Why we worry about cyber security

There are times when we see glimmers of hope, and then there are situations like this one.

05/01/2012


One of the legitimate complaints against industrial networking and control equipment from a cyber security standpoint is that many individual devices are very soft targets. User names and passwords are often difficult to change or even fixed. Programs can be changed without authentication. That sort of thing. If the network does not adequately shield these from the outside, they are usually easy to break. As one cyber security student described a PLC, “If you can ping it, you can own it.”

 

Security at the device level, Control Engineering December 2011 issue article graphicThat being the case, stories like this one are particularly problematic. According to reports by Wired and The H, RuggedCom has built an undocumented backdoor into its ROS (rugged operating system) that cannot be disabled. This is designed to be a factory user account, and the password can be derived from the MAC address. There are workarounds suggested by the US-CERT, but this is a band-aid until the company comes up with a more substantial solution.

 

To make matters worse, the stories allege that RuggedCom has known about this for a year. Or, maybe it's more accurate to say that the cat has been out of the bag for a year, because the company has known about it all along. Read the stories, but don’t complain to me if they turn you into an insomniac.

 

Peter Welander, pwelander@cfemedia.com



No comments
The Engineers' Choice Awards highlight some of the best new control, instrumentation and automation products as chosen by...
The System Integrator Giants program lists the top 100 system integrators among companies listed in CFE Media's Global System Integrator Database.
The Engineering Leaders Under 40 program identifies and gives recognition to young engineers who...
This eGuide illustrates solutions, applications and benefits of machine vision systems.
Learn how to increase device reliability in harsh environments and decrease unplanned system downtime.
This eGuide contains a series of articles and videos that considers theoretical and practical; immediate needs and a look into the future.
Mobile HMI; PID tuning tips; Mechatronics; Intelligent project management; Cybersecurity in Russia; Engineering education; Road to IANA
Save energy with automation; Process control system upgrades; Dispelling controll myths; Time-sensitive networking; Control system integration; Road to IANA
Additive manufacturing advancements; Machine vision enhances robotics; Fieldbus evolution; Process safety; Advice from System Integrators of the Year; Road to IANA
This article collection contains several articles on the Industrial Internet of Things (IIoT) and how it is transforming manufacturing.

Find and connect with the most suitable service provider for your unique application. Start searching the Global System Integrator Database Now!

Flexible offshore fire protection; Big Data's impact on operations; Bridging the skills gap; Identifying security risks
The digital oilfield: Utilizing Big Data can yield big savings; Virtualization a real solution; Tracking SIS performance
Getting to the bottom of subsea repairs: Older pipelines need more attention, and operators need a repair strategy; OTC preview; Offshore production difficult - and crucial

(copy 5)

click me