Why we worry about cyber security

There are times when we see glimmers of hope, and then there are situations like this one.

05/01/2012


One of the legitimate complaints against industrial networking and control equipment from a cyber security standpoint is that many individual devices are very soft targets. User names and passwords are often difficult to change or even fixed. Programs can be changed without authentication. That sort of thing. If the network does not adequately shield these from the outside, they are usually easy to break. As one cyber security student described a PLC, “If you can ping it, you can own it.”

 

Security at the device level, Control Engineering December 2011 issue article graphicThat being the case, stories like this one are particularly problematic. According to reports by Wired and The H, RuggedCom has built an undocumented backdoor into its ROS (rugged operating system) that cannot be disabled. This is designed to be a factory user account, and the password can be derived from the MAC address. There are workarounds suggested by the US-CERT, but this is a band-aid until the company comes up with a more substantial solution.

 

To make matters worse, the stories allege that RuggedCom has known about this for a year. Or, maybe it's more accurate to say that the cat has been out of the bag for a year, because the company has known about it all along. Read the stories, but don’t complain to me if they turn you into an insomniac.

 

Peter Welander, pwelander@cfemedia.com



The Engineers' Choice Awards highlight some of the best new control, instrumentation and automation products as chosen by...
The System Integrator Giants program lists the top 100 system integrators among companies listed in CFE Media's Global System Integrator Database.
Each year, a panel of Control Engineering and Plant Engineering editors and industry expert judges select the System Integrator of the Year Award winners in three categories.
This eGuide illustrates solutions, applications and benefits of machine vision systems.
Learn how to increase device reliability in harsh environments and decrease unplanned system downtime.
This eGuide contains a series of articles and videos that considers theoretical and practical; immediate needs and a look into the future.
Women in engineering; Engineering Leaders Under 40; PID benefits and drawbacks; Ladder logic; Cloud computing
Robotic integration and cloud connections; SCADA and cybersecurity; Motor efficiency standards; Open- and closed-loop control; Augmented reality
Controller programming; Safety networks; Enclosure design; Power quality; Safety integrity levels; Increasing process efficiency
This article collection contains several articles on how advancements in vision system designs, computing power, algorithms, optics, and communications are making machine vision more cost effective than ever before.
Featured articles highlight technologies that enable the Industrial Internet of Things, IIoT-related products and strategies to get data more easily to the user.
This digital report will explore several aspects of how IIoT will transform manufacturing in the coming years.

Find and connect with the most suitable service provider for your unique application. Start searching the Global System Integrator Database Now!

Cloud, mobility, and remote operations; SCADA and contextual mobility; Custom UPS empowering a secure pipeline
Infrastructure for natural gas expansion; Artificial lift methods; Disruptive technology and fugitive gas emissions
Mobility as the means to offshore innovation; Preventing another Deepwater Horizon; ROVs as subsea robots; SCADA and the radio spectrum
Automation Engineer; Wood Group
System Integrator; Cross Integrated Systems Group
Jose S. Vasquez, Jr.
Fire & Life Safety Engineer; Technip USA Inc.
This course focuses on climate analysis, appropriateness of cooling system selection, and combining cooling systems.
This course will help identify and reveal electrical hazards and identify the solutions to implementing and maintaining a safe work environment.
This course explains how maintaining power and communication systems through emergency power-generation systems is critical.
click me