Next-Generation Access Control for Distributed Control Systems

With the rapid integration of wired and wireless internetworking technologies, distributed control systems (DCS) are increasingly susceptible to cyberattacks. A well-designed access control framework could potentially contain and mitigate the impact of cyberattacks. However, existing solutions often fail to cover and protect all connected devices, leaving holes that are sufficient to undermine the security and safety of a plant. Further, in current DCS environments, it's hard to adhere to the least-privilege principle because access control policies are distributed among many heterogeneous systems. In this article, the authors identify key challenges in moving toward a more complete and manageable access control framework for DCS, and present a model architecture that can be adapted by the industrial control system community to ensure that every access is checked against policies that adhere to the least-privilege principle. Their proposed architecture facilitates centralized (plant-wide) policy management and protection of every connected field device.