Cargando…

Update on the CERN Computing and Network Infrastructure for Controls (CNIC)

Over the last few years modern accelerator and experiment control systems have increasingly been based on commercial-off-the-shelf products (VME crates, PLCs, SCADA systems, etc.), on Windows or Linux PCs, and on communication infrastructures using Ethernet and TCP/IP. Despite the benefits coming wi...

Descripción completa

Detalles Bibliográficos
Autor principal: Lueders, S
Lenguaje:eng
Publicado: 2007
Acceso en línea:http://cds.cern.ch/record/1063837
_version_ 1780913231310618624
author Lueders, S
author_facet Lueders, S
author_sort Lueders, S
collection CERN
description Over the last few years modern accelerator and experiment control systems have increasingly been based on commercial-off-the-shelf products (VME crates, PLCs, SCADA systems, etc.), on Windows or Linux PCs, and on communication infrastructures using Ethernet and TCP/IP. Despite the benefits coming with this (r)evolution, new vulnerabilities are inherited too: Worms and viruses spread within seconds via the Ethernet cable, and attackers are becoming interested in control systems. Unfortunately, control PCs cannot be patched as fast as office PCs. Even worse, vulnerability scans at CERN using standard IT tools have shown that commercial automation systems lack fundamental security precautions: Some systems crashed during the scan, others could easily be stopped or their process data be altered. During the two years following the presentation of the CNIC Security Policy at ICALEPCS2005, a "Defense-in-Depth" approach has been applied to protect CERN's control systems. This presentation will give a review of its thorough implementation and its deployment. Particularly, measures to secure the controls network and tools for user-driven management of Windows and Linux control PCs will be discussed
id cern-1063837
institution Organización Europea para la Investigación Nuclear
language eng
publishDate 2007
record_format invenio
spelling cern-10638372019-09-30T06:29:59Zhttp://cds.cern.ch/record/1063837engLueders, SUpdate on the CERN Computing and Network Infrastructure for Controls (CNIC)Over the last few years modern accelerator and experiment control systems have increasingly been based on commercial-off-the-shelf products (VME crates, PLCs, SCADA systems, etc.), on Windows or Linux PCs, and on communication infrastructures using Ethernet and TCP/IP. Despite the benefits coming with this (r)evolution, new vulnerabilities are inherited too: Worms and viruses spread within seconds via the Ethernet cable, and attackers are becoming interested in control systems. Unfortunately, control PCs cannot be patched as fast as office PCs. Even worse, vulnerability scans at CERN using standard IT tools have shown that commercial automation systems lack fundamental security precautions: Some systems crashed during the scan, others could easily be stopped or their process data be altered. During the two years following the presentation of the CNIC Security Policy at ICALEPCS2005, a "Defense-in-Depth" approach has been applied to protect CERN's control systems. This presentation will give a review of its thorough implementation and its deployment. Particularly, measures to secure the controls network and tools for user-driven management of Windows and Linux control PCs will be discussedPoster-2007-009CERN-IT-Note-2007-015oai:cds.cern.ch:10638372007-10-17
spellingShingle Lueders, S
Update on the CERN Computing and Network Infrastructure for Controls (CNIC)
title Update on the CERN Computing and Network Infrastructure for Controls (CNIC)
title_full Update on the CERN Computing and Network Infrastructure for Controls (CNIC)
title_fullStr Update on the CERN Computing and Network Infrastructure for Controls (CNIC)
title_full_unstemmed Update on the CERN Computing and Network Infrastructure for Controls (CNIC)
title_short Update on the CERN Computing and Network Infrastructure for Controls (CNIC)
title_sort update on the cern computing and network infrastructure for controls (cnic)
url http://cds.cern.ch/record/1063837
work_keys_str_mv AT luederss updateonthecerncomputingandnetworkinfrastructureforcontrolscnic