It can happen here?
While it seems that Siemens’ efforts to deal with the Trojan problem have been effective, the situation should remind us that such events must not be thought of as something that happen somewhere else.
The folks from GarrettCom were reminding me of an article that we did last January, where we surveyed readers on their understanding of cyber security issues. Here’s the paragraph that they recalled particularly:
“The first surprise was that 24% indicated they do not believe there are any threats and risks associated with their information control system that could affect their business operations. This seems very puzzling since most organizations operate with the understanding that there is no such thing as 100% security. In an environment where industrial control systems are becoming more dependent upon increased connectivity, including the Internet and remote control capabilities, we expected nearly a 100% response acknowledging the presence of such risks. The most prevalent cyber security concerns expressed by nearly 20% of respondents acknowledging the presence of disconcerting risks were viruses and malicious software.”
GarrettCom’s president, Frank Madren, pointed out that the Stuxnet worm, that targeted Siemens SCADA management systems in Iran, India, and Indonesia, is spreading. This is probably not the first time that industrial control systems have been threatened, but it is a dramatic example of the truism that no business or industry is safe from the threat of cyber attacks. “This is not the time to stick your head in the sand and say ‘it can’t happen here’,” he says. “Cyber attacks on industrial control systems are happening now and will probably increase. At GarrettCom we have been developing and improving upon hardware and software security systems for more than a decade. We use a combination of industry standards with proprietary technology and best practices recommendations to fill in holes. The NERC CIP regulations for power utility substation protection are some of the most comprehensive security specifications available in the U.S. today, and much of what we have learned and implemented is applicable to other industrial environments as well. However, no system is completely immune from creative new incursions. Constant vigilance is required.”
Constant vigilance indeed.
|Search the online Automation Integrator Guide|
Case Study Database
Get more exposure for your case study by uploading it to the Control Engineering case study database, where end-users can identify relevant solutions and explore what the experts are doing to effectively implement a variety of technology and productivity related projects.
These case studies provide examples of how knowledgeable solution providers have used technology, processes and people to create effective and successful implementations in real-world situations. Case studies can be completed by filling out a simple online form where you can outline the project title, abstract, and full story in 1500 words or less; upload photos, videos and a logo.
Click here to visit the Case Study Database and upload your case study.