Ensuring information security in the production network of an industrial enterprise

Objective. The purpose of this article is to explore issues and develop approaches to enhance information security in the production control networks of industrial enterprises to the necessary level. Traditional and once-effective protective methods based on physical isolation have become outdated, necessitating new approaches that consider the characteristics of automated process control systems.

Method. The analysis presented in the article identifies differences between automated process control systems and classical information systems, based on the NIST SP 800-82 standard, and evaluates their unique requirements and vulnerabilities. Methods for improving information security are proposed, including regular training, audits, network segmentation, and the use of specialized protection systems.

Result. An action algorithm has been developed to protect the APCS system, ensuring that enterprises comply with regulatory requirements and minimize the risks of cyber attacks, as well as protect critical production processes. A set of preventive measures and methods for eliminating vulnerabilities in APCS systems to protect industrial networks is proposed.

Conclusion. Ensuring information security in APCS requires a comprehensive approach, including risk management strategies, technical means and continuous personnel training. The implementation of the proposed measures and strategies will increase the overall resilience of industrial systems to modern information security threats.

1. Industrial safety [Electronic resource] – Access mode: https://www.evraas.ru/industries/manufacturing/. – Title from the screen. (In Russ)

2. Threats to information security of industrial automation systems in Russia [Electronic resource] – Access mode:https://ics-cert.kaspersky.ru/publications/reports/2022/09/20/threat-landscape-for-industrialautomation-systems-in-russia/. – Title from the screen. (In Russ)

3. Architecture and security of industrial enterprise control systems [Electronic resource] – Access mode: https://habr.com/ru/post/316184/. – Title from the screen. (In Russ)

4. NIST SP 800-82: Guide to Industrial Automation and Control Systems Security [Electronic resource] - Access mode: https://csrc.nist.gov/publications/detail/sp/800-82/rev-2/final. - Title from the screen. (In Russ)

5. Categorization of critical information infrastructure (CII) objects. Practical examples [Electronic resource] - Access mode: https://rtmtech.ru/articles/kategorirovanie-obektov-kii-primery/(In Russ)

6. CII - what is it? Security of critical information infrastructure objects [Electronic resource] - Access mode: https://www.securityvision.ru/blog/kii-chto-eto/(In Russ)

7. Federal Law "On the Security of Critical Information Infrastructure of the Russian Federation" dated July 26, 2017; (In Russ)

8. Federal Law "On the Security of Critical Information Infrastructure of the Russian Federation" dated July 26, 2017 N 187-FZ (In Russ)

9. Federal Law "On Information, Information Technologies and Information Protection" dated July 27, 2006 N 149-FZ (In Russ)

10. Gordienko V.V., Lisitsyn A.L. Technical and organizational methods for combating internal threats of information leakage of organizations and enterprises. Auditorium. 2019;4 (24). [Electronic resource] – Access modehttps://cyberleninka.ru/article/n/tehnicheskie-i-organizatsionnye-metody-borby-svnutrennimiugrozami-utechki-informatsii-organizatsiy-i-predpriyatiy (In Russ)

11. Andreev Yu.S., Dergachev A.M., Zharov F.A., Sadyrin D.S. Information security of automated process control systems. Text of scientific article on the specialty "Computer and Information Sciences", ITMO University, 2019 (In Russ).