Shell proposes process security reference architecture (April 2014)

Threat-based architecture to leverage ‘smart grid’ cyber security protocols. 

Speaking at the 2014 WIB* Seminar in The Hague last month, Ted Angevaare outlined Shell’s control systems security reference architecture. The SRA is intended to steer vendors to deliver a safe, robust and secure architecture for the process industry. The SRA will also encourage the standard implementations amenable to optimization and use in R&D programs and training.

A ‘threat-based’ SRA needs to enumerate which threats have been addressed. The plan is to use an industry standard threat library rather than a detailed risk assessment. One possibility is to use the ‘smartgrid’ Nescor cyber failure scenario. The WIB is asking vendors to present their ‘vision’ of the SRA as implemented in their own products. To date Siemens, Dupont, Rockwell, ABB, Emerson, Honeywell, Invensys and Yokogawa are involved. Target audience for the SRA includes owner operators, certification bodies, system integrators, EPCs and cyber security institutes such as US-CERT. A first draft of the SRA will be issued for comment in Q3 2014. More from WIB.

* Dutch process automation users group.

Click here to comment on this article

If your browser does not work with the MailTo button, send mail to with OilIT_1404_15 as the subject. Web use only - not for intranet/corporate use. Copyright 2014 The Data Room - all rights reserved.