Industrial control systems must focus on cyber security
SUBNET Solutions Inc | Wednesday, April 04, 2012
More and more, industrial control systems such as SCADA are a cause for concern over cyber security, which climbed to the forefront of utilities' minds when the Stuxnet worm successfully disabled uranium enrichment facilities in Iran.
Intelligent Utility reports that although Stuxnet was a highly sophisticated cyber attack that could only be produced by a few technologically advanced countries, the bigger point to take away was that it succeeded in exploiting a vulnerability in Microsoft Windows. If Stuxnet succeeded, then that means internet sharing connections (ICSs) in any capacity are vulnerable and need to be protected.
In the context of cyber security for enterprise works, as opposed to government security, vulnerabilities can lead to disrupted business and lost revenue and profits. According to the news source, a number of industry professionals have given warnings that more could be done regarding cyber security.
James Collinge, of Hewlett-Packard's network security division, stated one reason cyber security may be lagging is the lack of motivation among utility executives. Collinge stated many companies erroneously believe cyber attacks are the stuff of Hollywood, when many fail to realize that the vast majority of cyber incidents are the result of unintended consequences, or in other words, mistakes.
But Collinge has a more positive outlook on the improvement of cyber security than some.
"Overall, in the past year, the news is not all gloom and doom," he said. "If you look at electric utilities, the application of NERC CIP guidelines is an encouraging activity."
Collinge added that while some may see NERC CIP as "checklist compliance," the fact that countries such as Australia and Canada have willingly adopted the guidelines for their security grids is a testament to its influence.
"Whether or not it's the holy grail of security is another issue," Collinge told Intelligent Utility. "The voluntary application of NERC CIP in other countries speaks to its usefulness."
Collinge suggested that as more utilities adopt smart grid technologies that create more access points, taking inventory of systems will be crucial. When companies acquire legacy systems, issues can arise when the systems' pedigrees are not fully understood. Infrastructure must also be scanned for any vulnerabilities, potentially in unsecured access points.
SUBNET's Unified Access Control Security can help utilities professionals access and manage their high volume of IEDS with software that provides simple and secure remote access to field devices. The system complies with both internal and NERC CIP requirements.
Substation Cyber Security