Hacked off?
22 Sep 2015
Microsoft’s new operating system (OS) Windows 10 was officially launched in July. But how has it affected the process industries?
Essentially, the launch of Windows 10 hasn’t affected the process industries at all. Not yet, anyway.
The reality is, process plant operators won’t just blindly switch to a new OS until their automation vendors give the green light and certify their products – and the new OS.
Hacking has become a lucrative business, with the information obtained seen as nothing more than a commodity to be bought and sold
Even when patches are available for operating systems, process engineering firms won’t just automatically update their control systems until the vendors have conducted thorough testing.
“Within process automation, nobody will run a critical process plan with a DCS (distributed control system) or decide to install a Windows 10 workstation until the DCS supplier says Windows 10 is supported,” Roger Highton, product line manager for power management firm Eaton, told Process Engineering.
“Similarly, if a plant is running a Windows-supported workstation, its operators are not going to patch those stations until the automation suppliers have tested and approved those patches,” Highton said.
Unfortunately, hackers are attempting to penetrate the defences of process plants on an increasingly frequent basis – making a system that hasn’t been patched a seemingly easy target.
Fortunately, Raj Samani, chief technology officer EMEA for computer security software firm Intel Security McAfee, says any process plant worth its salt will have robust compensating controls that act as additional and vital lines of defence.
According to Samani, most plants will have some form of anomaly-based detection system on its network, and will also more than likely have an intrusion protection system to mitigate risks.
Regardless of the security systems a plant operator chooses to install, however, they must make sure they are adequately defended because the threat posed by hackers is a very real one.
As the cyber landscape changes, so does the hackers’ motives.
Hacking has become a lucrative business, with the information obtained seen as nothing more than a commodity to be bought and sold.
Process plant operators must always be mindful of the fact that if a hacker is being paid to obtain critical information, they can also be paid to take down entire facilities.
Stuxnet taught us that…
