Under attack
16 Jul 2004
Anyone whose home PC suddenly 'dies' on them knows the problems. In our case, it only involved the loss of address books, correspondence files, sundry holiday picture files - and a crash (no pun intended) remedial course in MS DOS to try and recover as much as possible off a hopelessly corrupted hard drive.
All this was accepted fairly phlegmatically, as we had long passed the machine's built-in obsolescence date (Windows 98, anyone?), and ignored all warnings about updating virus checkers.
Of course, this couldn't happen on your plant, could it? Not with all the IT security systems, firewalls, regular vendor updates and the rest, surely? Perhaps not, but at last month's 'Manufacturing Excellence' conference in the UK, a packed audience at one of the presentations was stunned to discover just how vulnerable their plant systems may be to attack from a variety of sources.
PA Consulting's Justin Lowe is no scaremonger - a former process control engineer with Pilkington, he has been working on process control security for many years - but he left many a frown on the faces of his audience with a demonstration of how frighteningly easy it can be to 'hack' into some automation systems.
Admittedly, known (successful) attacks of this sort are fortunately rare. Lowe suggests instead the bigger danger comes from the sort of slipshod security measures that allow viruses and worms access to systems increasingly based on standard Windows, TCP/IP and web technologies.
As he said, there is no magic solution to these dangers. The best that can be hoped for is to manage the risks. Set up a 'process control security framework', drawing on the best of standard IT security good practice, but adding in that essential knowledge of the differing demands on the system that process control calls for.
Check everything that comes in - whether over the web, through the firewall, or supplied on disc.
And if all else fails, dust off that DOS manual.
