It can happen here?


While it seems that Siemens’ efforts to deal with the Trojan problem have been effective, the situation should remind us that such events must not be thought of as something that happen somewhere else.

The folks from GarrettCom were reminding me of an article that we did last January, where we surveyed readers on their understanding of cyber security issues. Here’s the paragraph that they recalled particularly:

“The first surprise was that 24% indicated they do not believe there are any threats and risks associated with their information control system that could affect their business operations. This seems very puzzling since most organizations operate with the understanding that there is no such thing as 100% security. In an environment where industrial control systems are becoming more dependent upon increased connectivity, including the Internet and remote control capabilities, we expected nearly a 100% response acknowledging the presence of such risks. The most prevalent cyber security concerns expressed by nearly 20% of respondents acknowledging the presence of disconcerting risks were viruses and malicious software.”

GarrettCom’s president, Frank Madren, pointed out that the Stuxnet worm, that targeted Siemens SCADA management systems in Iran, India, and Indonesia, is spreading. This is probably not the first time that industrial control systems have been threatened, but it is a dramatic example of the truism that no business or industry is safe from the threat of cyber attacks. “This is not the time to stick your head in the sand and say ‘it can’t happen here’,” he says. “Cyber attacks on industrial control systems are happening now and will probably increase. At GarrettCom we have been developing and improving upon hardware and software security systems for more than a decade. We use a combination of industry standards with proprietary technology and best practices recommendations to fill in holes. The NERC CIP regulations for power utility substation protection are some of the most comprehensive security specifications available in the U.S. today, and much of what we have learned and implemented is applicable to other industrial environments as well. However, no system is completely immune from creative new incursions. Constant vigilance is required.”

Constant vigilance indeed.

No comments
The Engineers' Choice Awards highlight some of the best new control, instrumentation and automation products as chosen by...
The System Integrator Giants program lists the top 100 system integrators among companies listed in CFE Media's Global System Integrator Database.
The Engineering Leaders Under 40 program identifies and gives recognition to young engineers who...
Learn how to increase device reliability in harsh environments and decrease unplanned system downtime.
This eGuide contains a series of articles and videos that considers theoretical and practical; immediate needs and a look into the future.
Learn how to create value with re-use; gain productivity with lean automation and connectivity, and optimize panel design and construction.
Machine design tips: Pneumatic or electric; Software upgrades; Ethernet advantages; Additive manufacturing; Engineering Leaders; Product exclusives: PLC, HMI, IO
Industrial wireless cyber security: More complex than black and white; IIoT at the I/O level; Process modeling; Cyber security research
Robotic advances: Software, form factors; System-based ROI; Embedded control; MES and information integration; SCADA and cyber security; Position sensor; Controller, I/O module
Learn how Industry 4.0 adds supply chain efficiency, optimizes pricing, improves quality, and more.

Find and connect with the most suitable service provider for your unique application. Start searching the Global System Integrator Database Now!

Drilling for Big Data: Managing the flow of information; Big data drilldown series: Challenge and opportunity; OT to IT: Creating a circle of improvement; Industry loses best workers, again
Pipeline vulnerabilities? Securing hydrocarbon transit; Predictive analytics hit the mainstream; Dirty pipelines decrease flow, production—pig your line; Ensuring pipeline physical and cyber security
Cyber security attack: The threat is real; Hacking O&G control systems: Understanding the cyber risk; The active cyber defense cycle

(copy 5)