From the editor's desk: Should we put everything online?
April 2017, News
‘Connectivity is good’ is the fundamental premise that underpins the IIoT and the ideas of the fourth industrial revolution. There is now enough data to verify that interconnected industrial networks can bring about significant increases in operational efficiency, particularly in the areas of supply chain optimisation and overall equipment effectiveness. The catch is that these same interconnected networks expose the organisations that rely on them to cyber security vulnerabilities on a scale that was just unimaginable before. And to make matters worse, these threats now extend right down to the process control level.
Paradoxically, what makes the control systems vulnerable is the very thing that end users demand from them – configurability. The Stuxnet attack on the nuclear enrichment facilities, believed to have been part of Iran’s nuclear weapons programme, is a prime example https://tinyurl.com/m9rbqd3.
As the level of interconnectedness permeates further down the organisation towards the process level, so the threat of a disruptive cyber attack evolves. However, this does not mean that a state-of-the-art pharmaceutical factory, for instance, faces the same level or type of threat as say the national power distribution grid. Even though both may make use of similar smart technologies, perhaps even from the same supplier, one is a commercial manufacturing operation and the other is a strategic national asset.
What it does mean is that while cyber security must now be considered as part of any overall enterprise risk management strategy, the nature and tactics of the cyber preparedness required will vary from organisation to organisation.
In the case of the manufacturer, protecting the plant from a disgruntled employee determined to ruin a production batch, or a competitor trying to get its hands on strategic process-related information, may be the priority. While in the case of the national power grid, the threat may come from a rival nation in retaliation to a military invasion, or even as a response to economic sanctions.
Just how seriously is the threat being taken? We get an inkling from this year’s ARC Industry Forum in Orlando, where one of the keynote speakers was Marty Edwards, the director of Industrial Control Systems, Cyber Emergency Response Team at the US Department of Homeland Security.
Boiled right down, his message was simply: “At the end of the day, a capable and determined nation state could breach any system. Therefore, it is important to perform a thorough and detailed risk assessment to identify the one or two critical functions in the plant, and then apply particular protection to those areas.”
Or, in cyber-informed engineering parlance, once you have identified those functions that are vital to your organisation, take them offline. (See more in Paul Miller’s review of the conference in ‘ARC Advisory Group Industry Forum’.)
Posted with the magazine this month is the 2017 edition of the Technews Industry Guide: Maintenance, Reliability &c Asset Optimisation. The intent of this publication is to arm the modern maintenance professional with a one-stop definitive resource that covers everything from in situ sensor-based solutions for condition monitoring, through handheld portable devices for periodic maintenance-related checks, through software solutions for analysis and reporting, and on to customised services like reliability management consulting and training. Our hope is that the ideas and insight we have gathered could help to solve a problem that you may be struggling with in your own particular plant.
In closure, congratulations to Oratile Sematle who has been elected to serve a second year as president of the SAIMC – keep up the good work Oratile!
Editor: SA Instrumentation & Control