GE: Plan for Failure in Cyber Security to Succeed
November 22, 2015
The safest way to protect against cyber attacks is to assume your system will be cracked. "No matter how strong your safe is, it's going to fail," Pete Sage, senior chief engineer at GE Intelligent Platforms, told a group attending the session, "Cyber Security - Successfully Protecting a Factory Full of Data" at the Design News event Design and Manufacturing South in Orlando last week. "You need to establish what data is critical and create a secure safe," he told Design News. "But every safe will fail in time, so you also need an alarm system to build up a defense. You want to be alerted when someone intrudes."
Sage notes that most plants still have plenty to earn about cyber security. "I've seen passwords taped to the monitor," he said. "Seventy percent of people in plants use the same password over and over."
He pointed to four actions plant operators can take to create a sound cyber security plan:
Use ISO 27001 for a framework. "We started our cyber security approach by using drafts of ISO 27001."
Keep your operating systems up to date. Sage noted that plants need to make sure their operating systems systematically apply application security patches.
Evaluate the security of your vendors. "Your vendors get better at security when you ask them about their security," said Sage. "We got better at our own security when our customers asked us about security.
Create a security architecture. Sage suggested that plants create three specific zones: an untrusted zone, a demilitarized zone, and a safe zone. "Make sure you have a firewall between each zone," he said. "Don't let anyone check their email or go to Facebook from your trusted zone."
READ MORE ARTICLES ON CYBER SECURITY:
Sage noted that cyber attacks have become very sophisticated, with hackers using software designed to probe plant systems for vulnerabilities. "The hackers have programs that search your system for open ports," he said. "So you can't have any direct access from the trusted zone to an untrusted zone. When you push data from the trusted zone to an untrusted zone, it needs to be pushed so there's no incoming port involved.
In an earlier program at Design and Manufacturing South, Jagannath Rao, president, customer service at Siemens Industry, discussed a strategy Siemens has used to test systems. "We simulated a water treatment plant and put it on the open network," he said. "We observed it for three months. The hackers didn't know it was a simulation. We received 91 hacks into the simulated plant. People were trying to take down the plant or trying to mess with the chemicals." He noted that a lot of security companies are creating fake systems to see how they can protect their assets.
Rob Spiegel has covered automation and control for 15 years, 12 of them for Design News. Other topics he has covered include supply chain technology, alternative energy, and cyber security. For 10 years he was owner and publisher of the food magazine Chile Pepper.
Like reading Design News? Then have our content delivered to your inbox every day by registering with DesignNews.com and signing up for Design News Daily plus our other e-newsletters. Register here!
Design engineers and professionals, the West Coast's most important design, innovation, and manufacturing event, Pacific Design & Manufacturing, is taking place in Anaheim, Feb. 9-11, 2016. A Design News event, Pacific Design & Manufacturing is your chance to meet qualified suppliers, get hands-on access to the latest technologies, be informed from a world-class conference program, and expand your network. (You might even meet a Design News editor.) Learn more about Pacific Design & Manufacturing here.
About the Author
You May Also Like