Secure design of engineering software tools in Industrial Automation and Control Systems

Abstract

Industrial Automation and Control Systems (IACS) used in critical infrastructure typically perform their tasks using embedded devices. While the security of the embedded devices during the operation of the system is naturally the focus of security considerations, the security of the engineering framework is often overlooked. In this paper, we model the trust boundaries of a typical engineering tool used in an IACS, identify security risks in this context, suggest mitigation techniques for end users, and finally propose an architecture that allows to implement secure engineering frameworks.