ow secure is your plant? I don't mean do you have a fence and a guard shack, but how secure is the control system you use to run your plant and make your stuff? Last month, on our website, CONTROL ran a poll. Almost 50% of the respondents chose either "swiss cheese" or "what security?" as the answer to "Is your plant control system security good enough?"
It is fast approaching three years since the WTC attack on 9/11. During a conversation at the recent MCAA meeting with William Rees, of the Department of Homeland Security, Rees told me that DHS is experiencing some increasing reluctance on the part of industry and utilities to implement higher levels of security. "If you look at 9/11 as a big blip in the level of security concern," Rees said, "as time goes on, the level of concern tails off." Why is this an ominous sign? A month or so ago, much of a major city in the Pacific Northwest lost power for several hours due to a car hitting a power pole outside a "main" substation of the city-owned utility. What the news didn’t report was that inside the substation, which is protected by a chain link fence (and not much else), is the SCADA head end for the city’s entire power distribution system. Had it been a car bomb rather than a car accident, you can imagine the outcome. Rees’ comments, coupled with the response to CONTROL’s poll, highlights the problem.
Is the threat real? Several years ago, Eric Byres, Director of the British Columbia Institute of Technology Internet Laboratory, showed me how fast he could break into a network of PLCs made by one of the prominent manufacturers. Just as I won’t reveal the manufacturer’s name, I won’t tell you how startlingly fast Byres could hack it. But just because there are serious security vulnerabilities, does it mean the threat is real? Security consultant Joe Weiss of Kema Consulting says he knows of multiple successful hacks of control systems. So, not only can it happen, it is happening.
Data from a variety of sources indicate that not only are control systems vulnerable, but that those vulnerabilities are being exploited by hackers. In the 2003 Frontline investigative report "Cyberwar!" a number of security experts and hackers were quoted as saying how easy it would be to attack our infrastructure. The program detailed attacks that had happened before 2003, and there has been little change in the situation in the year-plus since the report aired.
One of the problems we face is that the very nature and architecture of most control systems is designed to be as open as possible to facilitate integration. Concerns range from security holes in Microsoft and other OSs, to poorly trained IT personnel. It doesn’t matter how many holes Microsoft, Sun, and the IX/UX-folks can plug when the root login is "admin" and the password is "password." Sometimes it seems like it was better in the old days. Recently, Honeywell’s Peter Zornio jokingly commented, "I don’t recall any of these problems with the TDC3000 OS."
In addition to cybernetic attack, there is also the very real problem of attack by physical means. It is estimated that fewer than 20 dedicated saboteurs could damage enough of the electric power grid in the western U.S. to cause major power outages for months. In his cover story on redundant control systems in this issue, Dan Hebert makes the point that DHS is asking control system manufacturers and users to consider physical separation as a key feature of redundant systems.
So tell me, how is the security at your plant? And what are you doing about it?