Retail and corporate sites took a beating from hackers in 2014, but 2015 may be the year of high-profile attacks on industrial networks. According to SANS Institute -- a company that trains IT professionals to fight against hackers -- industrial corporations are beginning to train cyber defenders at a record rate, but the number of trained and certified employees who can defend industrial equipment and systems against skilled attackers falls far short of the need.
Professionals in charge of industrial networks are relatively new at cyber protection. For decades, the plant existed in its own silo, detached from outside networks. The front office was connected to everybody -- suppliers, customers, partners -- while the plant stood alone. Now the plant is part of the company's extended network. "Trends indicate there is a growing number of attacks on industrial networks because of increases in Internet-connected control devices," Michael Assante, a security project leader for industrial control systems at SANS, told Design News. "The energy industry -- particularly oil, electricity, and nuclear power -- has taken the lead in trying to address the security of energy control systems."
Energy industry beefs up
Assante noted that the energy industry has shown the greatest amount of focus on training that is aimed at cyber security staff as well as engineering and operations personnel. "The Global Industrial Cyber Security Professional certification has certainly been sought after by professionals in many industry verticals, but the energy industry is showing the maturity to include programs focused on cyber security knowledge and skill for staff and suppliers who interact with control systems," he said.
The greatest number of cyber incidents continues to be non-targeted malware finding its way onto control system networks. However, over the last few years, targeted industrial control system attacks have emerged. "These attacks have mostly included successful efforts to gain footholds in production control systems, but we don't have enough capability and information to determine if there have been other effects," said Assante. "There is certainly a growing concern over attacks that are motivated by more than simply having a persistent presence or espionage. The Sony Pictures attack is just the most recent disclosure of a series of attacks that have included data destruction -- and in some cases damage to equipment.
The days when most attacks were conducted by hacker groups such as Anonymous who were doing the equivalent of egging a house are gone. Recent attacks have been malicious, dangerous, and costly. "The actors who are developing industrial control system attack capability have connections to well-funded and well-resourced organizations," said Assante. "Many are associated with nation-state programs or have developed the economic incentives to reinvest in developing capabilities, and they're taking the risk of attacking infrastructures."
Design engineers and professionals, the West Coast's most important design, innovation, and manufacturing event, Pacific Design & Manufacturing, is taking place in Anaheim, Feb. 10-12, 2015. A Design News event, Pacific Design & Manufacturing is your chance to meet qualified suppliers, get hands-on access to the latest technologies, be informed from a world-class conference program, and expand your network. (You might even meet a Design News editor.) Learn more about Pacific Design & Manufacturing here.