Title |
Managing Cybersecurity for Control System Safety System development environments |
Authors |
- R. Mudingay, S. Armanet
ESS, Lund, Sweden
|
Abstract |
At ESS, we manage cyber security for our control system infrastructure by mixing together technologies that are relevant for each system. User access to the control system networks is controlled by an internal DMZ concept whereby we use standard security tools (vulnerability scanners, central logging, firewall policies, system and network monitoring), and users have to go through dedicated control points (reverse proxy, jump hosts, privileged access management solutions or EPICS channel or PV access gateways). The infrastructure is managed though a DevOps approach: describing each component using a configuration management solution; using version control to track changes, with continuous integration workflows to our development process; and constructing the deployment of the lab/staging area to mimic the production environment. We also believe in the flexibility of visualization. This is particularly true for safety systems where the development of safety-critical code requires a high level of isolation. To this end, we utilize dedicated virtualized infrastructure and isolated development environments to improve control (remote access, software update, safety code management).
|
Paper |
download WEPHA104.PDF [0.508 MB / 4 pages] |
Poster |
download WEPHA104_POSTER.PDF [0.840 MB] |
Export |
download ※ BibTeX
※ LaTeX
※ Text/Word
※ RIS
※ EndNote |
Conference |
ICALEPCS2019 |
Series |
International Conference on Accelerator and Large Experimental Physics Control Systems (17th) |
Location |
New York, NY, USA |
Date |
05-11 October 2019 |
Publisher |
JACoW Publishing, Geneva, Switzerland |
Editorial Board |
Karen S. White (ORNL, Oak Ridge, TN, USA); Kevin A. Brown (BNL, Upton, NY, USA); Philip S. Dyer (BNL, Upton, NY, USA); Volker RW Schaa (GSI, Darmstadt, Germany) |
Online ISBN |
978-3-95450-209-7 |
Online ISSN |
2226-0358 |
Received |
27 September 2019 |
Accepted |
03 November 2019 |
Issue Date |
30 August 2020 |
DOI |
doi:10.18429/JACoW-ICALEPCS2019-WEPHA104 |
Pages |
1343-1346 |
Copyright |
Published by JACoW Publishing under the terms of the Creative Commons Attribution 3.0 International license. Any further distribution of this work must maintain attribution to the author(s), the published article's title, publisher, and DOI. |
|