This page contains a Flash digital edition of a book.
INSTRUMENTATION/ELECTRONICS 27


Securing industrial control systems against threat of cyber infection


We are all aware of the need to protect desktop computers from viruses and other malware, but what about industrial systems? Alistair Rae explains that these are generally less well protected, yet a malicious attack or an infection with malware can have devastating results. Fortunately there are ways to reduce the risks.


Nous savons tous qu’il est nécessaire de protéger les ordinateurs de bureau des virus et autres programmes malveillants, mais qu’en est-il des systèmes industriels ? Alistair Rae explique qu’ils sont généralement moins bien protégés, alors qu’une attaque malveillante ou une infection par un programme malveillant peut avoir des résultats dramatiques. Heureusement, il existe des moyens de réduire les risques.


Wir alle sind uns der Notwendigkeit bewusst, PCs vor Viren und anderen bösartigen Softwareprogrammen zu schützen, aber was ist mit Industriesystemen? Alistair Rae erklärt, dass diese generell schlechter geschützt sind und eine bösartige Attacke oder eine Infektion mit einer bösartigen Software verheerende Ergebnisse haben kann. Glücklicherweise gibt es Möglichkeiten zur Eindämmung des Risikos.


15 years ago when most engineers believed that Microsoft Windows would never be sufficiently stable or deterministic for industrial applications. Following in the wake of Windows is Ethernet, with the advantages offered by complete ‘shop floor to top floor’ connectivity making it very attractive. Of course, a number of protocols based on Ethernet have had to be developed for machine- and process-related communications to provide the determinism, speed and, in some cases, safety required, but end users are demanding ‘Ethernet for everything’ and suppliers are responding accordingly. However, the


M


ubiquity of the PC platform and Windows operating system also brings with it risks to plant and businesses. Hardware is frequently presented as offering the benefit of internet connectivity, enabling machine builders to monitor equipment and respond to diagnostic message remotely, for example. But this ease with which data can flow also means that there is a significant risk of the plant or equipment being infected with malware. Depending on the


achines and processes are often equipped with PC-based technologies today, which lays to rest the scepticism of 10 or


reality. Norman Data Defense Systems, which specialises in cyber security, reports that a few years ago the safety monitoring system of the Davis-Besse nuclear power plant in America was infected with the Slammer worm, which bypassed the plant’s firewall via a contractor’s laptop. More recently a CIA official revealed at the SANS (SysAdmin, Audit, Network, Security) conference in New Orleans that hackers have penetrated power systems in several regions outside the USA and, in at least one case, caused a power outage affecting multiple cities. Statistics for attacks are hard to compile, as few organisations are prepared to admit they have had a problem, but the potential for damage is so high that the issue deserves attention even if the likelihood of an attack is very low – which it is probably not.


Legacy systems


Within an office environment it is relatively straightforward to ensure that access to the Internet is via an adequate firewall and all machines are kept up to date with security patches, anti- virus software and so


on. On the factory floor, the problem is much harder to manage. For a start, some of the equipment may be


Fig. 1. Norman Virus Control covers the majority of current operating systems, as well as legacy systems including Windows 98, 2000 and NT.


nature of the worm, Trojan horse, virus or other malware, the equipment might run slowly, stop operating, infect other machines on the network or become potentially hazardous. There is a short video on the Youtube website that shows how researchers staged a cyber attack on a generator that caused it to self-destruct, thereby exposing a vulnerability in the USA power grid. This example may be an extreme one, but cyber attacks of one form or another are a


www.engineerlive.com


comparatively old; Windows NT is still being used on some machines, despite its known flaws, vulnerabilities and the fact that Microsoft no longer provides


security updates for this operating system. Such machines, if left unprotected, represent a significant risk. But even newer machines can pose a risk. It


is not uncommon for a maintenance engineer or contractor to connect a laptop PC to a machine to download diagnostic data, modify operating parameters or carry out work. If the PC is infected with malware this can easily be passed to the machine. Likewise, USB memory sticks





Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44  |  Page 45  |  Page 46  |  Page 47  |  Page 48  |  Page 49  |  Page 50  |  Page 51  |  Page 52  |  Page 53  |  Page 54  |  Page 55  |  Page 56  |  Page 57  |  Page 58  |  Page 59  |  Page 60  |  Page 61  |  Page 62  |  Page 63  |  Page 64  |  Page 65  |  Page 66  |  Page 67  |  Page 68  |  Page 69  |  Page 70  |  Page 71  |  Page 72  |  Page 73  |  Page 74  |  Page 75  |  Page 76  |  Page 77  |  Page 78  |  Page 79  |  Page 80  |  Page 81  |  Page 82  |  Page 83  |  Page 84