Mitt Romney's presidential campaign handlers apparently agreed with you, Rob. TIME Magazine this week explained that Romney's campaign office last year had a "clean room" that was not connected to the Internet. "Because the Romney campiagn's servers were under continual assault by Chinese hackers, the computers in the clean room were not connected to the Internet."
I'm afraid you're right, Bryan, about the only safe computer is one that is not connected to the internet. The problem for plants these days is that they connect outside to the business network or to remote monitoring functions. Thus, it's open to the internet.
I run my business from a home office, and have already had to deal with cyber-attacks. I started getting what looked like spam emails trying to sell me teen girl cloths. Not being interested I pressed the Unsubscribe button, at which point something loaded on to my system. That was a bad mistake. I then started noting files in my shared directories that even after I deleted them they would come back, and even after I pulled the internet connection wire they would come back. I did some internet searching on the files names and confirmed that I had a virus. My solution to this was to buy a cheap windows 8 computer to use for all things internet, and have never reconnected the other computer to the internet. The one with the virus still runs slower then it should, and no scanning software I can find has been able to clean it. After my experience, I have come to believe that the only secure computer is one that has no internet connection.
Assante said it up front: the key to cyber security is people. New technology makes hacking easier, but careless or unaware people are a much bigger problem. The guy who dragged the Trojan horse inside the gates of Troy is alive and well and working in your factory! :)
Unfortunately, I think Lou is right: as soon as what were completely closed-loop (in the comm sense) systems in the factory were opened up and joined to the front-office Ethernet systems, this became a potential hacking hazard. Before that, those systems were unreachable and thus entirely secure from cyber attacks (if not from other types). It seems like a very high price to pay.
Thanks to Edward Snowden the rest of the world has put cyber security high on the agenda
From my days working for a couple of US semiconductor names I do remember i.e. Smart cards did have to fullfill the requirement by the UK goverment to have a backdoor. I guess the same opens the dor in all other ICs as well for NSA and similar. This makes any security sheme that might be applied worthless for at least a couple of sources of cyber attacks.
I fully agree on the kind of attacks that might hit given by the author, but would like to add the view from a not US person.
As the US goverment sees industrial spionage to be a legitimate goal of cyber attacks by its spionage organisations, the backdoors addressd above mean that any system in contact with the internet is not protected against industrial spionage to the benefit of US companies. For fairness it is to say that at least the US industry needs to protect itself from russian and chinese industrial spionage and hopefully the backdoors are not known to them, hard to belive!
Cyber attacks from terrorist and criminal sources will get more proficient over time, but there might be any time people with lower ethic standards than edward Snowden taht might pass the information about backdoors to those entities.
if we keep in our minds the future with "Industry 4.0" and "IoT", combined with the thoughts presented earlier...
From a european point of view we need to invest in our one Internet infrastructure, we need to finalize our own GPS equivalent and we need to have 100% european sources for hardware and software to deal with protection against cyber attacks of any kind! I do remember when working with a german semiconductor spin off, that the very simple rule applied was: No interface with the cloud of any way or at any time on systems dedicated to R&D!
But it is my estimation, that both IoT and Industry 4.0 will need to resolve the insecurity by default or their future in some places of the world is in question!
Yes, Naperlou, this is a new -- and apparently growing -- problem. The notion of cyber attack that is designed to cause harm is disarming. The folks from Rockwell wer wise to team up with Cisco on this problem rather than trying to gain security expertise on their own.
Rob, this truly is a problem. It is also probably a result of plants opening up and using technologies that, in the past, were not typically used.
On the other hand, the things you mention are really different in scale and scope. It is one thing to worry about losing intellectual property. This can happen anywhere, in any business. The approach to deal with this is common to a lot of industries. The remedies in this case are well understood.
What would concern me more is the operational side. Now that operational systems (e.g., plant control) are being linked with IT systems to create a more efficient enterprise, the new threat is a disruption of operations, perhaps resulting in injury and major damage to equipment. That is a whole other world.
Fifty-six-year-old Pasquale Russo has been doing metalwork for more than 30 years in a tiny southern Italy village. Many craftsmen like him brought with them fabrication skills when they came from the Old World to America.
Focus on Fundamentals consists of 45-minute on-line classes that cover a host of technologies. You learn without leaving the comfort of your desk. All classes are taught by subject-matter experts and all are archived. So if you can't attend live, attend at your convenience.