Industries On—and Off—the Cutting Edge of Cyber Security

June 4, 2012
Though the manufacturing and production industries may just now be truly waking up to the control system security issue, some industries are clearly further ahead of the game than others.

Automation World’s 2012 Automation Conference (www.theautomationconference.com) featured industrial control system (ICS) cyber security specialist Joel Langill offering detailed insights on control system cyber security. Here are other observations by industry.

Most security experts agree that the large, tier-one companies in all industries have security well in place, as do those companies with high regulatory pressures, such as chemicals, oil & gas and utilities. “Oil & gas has done good job of self regulating by working with the Project Logic Initiative, a [U.S. Department of Homeland Security] funded initiative,” says Brian Ahern, president and CEO, Industrial Defender (www.industrialdefender.com) (a supplier of industrial security systems based in Foxborough, Mass.). “In this initiative, energy sector players come together to define standards for automation system security. As a result of the high level of involvement in this program, government is giving the industry players a lot of leeway to drive security without regulatory involvement.”

Ahern also points to the chemical industries’ CFAT (chemicals facility anti-terrorism) standard, which is modeled after NERC CIP. “It’s not a regulation, just a standard,” says Ahern, “but the industry is starting to audit to the standard. It could become regulatory if non-conformance becomes an issue.”

Discrete manufacturers are in a much earlier stage of the process of implementing security, according to Rick Dries, director of systems and application engineering support, Siemens Industry (www.usa.siemens.com/industry), Alpharetta, Ga. “Most process industries are considered critical infrastructure, that’s why they’re further along. In addition, due to the nature of their operations, process facilities have fewer opportunities for downtime to fix things. Control systems are simply more integrated throughout a process operation” and that has made security a more upfront issue for the process industries in general.

“Mid-size and smaller companies overall are struggling with the cyber security issue,” says Eric Byres, chief technology officer and vice president of engineering at Byres Security (www.tofinosecurity.com). For example, look at the water industry, which is made up of a lot of little utilities with tons of problems facing them. The engineers in these facilities have several jobs. I’ve even seen some big water utilities with no security awareness.”

Byres adds that food manufacturers are also just now waking up to realities of dealing effectively with cyber-security issues.

>> In this video, Eric Byres of Tofino Security, a Belden Company, provides an overview on Deep Packet Inspection at the HMI/Control layer. Visit bit.ly/awvids082

“General manufacturing is still somewhat behind the curve when it comes to control system security,” says Langill, ICS cyber-security specialist at SCADAhacker.com (scadahacker.com) (Appleton, Wis.), “primarily due to a misunderstanding of what the real threats and consequences are to their operations. Unfortunately, many believe that a cyber attack needs to come from a terrorist organization trying to cause mass destruction. In industrial settings, the real threat more often comes from  ‘unintentional’ or ‘accidental’ infection of a control system through an unknowing insider—maybe even the lead automation engineer.”

>> Visit The Automation Conference web site (bit.ly/tac2012news) for additional insights and information from the conference sessions itself.

David Greenfield, [email protected], is Automation World’s Media and Events Director. 

About the Author

David Greenfield, editor in chief | Editor in Chief

David Greenfield joined Automation World in June 2011. Bringing a wealth of industry knowledge and media experience to his position, David’s contributions can be found in AW’s print and online editions and custom projects. Earlier in his career, David was Editorial Director of Design News at UBM Electronics, and prior to joining UBM, he was Editorial Director of Control Engineering at Reed Business Information, where he also worked on Manufacturing Business Technology as Publisher. 

Sponsored Recommendations

Why Go Beyond Traditional HMI/SCADA

Traditional HMI/SCADAs are being reinvented with today's growing dependence on mobile technology. Discover how AVEVA is implementing this software into your everyday devices to...

4 Reasons to move to a subscription model for your HMI/SCADA

Software-as-a-service (SaaS) gives you the technical and financial ability to respond to the changing market and provides efficient control across your entire enterprise—not just...

Is your HMI stuck in the stone age?

What happens when you adopt modern HMI solutions? Learn more about the future of operations control with these six modern HMI must-haves to help you turbocharge operator efficiency...