Hackers are trying to get into your plant data and your intellectual property. Think you’re safe? Hackers may have already attacked your data. The average length of time from a cyber-attack to the moment that attack is detected is a whopping 416 days, according to the National Board of Information Security Examiners (NBISE).
Michael Assante, director of NBISE painted a dire picture of the growing threat of cyber-security at the Rockwell Automation Fair in Houston Tuesday. In a panel discussion on the connected enterprise and industrial control system security, Assante noted that “94 percent of organizations that were victims of cyber-attacks were not able to detect the attack.” He also pointed out that 100 percent of the organizations that were attacked had security. “Conventional security is simply not keeping up,” he said.
Assante classified cyber-attacks into three categories:
- General cyber-attacks are less structured. The hackers are out for notoriety and fame. They’re part of the hacker community.
- Targeted cyber-attacks are directed to specific goals. The attacks could be for monetary gain or to steal intellectual property.
- The third category is the most dangerous, strategic cyber-attacks. These are highly structured attacks with intent to commit major economic disruption or cyber-terrorism. Assante noted that strategic cyber-attacks are growing. “We have passed the inflection point," he said.
As for warding off attacks, Assante believes the answer is an educated staff and networks that require authentication. “People pave the way to cyber-security,” he said. “We have to secure people, and we have to make people cyber-aware.”
Joining Assante on the panel was Frank Kulaszewicz, senior vice president of architecture and software at Rockwell Automation. Kulaszewicz acknowledged that security is a growing problem. “Major security events are increasing,” he said. “Security is one of the fastest changing landscapes in technology.” He explained that cyber-threats are growing partly because of the expanding connectivity in automation. “Whenever you add devices, you create more access points.”
Working on a solution
Kulaszewicz noted that Rockwell and Cisco Systems have developed a strategic relationship to increase connectivity and productivity, but also to work on security. “We’re using role-based security. We design for security and audit to identify gaps,” he said.
Assante sees a path to security in knowledge and skills, both to identify vulnerabilities and also to detect breaches. “The biggest challenge to security is skills,” Assante told Design News. “The answer is education, the right set of knowledge. We leverage that knowledge to improve security.” He noted that security comes in two forms, the ability to ward off attacks, and the ability to determine if an attack has been launched. “Not only must the connected device be secure, but the network must be able to detect if the device has been compromised,” he told us.
Who are the bad guys?
Attacks can come from anywhere in the world. (At a hackers conference you can buy a Russian toolkit to crack plant systems for $2,500.) However, the biggest threat may be plant employees. “It can be malicious insiders,” Kulaszewicz told us. “They do it for spite, or to get intellectual property before they leave.” He also noted that breaches can happen by mistake. “It can be an accident, say a maintenance guy tweaks a variable that opens up a network.”
Rockwell identified Cisco as the right partner to create viable cyber-security. “We developed a relationship with Cisco to improve security,” said Kulaszewicz. “Cisco has been successful in security with other verticals such as the financial industry. They have domain expertise. Their technology is great, so why should we develop our own?”