Malicious software protection just Swiss Cheese

London - Computer viruses, worms and Trojan horses are increasing at such an alarming rate that the manufacturing, process and utility industries are under considerable threat from inadequate anti-virus provision, said David Robinson, UK country manager of software firm Norman Data Defense Systems (UK).

"Figures show that more malware was created last year than in the previous 20,’ he told a press conference in London. "So it’s not surprising that so many firms just haven’t been able to keep up. Sadly the traditional methods they use to protect themselves against these threats often have more holes than a piece of Swiss cheese."

According to Robinson, malware now poses a greater threat to process and control systems than ever before. In the office environment, he noted, it’s relatively easy to ensure that PCs are covered by up to date anti-virus software. However, he continued, "out in the factories on the plant floor anti-virus security is often ignored, plus there is limited control over who connects what to the control and process systems."

 A few years ago the safety monitoring system of the Davis-Besse nuclear power plant in America was infected with the Slammer worm, which bypassed the plant’s firewall via a contractor’s laptop. More recently a CIA official revealed at the SANS security trade conference in New Orleans that hackers have penetrated power systems in several regions outside the U.S., and in at least one case, caused a power outage affecting multiple cities.’

Much of the problem is a lack of understanding of the risks associated with increased connectivity between former ‘islands of automation’ such as process plants, manufacturing sites, distribution centres and so on, and the business systems operated in companies’ head offices, he explained. ‘Many firms don’t run any security software across their production networks - which will most likely be running old versions of operating systems that remain unpatched. It’s asking for trouble.’

The main methods of entry for malware include internet browsing and downloading, email, USB keys and external connections. So the most important thing is for the IT experts to be responsible for the protection of the whole organisation, including manufacturing and plant networks, said Robinson, and not to confine themselves to the office alone.

‘Malware is such a huge and growing menace that organisations should see it as a company-wide priority at board level, and not be lulled into a false sense of security because everyone’s PC in the office has up to date AV cover,’ he stressed.