SECURITY
being an attempt to make a machine or network resource unavailable for its intended users.
Defence against these kinds of threats takes more than simply investing in new software or hiring a Chief Information Security Officer (CISO), although these measures are a good start. Changes need to be implemented from the ground up.
To evaluate properly the likely threats, system owners must first assess the weak points of that system - including the human element. If your facility relies on automated infrastructures, this may reveal a scenario in which a property of the whole is considered beneficial from an automation perspective, but detrimental from a security one.
For example, a remote device that is free to gain access to a programmable logic controller (PLC) without authentication saves time in an automated process. However, from a security perspective this is a definite weak point.
Companies should pay particular attention to three core areas. The first is the weak points that arise due to improper equipment or software implementation. This could be a faulty device or piece of programming.
The second area companies should focus on is securing data flow so that hackers cannot exploit it.
Finally, weak points often arise due to organisational measures, or lack thereof. For example, it is important to ensure that the CISO's team update operating systems, web browsers and applications whenever necessary. This negates the worry of using a product that has known flaws, which a developer has corrected in a later version.
SECURITY VIA EDUCATION Part of the current problem is that
the topic of cyber security isn't being elevated to a board level discussion in most companies despite the damaging consequences of security breaches.
To help educate businesses in the ways of information security, the UK Government has allocated £860
www.tomorrowsfm.com
million until 2016 to establish a National Cyber Security Programme. Part of this agenda is to ensure the UK is one of the most secure places to do business online. This comes after it was revealed that 81% of large corporations and 60% of small businesses in the UK reported a cyber breach in 2014.
Under the programme, the Government has developed a cyber essentials scheme to give companies a clear goal to aim for. This will allow businesses to protect themselves against the most common cyber security threats but also advertise that they meet this standard.
“THE UK GOVERNMENT HAS ALLOCATED £860 MILLION UNTIL 2016 TO ESTABLISH A NATIONAL CYBER SECURITY PROGRAMME.”
In addition, a ‘Ten steps to cyber security booklet’ is available for anyone seeking advice on current risks and methods of prevention. The literature outlines important elements when creating a business- focussed security strategy, such as risk management regimes, secure configuration, network security, user privileges, education and awareness, incident management, malware prevention, monitoring and home or mobile access.
Businesses that want to find out more about how to increase their security levels can also access a useful guideline document from the industry standards agency PROFIUBUS & PROFINET International (PI).
The Security Guideline for PROFINET was originally developed in 2006 and later revised at the end of 2013. It specifies ideas and concepts regarding how and which security measures should be implemented.
INDUSTRY According to the PWC security
survey, the industrial sector more than all other surveyed - power and utilities, healthcare, retail and
consumer, technology and financial services - appears to understand rising security risks. Moreover, it's investing accordingly.
Information security budgets for industrial products companies have soared more than 150% in the past two years. In 2014, information security spending represented 6.9% of PWC survey respondents' total IT budget, the highest of any sector surveyed. However, in 2014, security incidents in the sector also increased six fold. So perhaps even a 150% increase is not enough.
The result of this investment has been notable improvements in security processes and technologies, as well as training initiatives. However, there is still generous room for improvement.
STAY SAFE There is a definite need for more
training when it comes to cyber security, both at the top and bottom of the ladder. Too often businesses slip into common pitfalls - believing they are either untouchable or not a target.
Understanding that you don't have to be a desirable target for hackers and that cyber threats can be the result of non-malicious, poor judgement from one employee is key to understanding the risks.
Even if management wholeheartedly implements a dedicated cyber security downwards, all it takes is one malware-infected device plugged into the network to cause disruption. We cannot prevent accidents, but it is possible to manage them by instilling knowledge in employees and putting in place reliable monitoring devices and procedures for when an attack occurs.
Security training shouldn’t be limited to a one off seminar for the staff and an initial systems upgrade. Patch maintenance and updates need to be carried out as and when vulnerabilities are revealed or new software is released. Senior management need to implement vigorous maintenance and monitoring policies. Security is a constant and evolving concern, not something that can be solved with one quick fix.
www.euautomation.com TOMORROW’S FM | 39
Page 1 |
Page 2 |
Page 3 |
Page 4 |
Page 5 |
Page 6 |
Page 7 |
Page 8 |
Page 9 |
Page 10 |
Page 11 |
Page 12 |
Page 13 |
Page 14 |
Page 15 |
Page 16 |
Page 17 |
Page 18 |
Page 19 |
Page 20 |
Page 21 |
Page 22 |
Page 23 |
Page 24 |
Page 25 |
Page 26 |
Page 27 |
Page 28 |
Page 29 |
Page 30 |
Page 31 |
Page 32 |
Page 33 |
Page 34 |
Page 35 |
Page 36 |
Page 37 |
Page 38 |
Page 39 |
Page 40 |
Page 41 |
Page 42 |
Page 43 |
Page 44 |
Page 45 |
Page 46 |
Page 47 |
Page 48 |
Page 49 |
Page 50 |
Page 51 |
Page 52 |
Page 53 |
Page 54 |
Page 55 |
Page 56 |
Page 57 |
Page 58 |
Page 59 |
Page 60 |
Page 61 |
Page 62 |
Page 63 |
Page 64 |
Page 65 |
Page 66 |
Page 67 |
Page 68 |
Page 69 |
Page 70