1661898859670 Cg0811 Hand

Infrastructure Cybersecurity Is in Our Hands

Nov. 3, 2008
There Is Growing Recognition of the Bottom-Line Impact of the Cyber Event That Doesn’t Happen
By Keith Larson, VP Content, Putman Media

Even without the terrorist attacks of September 11 and the U.S. Dept. of Homeland Security’s resultant push to secure the country’s critical infrastructure, an organized effort to protect process automation systems from cyber events was bound to bubble to the top of our priority list.  Call it the law of unintended consequences at work. Process automation systems were once isolated as well as proprietary, two natural—and highly effective—ways to protect critical systems from malware and other scourges of the Internet age.

But even as the problem—and awareness—of cyber security issues gathered steam in the outside world, the process automation community unintentionally increased the cyber vulnerability of many of its systems.
Indeed, over the past 15 years, we drove the widespread adoption of the very same commercial, off-the-shelf (COTS) computing platforms that the black hats were targeting.

And simultaneously, in recognition of the need for manufacturing data transparency, we pushed the interconnection and integration of process control with other enterprise systems to unprecedented levels, effectively multiplying our systems’ vulnerabilities.

One need look only as far as the global credit crisis of recent weeks to understand how integration and interconnectivity among systems can amplify and intensify the vulnerabilities of any consituent system.

Security off the Back Burner

As usual, and rightly so, the process automation community has long focused its attention on the performance, functionality and business benefit delivered by its systems. But today, added to these priorities is a growing recognition of the bottom-line impact of the cyber event that doesn’t happen.

Securing industrial control systems isn’t rocket science, but it does involve the considered deployment of firewalls and other protective measures. And it can’t just be left to the folks in IT. Those whose business it is to understand the unique performance requirements of process automation networks must add a working knowledge of security to their kit bags.

Fortunately, help is on the way, both in the form of well-documented methodologies for assessing and addressing system vulnerabilities, and as new network security devices that are increasingly easy to deploy and manage.
One company on the forefront of securing the vast installed base of industrial control systems is MTL, which in conjunction with Byres Security last month introduced a “Modbus TCP Enforcer” module for its Tofino security appliance.

Indeed, the lack of inherent security functionality within Modbus, the world’s most widely installed SCADA network, is indicative of industry’s historical focus on performance and functionality at the expense of security.

Modbus traffic normally can be allowed or blocked by a standard firewall, but fine-grained control was impossible, explains Eric Byres, chief technology officer for Byres Security. “And since the smooth flow of Modbus TCP traffic is critical to the average industrial facility, engineers usually opted to let everything pass and take their chances with security. Modbus Enforcer provides tailored protection that is simple to implement for control engineers.”

In the case of new process automation systems, easier-to-manage, “built-in” security is an increasingly common feature of system components. The latest network switches from Emerson Process Management, for example, are integrated into the company’s system management structure. “Network and security devices become DeltaV devices,” notes Bob Huba, product manager. 

The process automation community can’t depend on others to secure our systems. We have to assume responsibility and play a central role in securing our critical infrastructure. To paraphrase Pogo, “we have met our guardian, and he is us.”  

Sponsored Recommendations

The tiny EZminiWiFi is a godsend for the plant maintenance engineers who need to make a minor modification to the HMI program or, for that matter, the PLC program. It's very easy...
Discover the benefits of American-made automation products, including stable pricing, faster delivery, and innovative features tailored to real-world applications. With superior...
Over the past 50 years, the automation technology landscape has changed dramatically, but many of the underlying industry needs remain unchanged. To learn more about what’s changed...
Watch EZAutomation's recent feature on the popular FOX Network series "Manufacturing Marvels" and discover what makes them a force to be reckoned with in industrial automation...