Rob, this truly is a problem. It is also probably a result of plants opening up and using technologies that, in the past, were not typically used.
On the other hand, the things you mention are really different in scale and scope. It is one thing to worry about losing intellectual property. This can happen anywhere, in any business. The approach to deal with this is common to a lot of industries. The remedies in this case are well understood.
What would concern me more is the operational side. Now that operational systems (e.g., plant control) are being linked with IT systems to create a more efficient enterprise, the new threat is a disruption of operations, perhaps resulting in injury and major damage to equipment. That is a whole other world.
Yes, Naperlou, this is a new -- and apparently growing -- problem. The notion of cyber attack that is designed to cause harm is disarming. The folks from Rockwell wer wise to team up with Cisco on this problem rather than trying to gain security expertise on their own.
Thanks to Edward Snowden the rest of the world has put cyber security high on the agenda
From my days working for a couple of US semiconductor names I do remember i.e. Smart cards did have to fullfill the requirement by the UK goverment to have a backdoor. I guess the same opens the dor in all other ICs as well for NSA and similar. This makes any security sheme that might be applied worthless for at least a couple of sources of cyber attacks.
I fully agree on the kind of attacks that might hit given by the author, but would like to add the view from a not US person.
As the US goverment sees industrial spionage to be a legitimate goal of cyber attacks by its spionage organisations, the backdoors addressd above mean that any system in contact with the internet is not protected against industrial spionage to the benefit of US companies. For fairness it is to say that at least the US industry needs to protect itself from russian and chinese industrial spionage and hopefully the backdoors are not known to them, hard to belive!
Cyber attacks from terrorist and criminal sources will get more proficient over time, but there might be any time people with lower ethic standards than edward Snowden taht might pass the information about backdoors to those entities.
if we keep in our minds the future with "Industry 4.0" and "IoT", combined with the thoughts presented earlier...
From a european point of view we need to invest in our one Internet infrastructure, we need to finalize our own GPS equivalent and we need to have 100% european sources for hardware and software to deal with protection against cyber attacks of any kind! I do remember when working with a german semiconductor spin off, that the very simple rule applied was: No interface with the cloud of any way or at any time on systems dedicated to R&D!
But it is my estimation, that both IoT and Industry 4.0 will need to resolve the insecurity by default or their future in some places of the world is in question!
Unfortunately, I think Lou is right: as soon as what were completely closed-loop (in the comm sense) systems in the factory were opened up and joined to the front-office Ethernet systems, this became a potential hacking hazard. Before that, those systems were unreachable and thus entirely secure from cyber attacks (if not from other types). It seems like a very high price to pay.
Assante said it up front: the key to cyber security is people. New technology makes hacking easier, but careless or unaware people are a much bigger problem. The guy who dragged the Trojan horse inside the gates of Troy is alive and well and working in your factory! :)
I run my business from a home office, and have already had to deal with cyber-attacks. I started getting what looked like spam emails trying to sell me teen girl cloths. Not being interested I pressed the Unsubscribe button, at which point something loaded on to my system. That was a bad mistake. I then started noting files in my shared directories that even after I deleted them they would come back, and even after I pulled the internet connection wire they would come back. I did some internet searching on the files names and confirmed that I had a virus. My solution to this was to buy a cheap windows 8 computer to use for all things internet, and have never reconnected the other computer to the internet. The one with the virus still runs slower then it should, and no scanning software I can find has been able to clean it. After my experience, I have come to believe that the only secure computer is one that has no internet connection.
I'm afraid you're right, Bryan, about the only safe computer is one that is not connected to the internet. The problem for plants these days is that they connect outside to the business network or to remote monitoring functions. Thus, it's open to the internet.
Mitt Romney's presidential campaign handlers apparently agreed with you, Rob. TIME Magazine this week explained that Romney's campaign office last year had a "clean room" that was not connected to the Internet. "Because the Romney campiagn's servers were under continual assault by Chinese hackers, the computers in the clean room were not connected to the Internet."
Glad I still have several working MS-DOS PCs at home, including a DELL 486/33 w/ a MADE in USA sticker on the front panel!!!
Bryan: You have an option which has worked for us. Bring your infected PC to a reliable & professional PC repair facility. They can extract all your data, then format the drive & replace WINDOWS with all the latest security updates. We've done this with several PCs that have become infected, but we're still using XP PRO PCs throughout the company.
Of course, you have to be responsible for all the applications software installed. Hopefully you have the CDs or licenses, so you can download the latest versions.
These repair facilities seem to have a whole catalog of "sniffing" software that can sniff out the most "secure" malware that is on the PC. It's worth a try.
Using wireless chips and accessories, engineers can now extract data from the unlikeliest of places -- pumps, motors, bridges, conveyors, refineries, cooling towers, parking garages, down-hole drills and just about anything else that can benefit from monitoring.
With strong marketplace demand for qualified engineers across the board that currently outstrips the available supply, there may never be a better time for engineers and project managers to advance their careers and salaries. Whether those moves are successful in the short-term and long-term is likely to depend on how the transition from one job to the next is handled.
Focus on Fundamentals consists of 45-minute on-line classes that cover a host of technologies. You learn without leaving the comfort of your desk. All classes are taught by subject-matter experts and all are archived. So if you can't attend live, attend at your convenience.