Ensuring the safety of the functioning of an automated process control system (hereinafter referred to as APCS) is significantly different from protecting the functioning of “ordinary” corporate information systems. Differences in the protection approach are due to the large difference in their purpose, specific data transfer protocols, the difference in equipment used, in the environment in which these systems operate. As a rule, the objects of protection are also different:
- for a corporate information system, usually, the main protected resource is information processed in the information system, the goal is to ensure its confidentiality, availability, and integrity;
- for APCS, the object of protection is the technological process itself, and the main goal is to ensure its continuity (accessibility of all nodes), and integrity (including information transmitted between APCS nodes).
APCS interacts with objects of the physical world and adds to the risks of a “normal” information system the risks of potential damage to the life and health of personnel, harm to the environment and infrastructure.
The problems of automated process control systems also include the fact that organizations are implementing solutions “for the show”, without setting it up. At the same time, there are no information security policies and staff training.
We offer you the use of specialized solutions for the protection of automated process control systems and their configuration considering the specifics of your infrastructure, as well as the involvement of specialized third-party teams, with insufficient practical experience of your specialists.