The most likely vector of disturbances in the network control system is not intentional though inappropriate use. An employee or contractor can plug in his laptop to perform routine tasks without being aware that they have taken a worm or spy ware. Worms can then begin scanning the network control system, and cause interference with devices such as PLC because of unexpected traffic. This scenario is more likely with the proliferation of wireless access points. Control over the access point even though each user and device authentication is essential to guarantee security in the round.
One major concern in terms of adding a network control system is to ensure there is minimal inline device that can reduce the availability of the network. The combination of Intrusion Detection and Prevention (IDP) Series in glass mode and Unified Access Control (UAC) enables the creation of policies that restrict access to the application level, while satisfying the need to become completely passive.
For example, if the contractors send a Modbus write command to change the set point PLC, Series IDP can notify the UAC about this event. UAC minimize the need for administrators to create a variety of Access Control Lists (ACL) across the entire network control system for the provision of adequate access for each user.