We’ve heard the news stories: Hackers Hijack Industrial Control System at US Water Utility, threatening water access for thousands of residents, and Hackers Are Aiming To 'Wreak Havoc' On U.S. Critical Infrastructure.
These headlines conjure up the worst case scenario: your food, beverage, chemical, automotive, or metal forging and finishing plant has to go offline due to a cyber security breach. You’re not only looking at potentially compromised company and customer data, you’re also going to have to deal with financial losses from lost production time, waste, and sometimes irreversible reputational damage. Depending on your industry, national security could also be on the line. But whether you’re running critical infrastructure or helping to provide the nation’s food supply, there’s a lot to lose.
At Wiring Unlimited Inc. / WUI Plant Services, we know the risks that are out there. Our team doesn’t specialize in cyber security, but over the years we’ve seen how it can impact automation and operational control systems. Here are our takeaways.
Modern, automated plant systems are a far cry from legacy, electromechanical based systems of the past. Today, information and communication technology play a large role in everyday operations and facility maintenance. While this improvement brings increased efficiency and allows for more nuance and precision, the interconnectedness of modern facilities, smart devices and the Internet of Things (IoT) can inadvertently open the door to cyber criminals and other bad actors. The result is all too often an avoidable security breach that has the potential for serious consequences, such as:
Industrial control systems (ICS) were typically built decades ago and are known to be running oftentimes outdated operating systems complete with unencrypted passwords and a lack of regular software updates. This is largely due to the fact that systems typically operate 24/7 and potential downtime to install and implement updates just isn’t feasible for productivity. However, a total breakdown or a security breach that allows a bad actor to take over the operational system remains an even bigger risk.
The first step to knowing what threats your organization is facing is to have a thorough knowledge of the devices and systems that are running day in and out. While it can be intense, dedicating the time and effort to conduct a full-scale, accurate asset inventory is the only way to know what you’d be up against if hit by a cyber attack.
Industrial control systems and all their individual components are the backbone of modern infrastructure. From temperature to pressure to flow and beyond, these systems monitor and control countless physical processes every minute of every day. As they report and store the data they harvest, the networks they’re connected to could expose them to cyber threats that could disrupt service and even lead to permanent damage. And according to a 2015 study, cases are on the rise.
Implementing cybersecurity best practices will enable factories, power plants, and transportation systems to better control data exchange and protect against bad actors. Here’s how having a robust cybersecurity plan can help:
Best practices could include segmenting networks to prevent easy access to bad actors, regular patches and scheduled updates, and increasing training and education for employees. Multi-factor authentication and robust passwords are also a simple way to put up roadblocks to would-be attackers. Continuous monitoring and solid physical security are also vital.
You’ll find a wide range of products and services available on the market to help protect your automated systems. Once you’ve taken a digital security inventory and assessed potential vulnerabilities, you’ll be better equipped to find a solid cybersecurity partner.
At Wiring Unlimited Inc., our services focus on the engineering, mechanical, and electrical sides of plant systems. However, some of the components that are built in to these systems will inevitably be connected via networks that transfer or store data. Every plant manager needs to ensure that these connections are secure, protected, and monitored at every step. In the past, security may have been seen as the enemy of functionality and usability and so was often ignored or put on the backburner. It’s now garnering more attention and we’re happy to witness the shift. Contact us today to learn how we can help to revolutionize and modernize your facility.