November 30, 2013

I am reprinting an article written by Rob Spiegel, Senior Editor, Automation & Control – Design News Daily.  The article points out what is and will be significant issues with online work and work accomplished in this “digital age”.  This is a huge problem; growing on a yearly basis.  The technology to avoid hackers and digital intrusion is far behind efforts to access data bases using digital means.  It must be apparent that intellectual property as well as national security is at stake.   Please take a look and comment as you see fit.

Hackers are trying to get into your plant data and your intellectual property. Think you’re safe? Hackers may have already attacked your data. The average length of time from a cyber-attack to the moment that attack is detected is a whopping 416 days, according to the National Board of Information Security Examiners (NBISE).

Michael Assante, director of NBISE painted a dire picture of the growing threat of cyber-security at the Rockwell Automation Fair in Houston Tuesday. In a panel discussion on the connected enterprise and industrial control system security, Assante noted that “94 percent of organizations that were victims of cyber-attacks were not able to detect the attack.” He also pointed out that 100 percent of the organizations that were attacked had security. “Conventional security is simply not keeping up,” he said.

Assante classified cyber-attacks into three categories:

  • General cyber-attacks are less structured. The hackers are out for notoriety and fame. They’re part of the hacker community.
  • Targeted cyber-attacks are directed to specific goals. The attacks could be for monetary gain or to steal intellectual property.
  • The third category is the most dangerous, strategic cyber-attacks. These are highly structured attacks with intent to commit major economic disruption or cyber-terrorism. Assante noted that strategic cyber-attacks are growing. “We have passed the inflection point,” he said.

As for warding off attacks, Assante believes the answer is an educated staff and networks that require authentication. “People pave the way to cyber-security,” he said. “We have to secure people, and we have to make people cyber-aware.”

Joining Assante on the panel was Frank Kulaszewicz, senior vice president of architecture and software at Rockwell Automation. Kulaszewicz acknowledged that security is a growing problem. “Major security events are increasing,” he said. “Security is one of the fastest changing landscapes in technology.” He explained that cyber-threats are growing partly because of the expanding connectivity in automation. “Whenever you add devices, you create more access points.”

Working on a solution
Kulaszewicz noted that Rockwell and Cisco Systems have developed a strategic relationship to increase connectivity and productivity, but also to work on security. “We’re using role-based security. We design for security and audit to identify gaps,” he said.

Assante sees a path to security in knowledge and skills, both to identify vulnerabilities and also to detect breaches. “The biggest challenge to security is skills,” Assante told Design News. “The answer is education, the right set of knowledge. We leverage that knowledge to improve security.” He noted that security comes in two forms, the ability to ward off attacks, and the ability to determine if an attack has been launched. “Not only must the connected device be secure, but the network must be able to detect if the device has been compromised,” he told us.

Who are the bad guys?
Attacks can come from anywhere in the world. (At a hackers conference you can buy a Russian toolkit to crack plant systems for $2,500.) However, the biggest threat may be plant employees. “It can be malicious insiders,” Kulaszewicz told us. “They do it for spite, or to get intellectual property before they leave.” He also noted that breaches can happen by mistake. “It can be an accident, say a maintenance guy tweaks a variable that opens up a network.”

Rockwell identified Cisco as the right partner to create viable cyber-security. “We developed a relationship with Cisco to improve security,” said Kulaszewicz. “Cisco has been successful in security with other verticals such as the financial industry. They have domain expertise. Their technology is great, so why should we develop our own?”



What do you think?

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: