Control system cyber security worries

What do process control system owners worry about? Here are some cyber security concerns sent in by readers in a recent survey.

12/22/2009


In the January issue of Control Engineering , there will be an article that examines the results of a recent industrial cyber security survey. One question asked, "Does your organization believe there are threats and risks associated with your information control system that could affect your business? If Yes, what specific risks do you suspect / know exist?" Respondents had the opportunity to write in remarks. Looking at those, the results are very widely scattered, but there are a few that appear with some consistency.

• Typical network troubles, such as viruses, Trojans, spam, worms, spyware, phishing, and other malware are mentioned frequently.

• Internal attacks, either inadvertent or deliberate. The term "disgruntled (ex-)employee" came up a number of times.

• Transfer of malware or proprietary data via a thumb drive or a careless contractor's computer.

• Loss or theft of proprietary information. For example: "Company records, instrumentation values, and status are all at risk." "Loss of intellectual property." "Data safety comes to be a big issue. Many business plans will lose their value if the information is revealed before it's implemented."

• Problems that could disrupt or shut down control systems. For example: "We are not worried about starting, stopping equipment, or changing set points, just unknowingly overloading networks and/or stopping processors." "An intruder could flood the control network with messages such that the control system bogs down." "Spam is a threat as it clogs the information‘superhighway.'" "Outside attacks meant only to snoop a network can stop a processor."

While most responses were brief and general, there were some that were more detailed and specific:

"Significant vulnerabilities within the open systems world based on Microsoft technologies have presented countless risks to the control systems user. This, coupled with a flood of wireless products from vendors that do not seem to place a high priority on cyber security, present today's control system user with enormous risks of an attack on their key plant assets. This is further compounded by vendors' unwillingness to openly document their own vulnerabilities and how to utilize proven countermeasures to minimize your exposure to these risks."

"1. Virus, worms, hackers. 2. Internal or external unauthorized modification or deletion of data. 3. Unauthorized viewing/theft of information. 4. Environment damage or harm to humans. 5. Interruption of normal operation of control system or safety system. 6. Loss or theft of product."

"Internal data or file damage by employees for malicious reasons. If there is a way to get at it, they will. Access to online programming software by unauthorized personnel could cause a machine motion function to occur, causing injury or death to other employees."

"We need remote access to our systems via the Internet. We know that that creates a risk. We need trained people to help us reduce this risk. There are very few people that understand control systems and their networks and the internet along with network security skills."

"Weaknesses in existing operating systems and applications coming from Microsoft are inherent in the architecture and can never be corrected until the architecture is altered in ways that will likely render it incompatible with its application base. Other operating systems fare only somewhat better as they adopt the very same weaknesses to retain interoperability between embedded and server systems."

"1. Possible access to control network. 2. Possible open access at various points in system. 3. Not enough or secure enough firewalls between corporate network and control network 4. Bad password management. 5. Possible back doors through phone modems."

It's clear from the results that many users have a realistic concept of the threats facing industrial control systems. Still, 23.6% of the respondents answered "no" to the question, "Does your organization believe there are threats and risks associated with your information control system that could affect your business?" The fact that so many don't believe there is a risk may, in some ways, be one of the biggest risks in itself.

Read Cyber security for legacy control systems .

Read the Control Engineering industrial cyber security blog .

 

-Peter Welander, process industries editor, PWelander@cfemedia.com
Control Engineering Process & Advanced Control Monthly eNewsletter
Register here to select your choice of free eNewsletters .





The Engineers' Choice Awards highlight some of the best new control, instrumentation and automation products as chosen by Control Engineering subscribers. Vote now (if qualified)!
The System Integrator Giants program lists the top 100 system integrators among companies listed in CFE Media's Global System Integrator Database.
Each year, a panel of Control Engineering and Plant Engineering editors and industry expert judges select the System Integrator of the Year Award winners in three categories.
This eGuide illustrates solutions, applications and benefits of machine vision systems.
Learn how to increase device reliability in harsh environments and decrease unplanned system downtime.
This eGuide contains a series of articles and videos that considers theoretical and practical; immediate needs and a look into the future.
Maximize ROI with integrated control system approach; Microcontrollers vs. PLCs; Power quality; Accelerate and rewire IIoT; Traits for excellent engineers
HMI effectiveness; Distributed I/O; Engineers' Choice Award finalists; System Integrator advice; Inside Machines
Women in engineering; Engineering Leaders Under 40; PID benefits and drawbacks; Ladder logic; Cloud computing
Programmable logic controllers (PLCs) represent the logic (decision) part of the control loop of sense, decide, and actuate. As we know, PLCs aren’t the only option for making decisions in a control loop, but they are likely why you’re here.
This digital report explains how plant engineers and subject matter experts (SME) need support for time series data and its many challenges.
This article collection contains several articles on how advancements in vision system designs, computing power, algorithms, optics, and communications are making machine vision more cost effective than ever before.

Find and connect with the most suitable service provider for your unique application. Start searching the Global System Integrator Database Now!

Control room technology innovation; Practical approaches to corrosion protection; Pipeline regulator revises quality programs
Cloud, mobility, and remote operations; SCADA and contextual mobility; Custom UPS empowering a secure pipeline
Infrastructure for natural gas expansion; Artificial lift methods; Disruptive technology and fugitive gas emissions
Automation Engineer; Wood Group
System Integrator; Cross Integrated Systems Group
Jose S. Vasquez, Jr.
Fire & Life Safety Engineer; Technip USA Inc.
This course focuses on climate analysis, appropriateness of cooling system selection, and combining cooling systems.
This course will help identify and reveal electrical hazards and identify the solutions to implementing and maintaining a safe work environment.
This course explains how maintaining power and communication systems through emergency power-generation systems is critical.
The Engineers' Choice Awards highlight some of the best new control, instrumentation and automation products as chosen by Control Engineering subscribers. Vote now (if qualified)!
The System Integrator Giants program lists the top 100 system integrators among companies listed in CFE Media's Global System Integrator Database.
Each year, a panel of Control Engineering and Plant Engineering editors and industry expert judges select the System Integrator of the Year Award winners in three categories.
This eGuide illustrates solutions, applications and benefits of machine vision systems.
Learn how to increase device reliability in harsh environments and decrease unplanned system downtime.
This eGuide contains a series of articles and videos that considers theoretical and practical; immediate needs and a look into the future.
Maximize ROI with integrated control system approach; Microcontrollers vs. PLCs; Power quality; Accelerate and rewire IIoT; Traits for excellent engineers
HMI effectiveness; Distributed I/O; Engineers' Choice Award finalists; System Integrator advice; Inside Machines
Women in engineering; Engineering Leaders Under 40; PID benefits and drawbacks; Ladder logic; Cloud computing
Programmable logic controllers (PLCs) represent the logic (decision) part of the control loop of sense, decide, and actuate. As we know, PLCs aren’t the only option for making decisions in a control loop, but they are likely why you’re here.
This digital report explains how plant engineers and subject matter experts (SME) need support for time series data and its many challenges.
This article collection contains several articles on how advancements in vision system designs, computing power, algorithms, optics, and communications are making machine vision more cost effective than ever before.

Find and connect with the most suitable service provider for your unique application. Start searching the Global System Integrator Database Now!

Control room technology innovation; Practical approaches to corrosion protection; Pipeline regulator revises quality programs
Cloud, mobility, and remote operations; SCADA and contextual mobility; Custom UPS empowering a secure pipeline
Infrastructure for natural gas expansion; Artificial lift methods; Disruptive technology and fugitive gas emissions
Automation Engineer; Wood Group
System Integrator; Cross Integrated Systems Group
Jose S. Vasquez, Jr.
Fire & Life Safety Engineer; Technip USA Inc.
This course focuses on climate analysis, appropriateness of cooling system selection, and combining cooling systems.
This course will help identify and reveal electrical hazards and identify the solutions to implementing and maintaining a safe work environment.
This course explains how maintaining power and communication systems through emergency power-generation systems is critical.
The Engineers' Choice Awards highlight some of the best new control, instrumentation and automation products as chosen by Control Engineering subscribers. Vote now (if qualified)!
The System Integrator Giants program lists the top 100 system integrators among companies listed in CFE Media's Global System Integrator Database.
Each year, a panel of Control Engineering and Plant Engineering editors and industry expert judges select the System Integrator of the Year Award winners in three categories.
This eGuide illustrates solutions, applications and benefits of machine vision systems.
Learn how to increase device reliability in harsh environments and decrease unplanned system downtime.
This eGuide contains a series of articles and videos that considers theoretical and practical; immediate needs and a look into the future.
Maximize ROI with integrated control system approach; Microcontrollers vs. PLCs; Power quality; Accelerate and rewire IIoT; Traits for excellent engineers
HMI effectiveness; Distributed I/O; Engineers' Choice Award finalists; System Integrator advice; Inside Machines
Women in engineering; Engineering Leaders Under 40; PID benefits and drawbacks; Ladder logic; Cloud computing
Programmable logic controllers (PLCs) represent the logic (decision) part of the control loop of sense, decide, and actuate. As we know, PLCs aren’t the only option for making decisions in a control loop, but they are likely why you’re here.
This digital report explains how plant engineers and subject matter experts (SME) need support for time series data and its many challenges.
This article collection contains several articles on how advancements in vision system designs, computing power, algorithms, optics, and communications are making machine vision more cost effective than ever before.

Find and connect with the most suitable service provider for your unique application. Start searching the Global System Integrator Database Now!

Control room technology innovation; Practical approaches to corrosion protection; Pipeline regulator revises quality programs
Cloud, mobility, and remote operations; SCADA and contextual mobility; Custom UPS empowering a secure pipeline
Infrastructure for natural gas expansion; Artificial lift methods; Disruptive technology and fugitive gas emissions
Automation Engineer; Wood Group
System Integrator; Cross Integrated Systems Group
Jose S. Vasquez, Jr.
Fire & Life Safety Engineer; Technip USA Inc.
This course focuses on climate analysis, appropriateness of cooling system selection, and combining cooling systems.
This course will help identify and reveal electrical hazards and identify the solutions to implementing and maintaining a safe work environment.
This course explains how maintaining power and communication systems through emergency power-generation systems is critical.
click me