Greenfield
Factory Automation
Bassett
Batch Processing
Hand
Process Automation
Reynolds
Packaging Automation
Campbell
On the Edge
Factory & Machine Automation Playbook cover
This one-of-a-kind Factory Automation Playbook is packed with best practices, practical tips and pitfalls to avoid on a wide range of topics, from defining project objectives to selecting components to implementing technologies that can make your automated systems smarter and more productive.

 

Cyber Security Spreads

Following years of discussion around the critical need for improved cyber security across industry, it appears as if the movement is starting to snowball, as evidenced by the greater involvement of the embedded, control system patch management and safety sectors.
print email

The concept of cyber security in the manufacturing and process industries, though having been discussed in all seriousness for years now, continues to be slowly implemented when you consider broad industry application. But some signs are pointing to the fact that 2013 may be the year this scenario changes.

In the past week alone, I have had discussions or seen news addressing three critical aspects of industrial security that I have not seen discussed much before. To be clear, what I have seen a great deal about over the years tends to focus on the application of software-based cyber security, such as firewalls, white listing and authentication as well as process-oriented steps involving policies and procedures. The three, less-talked-about concepts I’m referring to in this post involve embedded security, patch management and the involvement of major safety groups in the cyber security initiative.

This year, security consultancies like TÜV will make a major push into the SCADA and process security markets.

On the embedded security front, I was given a preview of a new product soon to be released by Icon Labs that can be used to retrofit security onto existing assets. In essence, any device in your operation—from sensors and drives to controllers and actuators—that is or can be connected to a network can now have embedded-level firewall protection. According to Icon Labs, its Floodgate Defender device is a small footprint firewall appliance for drop-in security of existing industrial systems that can be used as a standalone device or integrated with McAfee ePolicy Orchestrator (ePO). Of course, Floodgate Defender—as a retrofit—is not actually an embedded security device, since you can’t crack open your existing assets and integrated Floodgate Defender onto the device’s motherboard. However, by providing firewall protection at the device level, Floodgate Defender is designed to bring the defense-in-depth concept from the enterprise level down to the device level. Stay tuned on this one, I’ll have more information to share when the product is released.

Another cyber security move brought to my attention this week comes from GE’s Measurement & Control business, which introduced its CAP Software Update and SecurityST Appliance. The SecurityST Appliance is said to provide centralized account management, event logging and management, network intrusion detection and update and backup change management. And while these issues are certainly important, it was the CAP Software Update release that piqued my interest because of its focus on patch management—a critical cyber security issue that all-too-often doesn’t get the attention it deserves once the core cyber security software is installed. Designed “to keep pace with constantly evolving cyber threats,” GE says its new CAP Software Update will help asset owners more effectively manage their current digital patch levels and anti-virus/host intrusion detection signatures. Patch management is one of those boring-but-important cyber security issues that no one should overlook. Without it, holes in your otherwise well-planned cyber security plan start to appear within days, if not hours.

My last cyber security point, for now, comes from renowned cyber security expert Eric Byres, CTO and co-founder of Tofino Industrial Security. In his latest blog post Eric offered his cyber security predictions for 2013. Though I found all his prognostications to be of interest, it was his prediction around the involvement of major safety groups in the industrial cyber security initiative that really got my attention. Here’s what he had to say: “This year, security consultancies like TÜV will make a major push into the SCADA and process security markets … and the IEC safety standards will start to be reevaluated in terms of security.” Byres added that he also hopes efforts like the Department of Homeland Security’s LOGIIC analysis of Safety Instrumented Systems will “start to make headlines too and not stay hidden under a bushel.”

While we’re on the subject of Eric Byres, I wanted to announce that we have just confirmed his participation in The Automation Conference 2013, to be held in Chicago on May 14-15. Eric will deliver a keynote presentation on cyber security and automation systems and hold court in a special “Ask the Expert” session where you can put your cyber security questions to Eric directly. Space is limited at the conference, so register today at www.theautomationconference.com.

David Greenfield has been covering industrial technologies, ranging from software and hardware to embedded systems, for more than 20 years. His principal areas of coverage for Automation World focus on technologies deployed for factory and process automation. Contact David at [email protected] or follow him on twitter @DJGreenfield.
0

Add new comment

 

  NEWSLETTERS
Don’t miss intelligence crucial to your job and business!
Click on any newsletter to view a sample. Enter your email address below to sign up!

News Insights

News & Analysis

Product Insights

Latest Automation Products

Best of Blogs

Industrial Automation Columnists

Automation Focus

Sponsored white papers, videos and products

Continuous Processing

Oil & Gas, Chemical and More

Automation Skills

Improve Industry Skills

Industrial
Ethernet Review

Network Application of IE

Factory Automation

Technology for Discrete Manufacturing

Food Bev & Pharma

Automation Applications & Trends

Global Edition

Global automation news

Each newsletter ranges in frequency from once per month to a few times per month at most.

 

The best of the essentials!
Secrets to Automation Project Success

Sign up to receive timely updates from our editors and download this FREE Automation Project Survival Guide. It’s packed with field-tested best practices from industry experts that can help make your next automation project a success.

x