OSIsoft Conference: consultant says work needed to secure control systems

San Francisco, CA—Joe Weiss, executive consultant at Kema Inc. and a former controls engineer, talked about his concern that control system security is being overlooked during an April 20 presentation at the recent OSIsoft User Conference.


San Francisco, CA— As can be seen from our recent posting of the U.S. General Accounting Office’s report on control system security at Control Engineering ’s Resource Center

Joe Weiss, executive consultant at Kema Inc. and a former controls engineer, testified March 30 before the U.S. House Government Reform Committee on Technology, Information Policy, Intergovernmental Relations, and the Census about his concern that control system security is being overlooked while the government focuses on traditional IT business systems.

“There have been more than 40 cases of control system denial of service attacks since 2001,” but none of them have been recorded by reporting agencies formed to track such occurrences, Weiss reported during an April 20 presentation at the recent OSIsoft User Conference in San Francisco.

Weiss adds that the denial of service issue was created for control systems during the transition over the past several years from analog to digital systems. “This move opened up control systems more than was ever planned for,” due to interest in access by corporate engineers and other areas of the extended enterprise, he says. This requirement [to be more open to outside access] necessitates more bandwidth use, which can lead to denial of service.

In his presentation, Weiss stated that manufacturers need to address three main issues to increase the cyber-related security of their control systems:

  • The culture clash between IT and operations. IT has normally held responsibility and resources for security, but they don’t understand control systems. On the other hand, operations often doesn’t understand security, nor does it have the money needed to implement it. Furthermore, the CIO does not have accountability for control system security.

  • Control systems were never designed to be secure. They were designed to be useful and interoperable, leaving them wide open to attack.

  • Control system vendors are all headed in the same direction—to link the factory floor to the boardroom [further opening up control systems access], and most are teaming closely with Microsoft to accomplish this. Though Microsoft is no more vulnerable than most other operating systems, it is more of a target for attacks.

“The [industrial community] is all over the map [in its approach to security],” says Weiss. “There is little information sharing, but everyone wants to know where everyone else is at. Therefore, whatever you do will set a precedent because you’re likely to be the first to do it.”

Kema is holding its fourth annual conference on cyber security for SCADA and process control systems on August 16-18, 2004, in Idaho Falls, ID. Conference highlights will include:

  • A tour of the national SCADA test bed at the Idaho National Engineering and Environmental Laboratory;

  • Current status and updates of government and industry initiatives; and

  • A regulatory roundtable featuring representatives from the Department of Homeland Security, the legal and insurance industries, as well as the industrial community to discuss current and pending regulatory changes impacting the cyber security of process control systems.

For more information on the conference, visit www.kemaseminars.com . To read Control Engineering’s control system security coverage, click here: Get safe: Prepare for Security Intrusion .

Control Engineering Daily News Desk
David Greenfield, editorial director

No comments
The Engineers' Choice Awards highlight some of the best new control, instrumentation and automation products as chosen by...
The System Integrator Giants program lists the top 100 system integrators among companies listed in CFE Media's Global System Integrator Database.
The Engineering Leaders Under 40 program identifies and gives recognition to young engineers who...
This eGuide illustrates solutions, applications and benefits of machine vision systems.
Learn how to increase device reliability in harsh environments and decrease unplanned system downtime.
This eGuide contains a series of articles and videos that considers theoretical and practical; immediate needs and a look into the future.
Make Big Data and Industrial Internet of Things work for you, 2017 Engineers' Choice Finalists, Avoid control design pitfalls, Managing IIoT processes
Engineering Leaders Under 40; System integration improving packaging operation; Process sensing; PID velocity; Cybersecurity and functional safety
Mobile HMI; PID tuning tips; Mechatronics; Intelligent project management; Cybersecurity in Russia; Engineering education; Road to IANA
This article collection contains several articles on the Industrial Internet of Things (IIoT) and how it is transforming manufacturing.

Find and connect with the most suitable service provider for your unique application. Start searching the Global System Integrator Database Now!

SCADA at the junction, Managing risk through maintenance, Moving at the speed of data
Flexible offshore fire protection; Big Data's impact on operations; Bridging the skills gap; Identifying security risks
The digital oilfield: Utilizing Big Data can yield big savings; Virtualization a real solution; Tracking SIS performance
click me