It can happen here?

07/29/2010


While it seems that Siemens’ efforts to deal with the Trojan problem have been effective, the situation should remind us that such events must not be thought of as something that happen somewhere else.

The folks from GarrettCom were reminding me of an article that we did last January, where we surveyed readers on their understanding of cyber security issues. Here’s the paragraph that they recalled particularly:

“The first surprise was that 24% indicated they do not believe there are any threats and risks associated with their information control system that could affect their business operations. This seems very puzzling since most organizations operate with the understanding that there is no such thing as 100% security. In an environment where industrial control systems are becoming more dependent upon increased connectivity, including the Internet and remote control capabilities, we expected nearly a 100% response acknowledging the presence of such risks. The most prevalent cyber security concerns expressed by nearly 20% of respondents acknowledging the presence of disconcerting risks were viruses and malicious software.”

GarrettCom’s president, Frank Madren, pointed out that the Stuxnet worm, that targeted Siemens SCADA management systems in Iran, India, and Indonesia, is spreading. This is probably not the first time that industrial control systems have been threatened, but it is a dramatic example of the truism that no business or industry is safe from the threat of cyber attacks. “This is not the time to stick your head in the sand and say ‘it can’t happen here’,” he says. “Cyber attacks on industrial control systems are happening now and will probably increase. At GarrettCom we have been developing and improving upon hardware and software security systems for more than a decade. We use a combination of industry standards with proprietary technology and best practices recommendations to fill in holes. The NERC CIP regulations for power utility substation protection are some of the most comprehensive security specifications available in the U.S. today, and much of what we have learned and implemented is applicable to other industrial environments as well. However, no system is completely immune from creative new incursions. Constant vigilance is required.”

Constant vigilance indeed.



No comments
The Engineers' Choice Awards highlight some of the best new control, instrumentation and automation products as chosen by...
Each year, a panel of Control Engineering editors and industry expert judges select the System Integrator of the Year Award winners.
Control Engineering Leaders Under 40 identifies and gives recognition to young engineers who...
Learn more about methods used to ensure that the integration between the safety system and the process control...
Adding industrial toughness and reliability to Ethernet eGuide
Technological advances like multiple-in-multiple-out (MIMO) transmitting and receiving
Virtualization advice: 4 ways splitting servers can help manufacturing; Efficient motion controls; Fill the brain drain; Learn from the HART Plant of the Year
Two sides to process safety: Combining human and technical factors in your program; Preparing HMI graphics for migrations; Mechatronics and safety; Engineers' Choice Awards
Detecting security breaches: Forensic invenstigations depend on knowing your networks inside and out; Wireless workers; Opening robotic control; Product exclusive: Robust encoders
The Ask Control Engineering blog covers all aspects of automation, including motors, drives, sensors, motion control, machine control, and embedded systems.
Join this ongoing discussion of machine guarding topics, including solutions assessments, regulatory compliance, gap analysis...
News and comments from Control Engineering process industries editor, Peter Welander.
IMS Research, recently acquired by IHS Inc., is a leading independent supplier of market research and consultancy to the global electronics industry.
This is a blog from the trenches – written by engineers who are implementing and upgrading control systems every day across every industry.
Anthony Baker is a fictitious aggregation of experts from Callisto Integration, providing manufacturing consulting and systems integration.
Integrator Guide

Integrator Guide

Search the online Automation Integrator Guide
 

Create New Listing

Visit the System Integrators page to view past winners of Control Engineering's System Integrator of the Year Award and learn how to enter the competition. You will also find more information on system integrators and Control System Integrators Association.

Case Study Database

Case Study Database

Get more exposure for your case study by uploading it to the Control Engineering case study database, where end-users can identify relevant solutions and explore what the experts are doing to effectively implement a variety of technology and productivity related projects.

These case studies provide examples of how knowledgeable solution providers have used technology, processes and people to create effective and successful implementations in real-world situations. Case studies can be completed by filling out a simple online form where you can outline the project title, abstract, and full story in 1500 words or less; upload photos, videos and a logo.

Click here to visit the Case Study Database and upload your case study.