Why we worry about cyber security

There are times when we see glimmers of hope, and then there are situations like this one.

05/01/2012


One of the legitimate complaints against industrial networking and control equipment from a cyber security standpoint is that many individual devices are very soft targets. User names and passwords are often difficult to change or even fixed. Programs can be changed without authentication. That sort of thing. If the network does not adequately shield these from the outside, they are usually easy to break. As one cyber security student described a PLC, “If you can ping it, you can own it.”

 

Security at the device level, Control Engineering December 2011 issue article graphicThat being the case, stories like this one are particularly problematic. According to reports by Wired and The H, RuggedCom has built an undocumented backdoor into its ROS (rugged operating system) that cannot be disabled. This is designed to be a factory user account, and the password can be derived from the MAC address. There are workarounds suggested by the US-CERT, but this is a band-aid until the company comes up with a more substantial solution.

 

To make matters worse, the stories allege that RuggedCom has known about this for a year. Or, maybe it's more accurate to say that the cat has been out of the bag for a year, because the company has known about it all along. Read the stories, but don’t complain to me if they turn you into an insomniac.

 

Peter Welander, pwelander@cfemedia.com



No comments
The Engineers' Choice Awards highlight some of the best new control, instrumentation and automation products as chosen by...
The System Integrator Giants program lists the top 100 system integrators among companies listed in CFE Media's Global System Integrator Database.
The Engineering Leaders Under 40 program identifies and gives recognition to young engineers who...
This eGuide illustrates solutions, applications and benefits of machine vision systems.
Learn how to increase device reliability in harsh environments and decrease unplanned system downtime.
This eGuide contains a series of articles and videos that considers theoretical and practical; immediate needs and a look into the future.
System integration: Best practices and technologies to help; Virtualization virtues; Cyber security advice; Motor system efficiency, savings; Product exclusives; Road to Hannover
Collaborative robotics: How to improve safety, return on investment; Industrial Internet of Things, Industrie 4.0: World views; High-performance HMI, Information Integration: OPC and OMG
9 tips: How to integrate a servo system; Process control mathematical models; Serial network grounding; Engineers' Choice Awards; Learn from cyber security mistakes
This article collection contains several articles on the Industrial Internet of Things (IIoT) and how it is transforming manufacturing.
PLCs, robots, and the quest for a single controller; how OEE is key to automation solutions.
Learn how Industry 4.0 adds supply chain efficiency, optimizes pricing, improves quality, and more.

Find and connect with the most suitable service provider for your unique application. Start searching the Global System Integrator Database Now!

Getting to the bottom of subsea repairs: Older pipelines need more attention, and operators need a repair strategy; OTC preview; Offshore production difficult - and crucial
Digital oilfields: Integrated HMI/SCADA systems enable smarter data acquisition; Real-world impact of simulation; Electric actuator technology prospers in production fields
Special report: U.S. natural gas; LNG transport technologies evolve to meet market demand; Understanding new methane regulations; Predictive maintenance for gas pipeline compressors

(copy 5)

click me