Industrial operations gain many benefits by moving to Ethernet and TCP/IP, but those gains bring a potential downside: These popular technologies open plants up to viruses and attacks from outsiders.
The shift to business networking makes it easier to move data throughout an enterprise. It’s also easier to maintain a well-known architecture than to manage networks built around lesser-known field buses.
But the gains come with some tradeoffs. Manufacturing facilities were once hidden behind architectures that weren’t understood by hackers. The growing use of Ethernet and TCP/IP, though, has opened industrial facilities up to attacks.
“Security issues for industrial control are now in the mainstream,” says Eric Byres, CTO at Byres Security. “There’s free software published telling how to attack known SCADA products.”
Firewalls are one of the key weapons that can keep unwanted software from causing problems in factories. These tools are getting simpler to use. Many leading suppliers like Siemens and Honeywell now offer firewalls designed specifically for industrial applications. That makes them much simpler to set up than firewalls designed for office environments.
Other tools in the arsenal include whitelisting tools that list running programs, along with blacklisting tools that prevent the use of known problematic programs. Standards organizations are also beginning to focus on security, with a number of initiatives for manufacturing environments.
Though attacks from outsiders get most of the attention, many industry observers note that many problems are caused accidentally from within. For example, an employee may connect an infected notebook to the plant’s network, moving the virus onto the factory floor. When that occurs, viruses can quickly spread throughout a plant, sometimes even moving to facilities on other continents.
One simple solution to help slow this sort of movement is to isolate sections within plants. “You need to divide plants into zones like welding and painting, with traffic control points that tell which traffic needs to go across and which traffic should stay within the zone,” says Byres.