Industrial process control and automation systems are often used to automate large and complex industrial processes. These types of control and automation systems routinely include process controllers and field devices like sensors and actuators. Some of the process controllers typically receive measurements from the sensors and generate control signals for the actuators.
Process controllers and field devices are routinely connected with each other and with human operators via one or more communication networks. Operators in these types of control and automation systems may request data related to the various process controllers and field devices using the communication networks. Operators may use this information to perform various tasks, such as to track the status of the controllers and field devices and to decide whether changes to the control and automation systems or the underlying industrial processes should be made. To prevent malicious actors from hijacking these types of systems, security testing may be performed to search for vulnerabilities in both the communication networks and the process controllers and field devices themselves.
Cyber-security is of increasing concern, and unaddressed security vulnerabilities in any component of a connected industrial process control and automation system could be exploited by malicious actors to disrupt operations or cause unsafe conditions in the industrial facility. Malicious actors continue to leverage new technologies to exploit weaknesses, while cyber-security solutions (such as antivirus solutions and firewall solutions) often cannot keep pace with new threats. For example, antivirus solutions can often only protect against threats already known and catalogued in their signature databases. As another example, firewalls are often only as effective as their configurations and technology stacks enable them to be. Firewalls, virus protectors, and user authentication attempt to prevent such attacks, however connected systems are still susceptible to attacks, denial of server, and data theft. As a result, it is becoming increasingly difficult for organizations to rely on cyber-security solutions to protect their networks and systems from intrusions or other exploits.