For much of the past decade, security has been a major
topic discussed at nearly every automation and controls-focused event I have
attended. However, since the names of the companies and details of security
breaches were rarely revealed in much detail, the specter of cyber attacks on
automation systems always seemed to be more of a potential threat lurking in
the shadows than an active menace upon which systems designers needed to act
changed this summer.
July 14, 2010, Siemens was notified about a Trojan malware program affecting
the company's Simatic WinCC and PCS 7 software. The virus has since been
identified as Stuxnet. Investigations into the virus indicate that Stuxnet was
specifically written to attack SCADA systems used to control and monitor
industrial processes. Stuxnet reportedly has the capability to reprogram PLCs
and hide the changes it makes.
to Byres Security Inc., a company that provides industrial network and SCADA
security products, Stuxnet is "one of the most complex and carefully engineered
worms ever seen. It takes advantage of at least four zero-day vulnerabilities,
has seven different propagation processes, and shows considerable
sophistication in its exploitation of the Windows operating system and Siemens
Simatic WinCC, PCS 7 and S7 product lines."
Siemens reacted to the threat very quickly. On July 22, the
company provided its customers with a tool to detect and remove the virus
without influencing plant operations. By August 8, Microsoft reported that it
had closed the security breach in the operating system. All major virus
scanners can also now detect Stuxnet.
Another recent news development concerning Stuxnet is that
an industrial control security researcher in Germany is speculating that it may
have been created to sabotage a nuclear plant in Iran. The researcher reached
this conclusion largely because the majority of infected systems are in Iran.
According to a report by Reuters, a Symantec study on August 6 showed that Iran
had 62,867 computers infected with Stuxnet; Indonesia had 13,336; India 6,552;
the U.S. 2,913; Australia 2,436; Britain 1,038; Malaysia 1,013; and Pakistan 993.
reports that, from mid-July to late August, a total of 15 cases were reported
to the company where the Stuxnet virus was detected in various plants, roughly
one-third of those cases were in Germany. Siemens says it is "not aware of any
instances where production operations have been influenced or where a plant has
failed; the virus has been removed in all cases known to Siemens."
Stuxnet may now be largely contained, the prospects for these types of attacks
are not. For insight into current political activities about which it would not
be far-fetched to say might have ties to the Stuxnet case, read this recent
article in The Atlantic.
Regardless of Stuxnet developers' intent, its
emergence has helped concentrate the industrial systems security issue. With
industrial control systems at the heart of the global economic engine - as well
as any state-controlled industrial activities - systems security must now be as
much a central focus for automation and control systems designers as operations
speed and throughput, energy use, scalability and maintenance.
Truchard will be presented the award at the 2014 Golden Mousetrap Awards ceremony during the co-located events Pacific Design & Manufacturing, MD&M West, WestPack, PLASTEC West, Electronics West, ATX West, and AeroCon.
In a bid to boost the viability of lithium-based electric car batteries, a team at Lawrence Berkeley National Laboratory has developed a chemistry that could possibly double an EV’s driving range while cutting its battery cost in half.
For industrial control applications, or even a simple assembly line, that machine can go almost 24/7 without a break. But what happens when the task is a little more complex? That’s where the “smart” machine would come in. The smart machine is one that has some simple (or complex in some cases) processing capability to be able to adapt to changing conditions. Such machines are suited for a host of applications, including automotive, aerospace, defense, medical, computers and electronics, telecommunications, consumer goods, and so on. This discussion will examine what’s possible with smart machines, and what tradeoffs need to be made to implement such a solution.