Data systems such as process control systems, manufacturing automation systems, and other industrial systems like those used in chemical, petroleum or other processes, typically include one or more centralized process controllers communicatively coupled to at least one host, operator, and/or user workstation and to one or more field devices via analog, digital or combined analog/digital buses. These systems utilize access control to grant access to the system based on the identity of a user. Access control techniques typically include user authentication, encryption, and/or user-specific access control lists. An access control list identifies which system resources can be read, written, executed, etc. Additionally, an access control list may identify which resources of a system a user can access (e.g., read, write, and/or execute). These resources may include, for example, data, alarms, events, and/or functions. Typically, system procedures, functions, and/or processes are organized into endpoints based on a type of resource being accessed. For example, there are separate endpoints for accessing current values of data, alarms, and events. There may also be separate endpoints for accessing historical values of data, alarms and events.
Data systems or process control systems may, by design, be isolated from outside network communications by having no physical and/or wireless connectivity to routers, servers, switches, and/or workstations that may be connected to the Internet and/or one or more intranets. Other data systems or process control systems may intentionally include connectivity to the Internet and/or one or more intranets to allow remote monitoring systems to monitor progress, quality, and/or control operations of a process. Additionally, external connectivity of the data system or the process control system to outside networks permits individual components of the control system to receive periodic and/or scheduled updates such as firmware updates or modified control routines. Although external connectivity of one or more systems may allow for external monitoring and control, such external connectivity may increase the threat of network intrusion to the system.