Generally, a company in industrial production operates two computer systems/networks: a corporate network 2 and a plant network 4 as shown in FIG. 1.
A corporate network 2 includes a group of computers that are connected together which are used to manage the company's operations such as management, sales, engineering and human resources, but excludes industrial production.
On the other hand, a plant network 4 ties together a number of process control networks, which are mission-critical networks that connect field instruments such as sensors, motor-operated valves (MOVs), and controllers. These process control networks are tied together as part of an automation system, of which there are several types of control systems that are used in industrial production, including supervisory control and data acquisition (SCADA) systems, distributed control systems (DCS), Process Automation Network (PAN), Distributed Control Systems (DCS), Emergency Shutdown Systems (ESD), Terminal Management Systems (TMS), networked electronic sensing systems, Power Monitoring System (PMS), Vibration Monitoring systems (VMS) and other smaller control system configurations such as programmable logic controllers (PLC) and remote terminal units (RTU).
As shown in FIG. 1, the corporate network 2 is separated from the plant network 4 by a filtering device 28 to prevent unauthorized access. Typically, a filtering device includes a data diode, a firewall device, or any other application security gateway, which may be a part of a router device for routing communication messages. Each computer on the corporate network 2 side has access to various plant applications residing on plant applications servers to retrieve plant data that might originate from remote stations. Based on information received from remote stations, automated or operator-driven supervisory commands can be pushed to remote station control devices, which are often referred to as field devices. Field devices control local operations such as opening and closing of valves and breakers, collecting data from sensor systems, and monitoring the local environment for alarm conditions.
In the exemplary plant network 4 of FIG. 2, it includes a SCADA system 40, DCS 42 and plant servers 30 running various plant applications that collect, analyze and control various plant devices. The SCADA system 40 includes several remote stations 44 each containing RTU/PLCs' connected to various control devices such as valves and pumps, and sensors such as level sensor, pressure sensor and flow sensor. The DCS 42 includes process controllers and PLCs' connected to sensors and control devices such as motors and valves.
Typically, individual security rules are configured on the firewall device 28 for each computer residing on the corporate network 2 for an authorized access to any plant application in the plant network 4. As can be appreciated, this results in hundreds of security rules being configured on the firewall. In other words, current methodologies are mainly focused on separating the two networks via a firewall system. However, such firewall allows numerous authorized network connections to pass through since any computer on the corporate network 2 side can access and interact with any plant application or plant server on the plant network 4.
Such numerous connections typically introduce the following deficiencies: 1) unnecessary processing load and configuration of multiple security policies on the firewall due to the need to code the firewall individually for each computer in the corporate network; 2) higher computer virus spread probability due to multiple connections; and 3) plant application incompatibilities and access difficulties.
Therefore, it would be desirable to provide a system and method for more securely control and yet more easily maintain access to plant networks.