HOME  |  NEWS  |  BLOGS  |  MESSAGES  |  FEATURES  |  VIDEOS  |  WEBINARS  |  INDUSTRIES  |  FOCUS ON FUNDAMENTALS
  |  REGISTER  |  LOGIN  |  HELP
Comments
View Comments: Newest First|Oldest First|Threaded View
<<  <  Page 2/3  >  >>
William K.
User Rank
Platinum
Re: Good story on a real problem
William K.   3/6/2014 1:32:02 PM
NO RATINGS
Rob, actually, those older PLCs were about as imune as an automation device could be, since they spoke a different language, used a non-standard connection, and required a proprietary terminal to program them, or to change the program. Of course that made living with them a lot harder, but it did make them fairly secure.

The first hacking disaster that I came across was not even intentional: An IT person had connected a controls computer up to the plant eternet network so that they could monitor production testing results. The damage was done when windows stopped a test in mid-sequence to download  a new currency conversion utility. During the time that the test was halted the prototype part being tested melted and almost caught fire. Not the intended result of the connection, but it shows that windows can be our worst enemy.

And for the question of "Why would anyone attack a factory network?", the answer is quite simple. "Because it is there". It seems that many who attack and do damage are simply out to do damage, and they are far less likely to be caught than if they go out shooting people. So they damage things instead. Just simple mindless vandalism is all the motivation that some of them need. Then there is another class that simply hate bill gates and do things to make his company look bad. They are another problem.

Rob Spiegel
User Rank
Blogger
Re: Good story on a real problem
Rob Spiegel   3/6/2014 9:46:43 AM
NO RATINGS
Inside jobs may be the biggest threat, Elizabeth. I can't even imagine an effective strategy to prevent attacks from inside. 

Rob Spiegel
User Rank
Blogger
Re: Security Concerns
Rob Spiegel   3/6/2014 9:42:49 AM
NO RATINGS
Good point, Mydesign. This will be very interesting as it plays out. There's simply no clear answer. 

Elizabeth M
User Rank
Blogger
Re: Good story on a real problem
Elizabeth M   3/6/2014 6:59:02 AM
NO RATINGS
Agree with you and Ann here, Rob, about the inside jobs. And I think that this is often the case not just in plants but when other business networks are attacked as well.

Elizabeth M
User Rank
Blogger
Re: Good story on a real problem
Elizabeth M   3/6/2014 6:50:19 AM
NO RATINGS
These are all really good points, William K. There are a lot of external devices the use of which can be eliminated to help keep networks more secure, and this can be done quite easily. Sometimes the simplest way to help alleviate a problem is overlooked.

Mydesign
User Rank
Platinum
Security Concerns
Mydesign   3/6/2014 3:53:46 AM
NO RATINGS
1 saves
"Cybersecurity is becoming an increasingly thorny concern for those running automation and control networks. With the proliferation of plant networks matched by the growing Internet of Things and wireless everything, security has become a major issue."

You are right ROB. Security is a major concern especially with self talking and networking devices. I don't think it cannot be address permentlly because hackers are more brilliant than security professionals.

Rob Spiegel
User Rank
Blogger
Re: Good story on a real problem
Rob Spiegel   3/5/2014 7:20:06 PM
NO RATINGS
You're right about inside jobs, Ann. Both examples in this story were inside jobs. I just came out of a meeting with automation and control engineers who work with a big automation vendor. They say the plant operators don't believe anyoine would want to attack their networks.

Ann R. Thryft
User Rank
Blogger
Re: Good story on a real problem
Ann R. Thryft   3/5/2014 6:17:39 PM
NO RATINGS
Gee thanks, Rob, I didn't sleep so well after reading this. Seriously, though, thanks for the reporting on this important subject. Several years ago I wrote a white paper on security for a very large company in the business and was really horrified at what I learned. That was the year that all those breaches started occurring at credit card processors and lost company laptops with huge customer databases on them. The basic takeaway was, it's usually an inside job.

William K.
User Rank
Platinum
Re: Good story on a real problem
William K.   3/5/2014 9:43:42 AM
NO RATINGS
Definitely a real problem here, Elizabeth, and amn interesting tale as well. The problem as stated also mentions a potential solution, unstated, but nobody would like the obvious way to reduce the problem. In the simplest terms, a system that can't hear the outside commands, and does not even speak that language, is rather less likely to be "lead astray." I am not suggesting the same thing as the physical isolation approach, which your article points out is not effective, without even mentioning isolation as a concept. But consider that a large number of the things that open a system to invaders are done for convenience. Memory sticks and RF access, along with internet access, are mostly for the convenience of users, rather than actually vital to the main function of a system. So just like your conclusion, security must be integral and constant.  Making data ports one-way only as a hardware design would make things less convenient, but if they were really one-way, nothing could enter by that path. So separating data gathering and reporting from process cntrol is certainly less efficient, but if it is done in a one-way only hardware scheme it can stop hackers. Of course all code must also include enough security, but that is at least in theory, hackable. I have described one more method of improving security, not a total solution, but a way to block some of the holes.

Rob Spiegel
User Rank
Blogger
Re: Good story on a real problem
Rob Spiegel   3/5/2014 7:27:09 AM
NO RATINGS
Good story, Elizabeth. I honestly don't see how we're going to get ahead of this problem. 

<<  <  Page 2/3  >  >>


Partner Zone
Latest Analysis
Sharon Glotzer and David Pine are hoping to create the first liquid hard drive with liquid nanoparticles that can store 1TB per teaspoon. They aren't the first to find potential data stores, as Harvard researchers have stored 700 TB inside a gram of DNA.
If you see a hitchhiker along the road in Canada this summer, it may not be human. That’s because a robot is thumbing its way across our neighbor to the north as part of a collaborative research project by several Canadian universities.
SpaceX has 3D printed and successfully hot-fired a SuperDraco engine chamber made of Inconel, a high-performance superalloy, using direct metal laser sintering (DMLS). The company's first 3D-printed rocket engine part, a main oxidizer valve body for the Falcon 9 rocket, launched in January and is now qualified on all Falcon 9 flights.
Stanford University researchers have found a way to realize what’s been called the “Holy Grail” of battery-design research -- designing a pure lithium anode for lithium-based batteries. The design has great potential to provide unprecedented efficiency and performance in lithium-based batteries that could substantially drive down the cost of electric vehicles and solve the charging problems associated with smartphones.
UK researchers have come up with a method for machining aerospace-grade, carbon fiber-reinforced composites, along with high-strength aerospace alloys, using an ultrasonically assisted machining device. It also works on high-strength aerospace alloys.
More:Blogs|News
Design News Webinar Series
7/23/2014 11:00 a.m. California / 2:00 p.m. New York
7/17/2014 11:00 a.m. California / 2:00 p.m. New York
6/25/2014 11:00 a.m. California / 2:00 p.m. New York
5/13/2014 10:00 a.m. California / 1:00 p.m. New York / 6:00 p.m. London
Quick Poll
The Continuing Education Center offers engineers an entirely new way to get the education they need to formulate next-generation solutions.
Aug 18 - 22, Embedded Software Development With Python & the Raspberry Pi
SEMESTERS: 1  |  2  |  3  |  4  |  5  |  6


Focus on Fundamentals consists of 45-minute on-line classes that cover a host of technologies. You learn without leaving the comfort of your desk. All classes are taught by subject-matter experts and all are archived. So if you can't attend live, attend at your convenience.
Last Archived Class
Sponsored by igus
Learn More   |   Login   |   Archived Classes
Twitter Feed
Design News Twitter Feed
Like Us on Facebook

Sponsored Content

Technology Marketplace

Copyright © 2014 UBM Canon, A UBM company, All rights reserved. Privacy Policy | Terms of Service