Industrial network security is a rapidly growing problem. It impacts on all of us - ranging from the president of a company to the electrician or tech installing a PLC or instrument. Although, everyone is shrieking about the desperate shortage of cybersecurity experts and lack of training; this does not appear evident in job adverts or requests for training in this area – but that is a topic for another day...

Dear Colleague

Industrial network security is a rapidly growing problem. It impacts on all of us - ranging from the president of a company to the electrician or tech installing a PLC or instrument. Although, everyone is shrieking about the desperate shortage of cybersecurity experts and lack of training; this does not appear evident in job adverts or requests for training in this area – but that is a topic for another day.

However, we have all been exposed to hack attacks and viruses and are very much aware of how tough it is out there protecting your industrial assets. In the future, security will be one of those metrics that you talk about in the same breath as safety and quality.

What is Happening
What is the evidence for a growing challenge with cybersecurity? There a number of things coming to a head with the inevitable “Perfect Storm” resulting. These are:

1.    Internet of Things
The Internet of Things (IoT) is rapidly growing with a huge 50 billion smart objects connected - all appearing in the next decade (the Fourth Industrial Revolution). These are all connected with networks in applications ranging from your car, home to factory. Easy prey to a hacker wanting to access valuable know-how and having the ability to cause ferocious damage to you and your business.

2.    Connectivity is the new Must-Have
Connectivity from the industrial plant to the internet was scorned a decade or so ago. The “air gap” firewall (i.e. no connection) was the dominant form of protection. However, today – everything is being connected to the internet so that information can be accessed anywhere. The insidious price of progress.

3.    No longer is there the wonderful Obscurity in Industrial Networks
Industrial networks used to have proprietary standards making it difficult to break into. Nowadays, everything is based around Ethernet or Wireless which are considerably more universal, well known and accessible.

4.    Cloud Computing is the Name of the Game Today
Cloud computing is rapidly becoming the technology everyone is basing their offices and now industrial plants around. Before, at least you had your industrial networks reasonably hidden behind a firewall – now – unfortunately, you are considerably more visible as your traffic has to traverse a far more public network.

Security must be designed in from the get-go
No longer is security something you add in once you have installed the system. It must be a key attribute built into the initial design. Concepts such as security in depth – what do you do when the hacker gets through your first line of defence? - are all concepts which are key to the overall design.

Consideration of security of the overall system and the individual components are also key elements in a good design.

Where do you find Cybersecurity Experts?
The other challenge with finding people to work on projects here is that most people with cybersecurity skills are focussed on office or commercial IT networks rather than industrial. There are subtle differences between the two types of networks – such as the speed of response on an industrial network needs to be of the order of milliseconds as against that of commercial networks where an email message can take minutes before anyone gets uptight about delays.

Cybersecurity will touch you soon
I believe (as with renewable energy issues) that understanding and working with cybersecurity will be a key skill everyone working in industrial plants needs to have.

Start building your skills and know-how today by actively looking around and learning about the topic. It will touch you sooner or later.

Thanks to Terry Costlow of the IEEE for an interesting article on web connectivity and security.

James Scott makes a good point: “There’s no silver bullet solution with cyber security, a layered defense is the only viable defense”

Yours in engineering learning

Steve

Mackay’s Musings – 12th April’16 #595
125, 273 readers – www.idc-online.com/blogs/stevemackay

The Engineering Institute of Technology (EIT) is dedicated to ensuring our students receive a world-class education and gain skills they can immediately implement in the workplace upon graduation. Our staff members uphold our ethos of honesty and integrity, and we stand by our word because it is our bond. Our students are also expected to carry this attitude throughout their time at our institute, and into their careers.