OSIsoft Conference: consultant says work needed to secure control systems

San Francisco, CA—Joe Weiss, executive consultant at Kema Inc. and a former controls engineer, talked about his concern that control system security is being overlooked during an April 20 presentation at the recent OSIsoft User Conference.


San Francisco, CA— As can be seen from our recent posting of the U.S. General Accounting Office’s report on control system security at Control Engineering ’s Resource Center

Joe Weiss, executive consultant at Kema Inc. and a former controls engineer, testified March 30 before the U.S. House Government Reform Committee on Technology, Information Policy, Intergovernmental Relations, and the Census about his concern that control system security is being overlooked while the government focuses on traditional IT business systems.

“There have been more than 40 cases of control system denial of service attacks since 2001,” but none of them have been recorded by reporting agencies formed to track such occurrences, Weiss reported during an April 20 presentation at the recent OSIsoft User Conference in San Francisco.

Weiss adds that the denial of service issue was created for control systems during the transition over the past several years from analog to digital systems. “This move opened up control systems more than was ever planned for,” due to interest in access by corporate engineers and other areas of the extended enterprise, he says. This requirement [to be more open to outside access] necessitates more bandwidth use, which can lead to denial of service.

In his presentation, Weiss stated that manufacturers need to address three main issues to increase the cyber-related security of their control systems:

  • The culture clash between IT and operations. IT has normally held responsibility and resources for security, but they don’t understand control systems. On the other hand, operations often doesn’t understand security, nor does it have the money needed to implement it. Furthermore, the CIO does not have accountability for control system security.

  • Control systems were never designed to be secure. They were designed to be useful and interoperable, leaving them wide open to attack.

  • Control system vendors are all headed in the same direction—to link the factory floor to the boardroom [further opening up control systems access], and most are teaming closely with Microsoft to accomplish this. Though Microsoft is no more vulnerable than most other operating systems, it is more of a target for attacks.

“The [industrial community] is all over the map [in its approach to security],” says Weiss. “There is little information sharing, but everyone wants to know where everyone else is at. Therefore, whatever you do will set a precedent because you’re likely to be the first to do it.”

Kema is holding its fourth annual conference on cyber security for SCADA and process control systems on August 16-18, 2004, in Idaho Falls, ID. Conference highlights will include:

  • A tour of the national SCADA test bed at the Idaho National Engineering and Environmental Laboratory;

  • Current status and updates of government and industry initiatives; and

  • A regulatory roundtable featuring representatives from the Department of Homeland Security, the legal and insurance industries, as well as the industrial community to discuss current and pending regulatory changes impacting the cyber security of process control systems.

For more information on the conference, visit www.kemaseminars.com . To read Control Engineering’s control system security coverage, click here: Get safe: Prepare for Security Intrusion .

Control Engineering Daily News Desk
David Greenfield, editorial director

No comments
The Engineers' Choice Awards highlight some of the best new control, instrumentation and automation products as chosen by...
The System Integrator Giants program lists the top 100 system integrators among companies listed in CFE Media's Global System Integrator Database.
Each year, a panel of Control Engineering and Plant Engineering editors and industry expert judges select the System Integrator of the Year Award winners in three categories.
This eGuide illustrates solutions, applications and benefits of machine vision systems.
Learn how to increase device reliability in harsh environments and decrease unplanned system downtime.
This eGuide contains a series of articles and videos that considers theoretical and practical; immediate needs and a look into the future.
Additive manufacturing benefits; HMI and sensor tips; System integrator advice; Innovations from the industry
Robotic safety, collaboration, standards; DCS migration tips; IT/OT convergence; 2017 Control Engineering Salary and Career Survey
Integrated mobility; Artificial intelligence; Predictive motion control; Sensors and control system inputs; Asset Management; Cybersecurity
Featured articles highlight technologies that enable the Industrial Internet of Things, IIoT-related products and strategies to get data more easily to the user.
This article collection contains several articles on how automation and controls are helping human-machine interface (HMI) hardware and software advance.
This digital report will explore several aspects of how IIoT will transform manufacturing in the coming years.

Find and connect with the most suitable service provider for your unique application. Start searching the Global System Integrator Database Now!

Infrastructure for natural gas expansion; Artificial lift methods; Disruptive technology and fugitive gas emissions
Mobility as the means to offshore innovation; Preventing another Deepwater Horizon; ROVs as subsea robots; SCADA and the radio spectrum
Future of oil and gas projects; Reservoir models; The importance of SCADA to oil and gas
Automation Engineer; Wood Group
System Integrator; Cross Integrated Systems Group
Jose S. Vasquez, Jr.
Fire & Life Safety Engineer; Technip USA Inc.
This course focuses on climate analysis, appropriateness of cooling system selection, and combining cooling systems.
This course will help identify and reveal electrical hazards and identify the solutions to implementing and maintaining a safe work environment.
This course explains how maintaining power and communication systems through emergency power-generation systems is critical.
click me