Why we worry about cyber security
There are times when we see glimmers of hope, and then there are situations like this one.
One of the legitimate complaints against industrial networking and control equipment from a cyber security standpoint is that many individual devices are very soft targets. User names and passwords are often difficult to change or even fixed. Programs can be changed without authentication. That sort of thing. If the network does not adequately shield these from the outside, they are usually easy to break. As one cyber security student described a PLC, “If you can ping it, you can own it.”
That being the case, stories like this one are particularly problematic. According to reports by Wired and The H, RuggedCom has built an undocumented backdoor into its ROS (rugged operating system) that cannot be disabled. This is designed to be a factory user account, and the password can be derived from the MAC address. There are workarounds suggested by the US-CERT, but this is a band-aid until the company comes up with a more substantial solution.
To make matters worse, the stories allege that RuggedCom has known about this for a year. Or, maybe it's more accurate to say that the cat has been out of the bag for a year, because the company has known about it all along. Read the stories, but don’t complain to me if they turn you into an insomniac.
Peter Welander, pwelander(at)cfemedia.com
Integrator Guide
| Search the online Automation Integrator Guide |
|
|
|
|
Visit the System Integrators page to view past winners of Control Engineering's System Integrator of the Year Award and learn how to enter the competition. You will also find more information on system integrators and Control System Integrators Association.
Case Study Database
Get more exposure for your case study by uploading it to the Control Engineering case study database, where end-users can identify relevant solutions and explore what the experts are doing to effectively implement a variety of technology and productivity related projects.
These case studies provide examples of how knowledgeable solution providers have used technology, processes and people to create effective and successful implementations in real-world situations. Case studies can be completed by filling out a simple online form where you can outline the project title, abstract, and full story in 1500 words or less; upload photos, videos and a logo.
Click here to visit the Case Study Database and upload your case study.