A lot of industrial networks have a big hole in their cyber security

June 12, 2014

Despite the fact that the Stuxnet virus made headlines when it attacked programmable logic controllers running Iran's nuclear centrifuges,  a similar attack on industrial facilities in the U.S. would be remarkably easy to pull off.

That was the take-away I got from a session during an event called the Big M, organized by the Society of Manufacturing Engineers. The cyber security panel included Bruce Billedeaux, a senior consultant at Maverick Technologies. Maverick is a systems integrator that does a lot of industrial control work. Billedeaux remarked that though there's more sensitivity to cyber security issues today,  it would still be relatively easy to compromise computer-controlled equipment in most industrial plants. "I have never been asked about the contents of the computer I bring into a plant," he said. Ditto for the USB sticks he occasionally brings in. That's worrying because once the bad guys have gotten behind a plant's firewall, they can exploit the firewall to do a lot of damage, he says.

It seems that third-party support of plant-floor equipment has been a blind spot for a lot of industrial cyber security efforts. "There is almost no outbound protection for industrial equipment in a lot of cases," Billedeaux said. "No one has validated the person on the other end of the line. If you have a VPN coming into the plant, most facilities have no idea whether the remote machine has been compromised or not."

And here is a scenario he outlined that, I noticed, had several audience members shifting in their chairs uncomfortably: Suppose it is late at night and you are trying to get a line up and running quickly because downtime costs thousands of dollars a minute. But you are missing a critical piece of driver software and the manufacture's web site is down, so you can't download it. You start searching. You eventually find the driver somewhere else. But if the site with the driver sits is a domain that looks something like ***.ru, are you still going to download that driver? And in the heat of the moment, will you take time to scan it first?

Billedeaux's message was that manufacturers have to plan ahead to avoid sticky situations like this.

About the Author

Lee Teschler | Editor

Leland was Editor-in-Chief of Machine Design. He has 34 years of Service and holds a B.S. Engineering from the University of Michigan, a B.S. Electrical Engineering from the University of Michigan;, and a MBA from Cleveland State University. Prior to joining Penton, Lee worked as a Communications design engineer for the U.S. Government.

Sponsored Recommendations

Flexible Power and Energy Systems for the Evolving Factory

Aug. 29, 2024
Exploring industrial drives, power supplies, and energy solutions to reduce peak power usage and installation costs, & to promote overall system efficiency

Timber Recanting with SEW-EURODRIVE!

Aug. 29, 2024
SEW-EURODRIVE's VFDs and gearmotors enhance timber resawing by delivering precise, efficient cuts while reducing equipment stress. Upgrade your sawmill to improve safety, yield...

Advancing Automation with Linear Motors and Electric Cylinders

Aug. 28, 2024
With SEW‑EURODRIVE, you get first-class linear motors for applications that require direct translational movement.

Gear Up for the Toughest Jobs!

Aug. 28, 2024
Check out SEW-EURODRIVEs heavy-duty gear units, built to power through mining, cement, and steel challenges with ease!

Voice your opinion!

To join the conversation, and become an exclusive member of Machine Design, create an account today!