• Resources
  • Members
  • Directory
  • Webinars
  • WISE
  • CAD Models
  • EDGE Awards
  • Advertise
    1. Community
    2. Editorial Comment

    A lot of industrial networks have a big hole in their cyber security

    June 12, 2014

    Despite the fact that the Stuxnet virus made headlines when it attacked programmable logic controllers running Iran's nuclear centrifuges,  a similar attack on industrial facilities in the U.S. would be remarkably easy to pull off.

    That was the take-away I got from a session during an event called the Big M, organized by the Society of Manufacturing Engineers. The cyber security panel included Bruce Billedeaux, a senior consultant at Maverick Technologies. Maverick is a systems integrator that does a lot of industrial control work. Billedeaux remarked that though there's more sensitivity to cyber security issues today,  it would still be relatively easy to compromise computer-controlled equipment in most industrial plants. "I have never been asked about the contents of the computer I bring into a plant," he said. Ditto for the USB sticks he occasionally brings in. That's worrying because once the bad guys have gotten behind a plant's firewall, they can exploit the firewall to do a lot of damage, he says.

    It seems that third-party support of plant-floor equipment has been a blind spot for a lot of industrial cyber security efforts. "There is almost no outbound protection for industrial equipment in a lot of cases," Billedeaux said. "No one has validated the person on the other end of the line. If you have a VPN coming into the plant, most facilities have no idea whether the remote machine has been compromised or not."

    And here is a scenario he outlined that, I noticed, had several audience members shifting in their chairs uncomfortably: Suppose it is late at night and you are trying to get a line up and running quickly because downtime costs thousands of dollars a minute. But you are missing a critical piece of driver software and the manufacture's web site is down, so you can't download it. You start searching. You eventually find the driver somewhere else. But if the site with the driver sits is a domain that looks something like ***.ru, are you still going to download that driver? And in the heat of the moment, will you take time to scan it first?

    Billedeaux's message was that manufacturers have to plan ahead to avoid sticky situations like this.

    About the Author

    Lee Teschler | Editor

    Leland was Editor-in-Chief of Machine Design. He has 34 years of Service and holds a B.S. Engineering from the University of Michigan, a B.S. Electrical Engineering from the University of Michigan;, and a MBA from Cleveland State University. Prior to joining Penton, Lee worked as a Communications design engineer for the U.S. Government.

    Continue Reading

    Sponsored Recommendations

    All About Safety Light Curtains

    Dec. 23, 2024
    Product spotlight on safety light curtains

    Safeguarding Robots and Robot Cells

    Dec. 23, 2024
    Learn which standards are relevant for robot applications, understand robot functionality and limitations and how they affect typical methods of safeguarding robots, and review...

    Automation World Gets Your Questions Answered

    Dec. 23, 2024
    Enjoy the videos and music you love, upload original content, and share it all with friends, family, and the world on YouTube.

    Basic OSHA Requirements for a Control Reliable Safety Circuit (Video)

    Dec. 23, 2024
    Control reliability is crucial for safety control circuits. Learn about basic wiring designs to help meet OSHA, Performance Level (PL), and Safety Integrity Level (SIL) requirements...

    Voice your opinion!

    To join the conversation, and become an exclusive member of Machine Design, create an account today!