Cyber attacks on UK industrial companies, including those targeting control and automation systems, are increasing at an alarming rate, the head of MI5 Jonathan Evans has warned (see PE story).
A feature of this issue, which Evans describes as one of the biggest threats to national security today, is its low visibility: companies have little to gain and much to lose by publicising that their IT security has been compromised.
Given the continuing lack of openness, it is not surprising that most senior executives, operational managers, engineers and plant operators, prefer not to get involved and leave their IT departments to deal with cyber security issues.
However, some now believe that it is time for industrial companies to adopt a far more holistic approach to counter the growing threat posed by malware, Trojans and new super-viruses, such as Stuxnet and Flame.
Among them is Doug Wylie, business development manager, networks and security of Rockwell Automation, who recently highlighted the potential value of involving everyone, from automation vendors and equipment suppliers to process owners/operators and plant employees in this issue.
“We are really focused on this community approach,” said Wylie, explaining that his company is working with customers and suppliers to help them incorporate security features used in its products into their own products and systems.
“Having consistency in the implementations is an essential component to encourage end users to adopt [cyber security] capabilities,” he said. “If there are different basic capabilities and different products it makes it really difficult to put a cohesive system together.”