for creating the International Organization for Standardization/International Electrotechnical Commission (ISO/IEC) standards around Trusted Platform Modules (TPM). TPM are chips that store cryptographic keys to protect information and identify devices.

However it is a new TCG product, called Interface for Metadata Access (IF-MAP), that has Byres excited. He says that by standardizing the way devices and applications share data, IF-MAP could do for coordination and collaboration what IP did for connectivity.

TCG has released a draft specification called TNC IF-MAP Metadata for ICS Security that defines a multi-vendor, interoperable approach to protection control systems networks by providing a central “clearing house” for network security events and information. The specification is designed to facilitate the deployment, management and protection of large-scale secure industrial systems by creating virtual layer 2 and/or layer 3 overlay networks on top of a shared IP network infrastructure.

The specification is an example of a growing trend toward closer cooperation between standards groups to improve information and communications technology security, and is designed to align closely with the ISA/IEC concepts of zones and conduits.

The document has received feedback from the IT community, but Byres has urged SCADA and ICS professionals to read and comment on the specification as well. Comments may be sent to

Did you enjoy this article? Click here to subscribe to Food Engineering Magazine.

Recent Articles by Shane O'Halloran

You must login or register in order to post a comment.



Image Galleries

Plant of the Year 2015

Mars Chocolate was chosen as Food Engineering’s 2015 Plant of the Year. The first new Mars candy plant in North America in 35 years is not only LEED Gold certified, it’s highly automated as well.


Burns & McDonnell project manager RJ Hope and senior project engineer Justin Hamilton discuss the distinctions between Food Safety and Food Defense as well as the implications for food manufacturers of the Food Safety Modernization Act.
More Podcasts

Food Engineering

Food Engineering April 2015 Cover

2015 April

The April 2014 issue of Food Engineering features the Plant of the Year: Mars Chocolate. The first new Mars chocolate candy plant in North America in 35 years is not only LEED Gold certified, it’s highly automated as well.

Table Of Contents Subscribe

Plant Facility/Site Issues

What issue about your current plant facility/site keeps you up the most at night?
View Results Poll Archive


Food Authentication Using Bioorganic Molecules

This text provides critical tools and data needed to augment routine food analysis and enhance food safety by aiding in the detection of counterfeit, and potentially deleterious, foods.

More Products

Clear Seas Research

Clear Seas ResearchWith access to over one million professionals and more than 60 industry-specific publications,Clear Seas Research offers relevant insights from those who know your industry best. Let us customize a market research solution that exceeds your marketing goals.


FE recent tweets

facebook_40.pngtwitter_40px.pngyoutube_40px.png linkedin_40px.pngGoogle +

Food Master

Food Engineering Food Master 2015Food Master 2015 is now available!

Where the buying process begins in the food and beverage manufacturing market. 

Visit to learn more.