Industrial Cyber Security Awareness

Oct. 8, 2014
The Internet’s wonderful, rich connectivity is continuously assaulted by people and organizations whose intents are less than honorable. In recent months we have witnessed the iCloud breach and numerous large data thefts from Home Depot, Target and Jimmy John’s.

These nefarious activities require that security architectures and defenses be continually enhanced and fortified. While this has spawned an industry to itself, it is amazing how many security fortresses are penetrated with simple social engineering.

As consumers and general Internet users, we all try to take care that we do not become unwitting accomplices or fall victim to these attacks. We update our virus software, we don't click on links in emails without authenticating them, we discard emails from unknown senders, and we don't respond to any general inquiries that request passwords or account information. We are keenly aware that our reputations, our creditworthiness, our finances, and our relationships can all be put at risk regardless of the scope or scale of the attack. Yet how often do we learn about the hacking of an Internet service that stored confidential credentials and other information "in the clear" or with flawed cryptographic techniques? Users can be victimized by inept business practices.

It’s equally important to think about cyber security in the context of automation systems. While a cyber-encroachment in our personal life may wreak havoc that takes months or even years to unravel, a hack of a control system can result in lost production time, stolen intellectual property, injuries, or worse. Standard IT security practices provide some level of protection but it is probably better to be more paranoid when it comes to control system cyber security.

Are you continuously enhancing and fortifying your security architecture and defenses? Do you regularly examine log files from servers, firewalls, routers, and other network infrastructure elements? Do you have a firewall and router policy implemented that allows only pre-authorized traffic between specified clients and hosts and denies all other communications? Do you have an enforced policy regarding USB and other itinerant devices? Do you seek the guidance of security experts to develop your security architecture, your security policies, your security breach response plan, and to audit your security practices and infrastructure? Are your physical plant security protocols aligned with your control system cyber security protocols?

Our FDT Group Executive Committee has recently taken steps to initiate an independent security audit of the FDT standard and our FDT Common Components to determine ways to enhance our security profile to deflect the latest threat vectors. We have also added a "Security" section to our Website’s technical documents page to house any security notices or advisories relevant to the FDT standard. Whether you are an FDT vendor or user, I encourage you to visit this section regularly.

Effective cyber security requires awareness, adaptability and continual fortification. A collaborative control system community raises our collective awareness to help keep us all ahead of the black hats. If you have any cyber security concerns or suggestions related to FDT, please send an email to security (at) fdtgroup (dot) org or contact our Managing Director, Mr. Glenn Schulz.

- Hartmut Wallraf

Companies in this Article

Sponsored Recommendations

The Power of Automation Made Easy

"Automation Made Easy" highlights a transformative era in manufacturing, prioritizing efficiency, and innovation. It empowers businesses to streamline operations, enhance productivity...

Maximizing Efficiency: Choose the Perfect Controller for Control Cabinet Installations

Automate machines individually and effectively from the control cabinet using scalable controllers.

Control Technology

Control technology that comes from one source ensures consistent performance for efficient automation. Discover a solution that combines optimally scalable controller hardware...

Control technology made by SEW-EURODRIVE

Automation without the headaches? Absolutely! Learn about control technology that combines high-performance hardware, easily programmable software and user-friendly visualization...