Real-world scenarios need to be taken into account when designing HMI. There should be no unnecessary functions that can potentially cause safety issues like they did for an airliner at Nashville International Airport in 2015.
When it comes to industrial cyber security issues, a good backup is the best defense. This is especially true as companies are being targeted more and more by ransomware threats from hackers.
As data collection becomes a larger task, it may be time to see if you need an automation system that lasts longer and makes system integration easier.
One task I am commonly asked to perform is to redesign a system to eliminate the aptly named “black box”. As most readers of this blog know a “black box” is the generic term for a protocol convertor. Originally, these devices only converted electrical protocols, for example RS-232 to RS-485. They were named because no one knew how the magic took place in the “black box”. If these boxes remained solely electrical protocol convertors, I don’t think that my services would have much value to our clients. These original “black boxes” ran for years without any user intervention or maintenance requirements.
What are automation engineers to do to enhance security while ensuring the need for barrier-free access to the process control system?
Our friends in the information technology (IT) field that take care of the business networks talk a lot about security. I am sure that most people reading this blog had to log in to their workstation with a company provided username and a password that has to be changed every 90 days. The IT folks further program the networks to limit access to the minimal amount of data that is required to get each employee’s job done. Some firms even go as far as limiting which websites can be accessed from a company workstation. All this for a workstation already physically located inside a building with controlled access.
Some of the most published cyber security events have been traced back to malicious content embedded on a trusted user's laptop through an e-mail or downloaded document. Is your process control network safe?
As a follow up to last week’s discussion on five industrial control system cyber security mistakes, I want to talk about a cyber security exercise I participated in at the ICS Cyber security (301) Training I attended recently. The five-day event featured hands-on training in cyber security and the week concluded with a red team / blue team exercise that took place within an actual control system environment.
Recently, I attended ICS Cyber Security (301) Training at the U.S. DHS CERT facility in Idaho Falls, Id. The five-day event featured hands-on training in discovering who and what is on the network, identifying vulnerabilities, learning how those vulnerabilities may be exploited, and learning defensive and mitigation strategies for ICSs (industrial control systems). Here are five key takeaways from that training.