Companies need to make time for cybersecurity

Cyberattacks are growing and becoming more prevalent and manufacturers have to make time for cybersecurity to try and prevent potential attacks.

06/18/2017


http://www.isssource.comNot too long ago, a young Polish boy found a hole in the network of a European tram system. He was able to get into the system, navigate his way around and then, using a television remote, he was able to switch tracks using the infrared device on the remote. The end result was four trains ended up derailed and 12 people suffered injuries.

All of that with a television remote control.

Using a simple device, the attacker was able to penetrate a network and cause damage. In today's hectic industrial environment, manufacturers for the most part cannot rely on themselves for protection. They need to focus on making product. That is where a solid security plan where workers are educated and know what, or what not, to do, or partner with a quality provider that can keep systems up and running.

Manufacturers need to keep the process going. Security, company leaders will say, is this "new-fangled" thing that costs money and slows down production. They really don't see it as a business enabler that can help keep systems up and running.

"In operations management there is very little time for security," said Andrew Kling, director of cybersecurity and architecture at Schneider Electric. "But as you go higher into the organization, you'll find they increasingly have more time. The stories tilt away from fear and toward what is the risk to my corporate reputation and what is the risk to my ability to produce my widget and make a profit. That is where they do have time to think about cybersecurity. They are thinking about plant risk and risk management."

FUD fading away

Fear, uncertainty, and doubt (FUD) was all the rage 10 years ago when cybersecurity first came to light. But the chicken little, sky is falling fear mongering is going away with an intelligent approach to understanding the issue and methodically addressing it is coming to the fore.

Instead, cyberattacks, internal and external, are continuing to grow. Just take a look at a Ponemon Institute cybersecurity research study where 53% of respondents said they suffered at least one data breach in the past two years, while 68% don't believe their organizations have the ability to remain resilient in the wake of a cyberattack. And 66% aren't confident in their organization's ability to effectively recover from an attack.

"Once senior managers are educated, they begin to look at cybersecurity, they see what is in the media, they see the risks and threats," said Gary Williams, Schneider Electric senior director of technology, cybersecurity and communications. "They do an analysis as to whether they would be able to withstand a threat. And once they realize they don't have a necessary skill set or the necessary hardware features to prevent an attack, they consider additional services. Because the alternative, of course, is to just disconnect."

Case in point

Of course disconnecting is not an answer, especially as advances in technology allow for manufacturers to achieve greater benefits through connectivity. Take 3-D manufacturing for instance where a growing industry area suffered a damaging blow.

A 3-D additive manufacturing (AM) system fell to a cyber assault, showing how an attack and a malicious manipulation of blueprints can fatally damage production of a device or machine.

It is possible to sabotage the quality of a 3-D-printed functional part, which leads to the destruction of a device, said researchers from Ben-Gurion University of the Negev (BGU), the University of South Alabama, and Singapore University of Technology and Design in a paper entitled "Dr0wned."

Researchers were able to destroy a $1,000 quadcopter unmanned aerial vehicle (UAV) drone by hacking into the computer used to control the 3-D printing of replacement propellers.

Once they penetrated the computer, the researchers found the propeller blueprint file and inserted defects. During flight tests, the sabotaged propeller broke apart during ascent, causing the drone to smash to the ground.

More than 100 industries, including aerospace, automotive and defense, employ additive printing processes. The AM industry accounted for $5.165 billion of revenue in 2015. On top of that, 32.5% of all AM-generated objects end up used as functional parts, according to a Wohlers Report.

Such an attack could cost lives, cause economic loss, disrupt industry, and threaten a country's national security.

Security as a business enabler

"People tend to look at safety and security from a liability perspective," said John Boville, Market Segment Manager at Schneider Electric. "But they are missing a great deal in terms of how many days or hours of downtime follow a cyberattack and related safety incidents. You also have to look at cost of the investigation, which in some places will close lines down until a root cause is found. All of that is lost productivity, and it can add up pretty quickly."

"It is possible to use real time accounting methods to quantify the financial impact of these incidents," he said. "We can help organizations develop cultures and implement measures to help improve safety and cybersecurity of their operations."

That means manufacturers can focus on making product, while a third party can come in and protect the system and also help improve performance.

"It is inevitable. We are seeing people moving toward a service where a third party is monitoring your system, where they can do predictive maintenance and where they can tell you when someone is logging on to your system at two in the morning, which is unusual," Williams said. "IT will pick it up on behavioral analysis. If someone is logged onto the control room and at a site a mile away at the same time, the service will pick that up and flag it. These tools are available and they are very good for an IT environment. For OT, I don't think it will have the necessary skill set to keep up with the constant change in risk and threat. The industry is moving more toward services because it is only companies offering these services that have the resources and skill sets."

Whether it is through a simple television remote control, or a highly sophisticated assault, attacks are growing and becoming more prevalent. That means manufacturers have to make the time for security.

Gregory Hale is editor and founder at ISSSource. He has over 25 years in the publishing industry. This article originally appeared on ISSSource.com. ISSSource is a CFE Media content partner. Edited by Carly Marchal, content specialist, CFE Media, cmarchal@cfemedia.com.

ONLINE extra

See more articles from ISSSource below. 



The Engineers' Choice Awards highlight some of the best new control, instrumentation and automation products as chosen by...
The System Integrator Giants program lists the top 100 system integrators among companies listed in CFE Media's Global System Integrator Database.
Each year, a panel of Control Engineering and Plant Engineering editors and industry expert judges select the System Integrator of the Year Award winners in three categories.
This eGuide illustrates solutions, applications and benefits of machine vision systems.
Learn how to increase device reliability in harsh environments and decrease unplanned system downtime.
This eGuide contains a series of articles and videos that considers theoretical and practical; immediate needs and a look into the future.
Robotic integration and cloud connections; SCADA and cybersecurity; Motor efficiency standards; Open- and closed-loop control; Augmented reality
Controller programming; Safety networks; Enclosure design; Power quality; Safety integrity levels; Increasing process efficiency
Additive manufacturing benefits; HMI and sensor tips; System integrator advice; Innovations from the industry
Featured articles highlight technologies that enable the Industrial Internet of Things, IIoT-related products and strategies to get data more easily to the user.
This article collection contains several articles on how automation and controls are helping human-machine interface (HMI) hardware and software advance.
This digital report will explore several aspects of how IIoT will transform manufacturing in the coming years.

Find and connect with the most suitable service provider for your unique application. Start searching the Global System Integrator Database Now!

Cloud, mobility, and remote operations; SCADA and contextual mobility; Custom UPS empowering a secure pipeline
Infrastructure for natural gas expansion; Artificial lift methods; Disruptive technology and fugitive gas emissions
Mobility as the means to offshore innovation; Preventing another Deepwater Horizon; ROVs as subsea robots; SCADA and the radio spectrum
Automation Engineer; Wood Group
System Integrator; Cross Integrated Systems Group
Jose S. Vasquez, Jr.
Fire & Life Safety Engineer; Technip USA Inc.
This course focuses on climate analysis, appropriateness of cooling system selection, and combining cooling systems.
This course will help identify and reveal electrical hazards and identify the solutions to implementing and maintaining a safe work environment.
This course explains how maintaining power and communication systems through emergency power-generation systems is critical.
The Engineers' Choice Awards highlight some of the best new control, instrumentation and automation products as chosen by...
The System Integrator Giants program lists the top 100 system integrators among companies listed in CFE Media's Global System Integrator Database.
Each year, a panel of Control Engineering and Plant Engineering editors and industry expert judges select the System Integrator of the Year Award winners in three categories.
This eGuide illustrates solutions, applications and benefits of machine vision systems.
Learn how to increase device reliability in harsh environments and decrease unplanned system downtime.
This eGuide contains a series of articles and videos that considers theoretical and practical; immediate needs and a look into the future.
Robotic integration and cloud connections; SCADA and cybersecurity; Motor efficiency standards; Open- and closed-loop control; Augmented reality
Controller programming; Safety networks; Enclosure design; Power quality; Safety integrity levels; Increasing process efficiency
Additive manufacturing benefits; HMI and sensor tips; System integrator advice; Innovations from the industry
Featured articles highlight technologies that enable the Industrial Internet of Things, IIoT-related products and strategies to get data more easily to the user.
This article collection contains several articles on how automation and controls are helping human-machine interface (HMI) hardware and software advance.
This digital report will explore several aspects of how IIoT will transform manufacturing in the coming years.

Find and connect with the most suitable service provider for your unique application. Start searching the Global System Integrator Database Now!

Cloud, mobility, and remote operations; SCADA and contextual mobility; Custom UPS empowering a secure pipeline
Infrastructure for natural gas expansion; Artificial lift methods; Disruptive technology and fugitive gas emissions
Mobility as the means to offshore innovation; Preventing another Deepwater Horizon; ROVs as subsea robots; SCADA and the radio spectrum
Automation Engineer; Wood Group
System Integrator; Cross Integrated Systems Group
Jose S. Vasquez, Jr.
Fire & Life Safety Engineer; Technip USA Inc.
This course focuses on climate analysis, appropriateness of cooling system selection, and combining cooling systems.
This course will help identify and reveal electrical hazards and identify the solutions to implementing and maintaining a safe work environment.
This course explains how maintaining power and communication systems through emergency power-generation systems is critical.
The Engineers' Choice Awards highlight some of the best new control, instrumentation and automation products as chosen by...
The System Integrator Giants program lists the top 100 system integrators among companies listed in CFE Media's Global System Integrator Database.
Each year, a panel of Control Engineering and Plant Engineering editors and industry expert judges select the System Integrator of the Year Award winners in three categories.
This eGuide illustrates solutions, applications and benefits of machine vision systems.
Learn how to increase device reliability in harsh environments and decrease unplanned system downtime.
This eGuide contains a series of articles and videos that considers theoretical and practical; immediate needs and a look into the future.
Robotic integration and cloud connections; SCADA and cybersecurity; Motor efficiency standards; Open- and closed-loop control; Augmented reality
Controller programming; Safety networks; Enclosure design; Power quality; Safety integrity levels; Increasing process efficiency
Additive manufacturing benefits; HMI and sensor tips; System integrator advice; Innovations from the industry
Featured articles highlight technologies that enable the Industrial Internet of Things, IIoT-related products and strategies to get data more easily to the user.
This article collection contains several articles on how automation and controls are helping human-machine interface (HMI) hardware and software advance.
This digital report will explore several aspects of how IIoT will transform manufacturing in the coming years.

Find and connect with the most suitable service provider for your unique application. Start searching the Global System Integrator Database Now!

Cloud, mobility, and remote operations; SCADA and contextual mobility; Custom UPS empowering a secure pipeline
Infrastructure for natural gas expansion; Artificial lift methods; Disruptive technology and fugitive gas emissions
Mobility as the means to offshore innovation; Preventing another Deepwater Horizon; ROVs as subsea robots; SCADA and the radio spectrum
Automation Engineer; Wood Group
System Integrator; Cross Integrated Systems Group
Jose S. Vasquez, Jr.
Fire & Life Safety Engineer; Technip USA Inc.
This course focuses on climate analysis, appropriateness of cooling system selection, and combining cooling systems.
This course will help identify and reveal electrical hazards and identify the solutions to implementing and maintaining a safe work environment.
This course explains how maintaining power and communication systems through emergency power-generation systems is critical.
click me