HOME  |  NEWS  |  BLOGS  |  MESSAGES  |  FEATURES  |  VIDEOS  |  WEBINARS  |  INDUSTRIES  |  FOCUS ON FUNDAMENTALS
  |  REGISTER  |  LOGIN  |  HELP
Beth Stackpole
User Rank
Blogger
Rethinking the cyber threat
Beth Stackpole   8/7/2012 9:08:36 AM
NO RATINGS
I definitely think organizations' attention is so fixated on security concerns surrounding their traditional information technology (IT) systems, that the factory floor is often overlooked in the equation. Also, production floor automation systems are oftentimes under a different domain and run by a separate entity than the CIO-led IT departments where security and hacking has been a top concern for years. Great to see that this issue is coming front and center. It's just as important to safeguard the lifeblood of a company's operations nerve center as it is to ensure the security of its data assets.

apresher
User Rank
Blogger
Hacking the Factory Floor
apresher   8/7/2012 9:08:45 AM
NO RATINGS
It's a sad commentary when network security to protect the factory floor ends up becoming such an important task, versus other so much more productive projects.  But unfortunately this is the world we live in.

Ann R. Thryft
User Rank
Blogger
Re: Hacking the Factory Floor
Ann R. Thryft   8/7/2012 2:25:51 PM
NO RATINGS
The factory floor used to be unhackable back when all the controller interfaces and comm systems were proprietary and not connected to the Internet, or even to the company's own IT system. Ethernet connectivity has changed everything.

Rob Spiegel
User Rank
Blogger
Re: Hacking the Factory Floor
Rob Spiegel   8/7/2012 3:22:26 PM
NO RATINGS
I agree, Ann, connectivity has changed everything in the plant. The control engineers were dragged into this kicking and screaming. Now they have vendors who are monitoring, even running, various aspects of plant operations, from maintenance to diagnostics to optimization.

TJ McDermott
User Rank
Blogger
Re: Hacking the Factory Floor
TJ McDermott   8/7/2012 3:31:33 PM
NO RATINGS
Ann, Stuxnet got into Iran's nuclear program even though there was an air gap.

Flash drives are potentially more dangerous than having a plant connected to the internet.  A simple way to social-engineer access into a factory is to load a virus payload onto several high capacity flash drive and scatter them on the ground in the target's parking lot.

Very few people would resist picking it up thinking it was their lucky day.  If they're scattered in the early morning, then the loaded drive goes into the building, where it gets slotted into a work computer to see what's there.

Some companies have policies against flash drives, and some of them even institute Group Policies (through their network) to prevent USB ports from being used for mass storage, but they are the very small exception.

Ann R. Thryft
User Rank
Blogger
Re: Hacking the Factory Floor
Ann R. Thryft   8/8/2012 1:23:00 PM
NO RATINGS
TJ, good point about flash drives, although security experts generally say that internet connections are at least as dangerous. Another big point of entry has been handheld devices, although those have become a lot more secure.

williamlweaver
User Rank
Platinum
Re: Hacking the Factory Floor
williamlweaver   8/7/2012 3:34:26 PM
NO RATINGS
I guess we should be just as surprised about the importance of Factory Floor Network Security as we were surprised by the importance of Y2K. We all knew it was a problem, but there was little concerted push to fix it until we scrambled to avert a catastrophe.
 
I'm not a huge fan of government regulations, but I can support the need for regulations concerning cybersecurity. In addition to clamping down on access from outside networks, I would hope that simple security measures such as multi-parameter identity verification and multi-user moderation would be a strong first step. Hollywood currently depicts cybersecurity breaches as easy as stealing a photo ID key card from an unsuspecting employee.
 
Requiring multi-parameter login identity verification and then requiring all program modifications and confidential data accesses to be approved by a moderator would stop both an unknown intruder and a lone disgruntled employee from being able to log in, access confidential data, and starting the self-destruct sequence...


Jack Rupert, PE
User Rank
Platinum
Re: Hacking the Factory Floor
Jack Rupert, PE   8/9/2012 11:06:10 AM
NO RATINGS
@williamlweaver, I am still not a fan of government regulation into the security aspects of private business.  (Businesses contracting for the goverment, being granted special access to goverment property, or dealing with control substances / products are a differnt case).  It is up to individual businesses to secure their data as they see fit - just like they are responsible for their own own physical security.  A Fortune 500 company might need a different plan than Joe's Corner Panel Shop.

williamlweaver
User Rank
Platinum
Re: Hacking the Factory Floor
williamlweaver   8/9/2012 11:41:29 AM
NO RATINGS
Well stated, @Jack. Perhaps what I am thinking about is more like a voluntary ISO certification for security practices. That way business could evaluate potential suppliers and partner firms based on their level of security vulnerability. My thoughts are also affected by our security practices here at our university. Each Fall semester, the school welcomes over 5,000 devices that need to access the school's network to complete their studies. Each device must pass a configuration test and download security software before it is able to connect to the network. In this scenario, the school acts as the regulatory authority... there are lots of regulatory levels we could get to before we need to engage the federal government.  =]

Ann R. Thryft
User Rank
Blogger
Re: Hacking the Factory Floor
Ann R. Thryft   8/9/2012 4:36:40 PM
NO RATINGS
williamlweaver, thanks for telling about your school's security procedures. I did some industry research in security a few years ago, after several rather public scandals involving lost or stolen mobile devices containing highly private, personal and/or compromising data (financial and otherwise). At that time, mobile devices were considered one of the number one unsecured holes in corporations, so it's good to know that recognition of that problem has reached universities.

williamlweaver
User Rank
Platinum
Re: Hacking the Factory Floor
williamlweaver   8/9/2012 4:54:02 PM
NO RATINGS
Hi Ann, there have been some growing pains since our first wireless hub that we hung up in the lab back in the the late 90's, but the security steps we have taken are common-sense procedures. Our school has done away with our anonymous WiFi. All users must now provide their school log-on credentials to access the network. It is of course not fool proof, especially when phones and tablets that have remembered passwords are stolen. At the very least, access is role-based with students, faculty, and administrators all having different levels of accesses. When students physically plug into their dorm rooms with cable (must faster than saturated WiFi), their devices must be running the anti-virus software provided for free by the university, have all of the latest OS security patches installed, and be running a small app provided by the university that evaluates the security-level of the device. With so many laptops returning from the Summer break, it is difficult to keep the number of viruses running through the network in check, but IT does a great job.
 
My other concern mirrors the scandals involving lost or stolen mobile devices. Not permitting sensitive data to be saved or transmitted would be a nice technological trick, but it appears feasible to require multi-component verification when logging on, especially from a new location or device. Similar to how Google requires a password and a PIN sent to your mobile device, I imagine we could go a long way in production floor security if parameter or code changes needed to be approved by another set of eyes on-call --- that at least would cut down on the number of disgruntled former (or soon to be former) employees that place time-bombs in systems before they leave. With such a push for collaboration, I'm kind of surprised that so many individuals can make un-reviewed software changes on their own...


Ann R. Thryft
User Rank
Blogger
Re: Hacking the Factory Floor
Ann R. Thryft   8/10/2012 12:13:49 PM
NO RATINGS
williamlweaver, thanks for that description. Sounds like your school has hired good security consultants/staff and has carefully thought out the whole process--or let the experts do it. One other thing might be to insist on the use of laptops with a ton of security features on them, such as Fujitsu's LifeBooks aimed at corporate users, although they tend to be too pricey for students

Rob Spiegel
User Rank
Blogger
Who wants to crack the system?
Rob Spiegel   8/7/2012 11:23:33 AM
NO RATINGS
This is an important subject, Rich. Over the past couple years, I've done a number of stories on security and the factory floor. I was curious too about who would want to hack into a plant's control system. The answer I received over and over was a disgruntled employee. This is the one person who has a motive and knows where all the buttons and levers are in the system.

Security is also a battleground between the control staff and the IT staff. IT says, we have to load patches and reboot. Control says, we're not going to shut down the plant to put in a patch. 

tekochip
User Rank
Platinum
Re: Who wants to crack the system?
tekochip   8/7/2012 1:58:03 PM
NO RATINGS
That depends upon what you manufacture.  Don't forget that PLCs in Iran's nuclear plant were infected with a virus. 

Rob Spiegel
User Rank
Blogger
Re: Who wants to crack the system?
Rob Spiegel   8/7/2012 3:15:35 PM
NO RATINGS
Good point, Tekochip. I had been talking primarily with those who run domestic plants. They did not believe terrorism was a significant threat. 

bobjengr
User Rank
Platinum
HACKING AND THE FACTORY FLOOR
bobjengr   8/9/2012 5:23:16 PM
NO RATINGS
Richard--Excellent article.  I live in a community of approximately 50,000 people.   In a city of that size, you would definitely not expect an issue with hacking BUT, we have had such an event occur with our local water and sewage facilities.    It seems  the hackers were not necessarily bent on impeding the performance of the facilities because there were no viruses downloaded to interrupt operations.  They did it simply because they could.    Maybe it was a "trial run", who knows.   No damage done but the "city fathers" certainly had their wake-up call.  Prior to my retiring from GE, our  IT guys were working on protecting the factory floor.  The computer component of the business has been protected for years but the production facilities were not really considered vulnerable until a few years ago.  Again, great post.    



Partner Zone
Latest Analysis
Here's a variety of views into the complex production processes at Santa's factory. Happy Holidays!
The Beam Store from Suitable Technologies is managed by remote workers from places as diverse as New York and Sydney, Australia. Employees attend to store visitors through Beam Smart Presence Systems (SPSs) from the company. The systems combine mobility and video conferencing and allow people to communicate directly from a remote location via a screen as well as move around as if they are actually in the room.
Thanks to 3D printing, some custom-made prosthetic limbs, and a Lego set, one lucky dog and a tortoise has learned new tricks.
An MIT research team has invented what they see as a solution to the need for biodegradable 3D-printable materials made from something besides petroleum-based sources: a water-based robotic additive extrusion method that makes objects from biodegradable hydrogel composites.
With Radio Shack on the ropes, let's take a memory trip through the highlights of Radio Shack products.
More:Blogs|News
Design News Webinar Series
12/11/2014 8:00 a.m. California / 11:00 a.m. New York
12/10/2014 8:00 a.m. California / 11:00 a.m. New York
11/19/2014 11:00 a.m. California / 2:00 p.m. New York
11/6/2014 11:00 a.m. California / 2:00 p.m. New York
Quick Poll
The Continuing Education Center offers engineers an entirely new way to get the education they need to formulate next-generation solutions.
Dec 15 - 19, An Introduction to Web Application Security
SEMESTERS: 1  |  2  |  3  |  4  |  5  |  67


Focus on Fundamentals consists of 45-minute on-line classes that cover a host of technologies. You learn without leaving the comfort of your desk. All classes are taught by subject-matter experts and all are archived. So if you can't attend live, attend at your convenience.
Learn More   |   Login   |   Archived Classes
Twitter Feed
Design News Twitter Feed
Like Us on Facebook

Sponsored Content

Technology Marketplace

Copyright © 2014 UBM Canon, A UBM company, All rights reserved. Privacy Policy | Terms of Service