Cyber Security - Product or Service?
By : Jim Pinto,
By : Jim Pinto,
Security is a vital part of any Manufacturer's way of operating today. End-users must demand that suppliers offer more security in their platforms. Many Suppliers consider cyber-security as an after-the-incident service-revenue generator. What's lacking is an understanding of cyber security as a competitive, revenue-generating advantage.
Large-scale networking for monitoring and control has resulted in significant productivity and quality improvements in process and manufacturing operations. But, complex networking brings vulnerabilities that can be exploited, causing malfunctions, production delays, safety issues, equipment damage and major loss of revenues.
Most automation products and systems, such as PLCs and RTUs, have been optimized for real-time I/O performance, not for secure networking. They typically have no isolation between different sub-systems; if a problem occurs in one area, it can quickly spread throughout the network. In many cases, operating personnel have few tools to isolate and identify the source of problems, which may lead to lengthy shutdowns. Often, new vulnerabilities are discovered at rates that make it hard for security developers to keep up.
In spite of apprehensions over the impacts of Stuxnet and similar security breach events, industrial cyber security has mostly been ignored due to lack of understanding of solution costs. Beyond more newsworthy cyber attacks on commercial businesses, industrial-incidence rates have been relatively low.
But the risks keep increasing, with growing threats from professional hackers, foreign-based competitors and perhaps even foreign governments. For many, industrial security is still in the "insurance policy" category. Many simply elect to take the risk.
Here are some key cyber-security questions to consider:
Suppliers' perspectivesFor automation and process controls suppliers, systems must be designed with cyber security in mind. They need to recognize that the objective of good security is not to anticipate every possible type of attack, but to make systems harder to compromise, particularly at entry points.
Excellent technology exists, but what's lacking is an understanding of cyber security as a competitive, revenue-generating advantage. Instead of including security technology in the cost of up-front product development that offers differentiated advantages and benefits, many suppliers consider cyber-security as an after-the-incident service-revenue generator.
On the international front, China is generating good growth and the automation majors are making security a priority in that market arena. However, some consider that security is not a problem because their systems operate with closed networks. This is simply avoiding the issue and typically a "fix" is offered after vulnerability is discovered.
More recently, standards are emerging. This drives many of the larger players into offering, at minimum, a firewall as an option. Many are starting to think about embedded solutions.
The mindset that security is just an add-on needs to be curtailed; it is not that simple. Security is a vital part of any manufacturer's way of operating today.
Suppliers react to what customers want. End-users must demand that suppliers offer more security in their platforms; if they don't demand it, they won't get it.
Here are some security equipment trends:
How to win in the
Go shopping - books, electronics, CD/DVD
Selected advertising coming here.
Contact Jim Pinto
Return to Index of all JimPinto Writings
Return to JimPinto.com HomePage
If you have ideas or suggestions to improve this site, contact: firstname.lastname@example.org