• Resources
  • Members
  • Directory
  • Webinars
  • WISE
  • CAD Models
  • EDGE Awards
  • Advertise
    1. Community
    2. Editorial Comment

    A lot of industrial networks have a big hole in their cyber security

    June 12, 2014

    Despite the fact that the Stuxnet virus made headlines when it attacked programmable logic controllers running Iran's nuclear centrifuges,  a similar attack on industrial facilities in the U.S. would be remarkably easy to pull off.

    That was the take-away I got from a session during an event called the Big M, organized by the Society of Manufacturing Engineers. The cyber security panel included Bruce Billedeaux, a senior consultant at Maverick Technologies. Maverick is a systems integrator that does a lot of industrial control work. Billedeaux remarked that though there's more sensitivity to cyber security issues today,  it would still be relatively easy to compromise computer-controlled equipment in most industrial plants. "I have never been asked about the contents of the computer I bring into a plant," he said. Ditto for the USB sticks he occasionally brings in. That's worrying because once the bad guys have gotten behind a plant's firewall, they can exploit the firewall to do a lot of damage, he says.

    It seems that third-party support of plant-floor equipment has been a blind spot for a lot of industrial cyber security efforts. "There is almost no outbound protection for industrial equipment in a lot of cases," Billedeaux said. "No one has validated the person on the other end of the line. If you have a VPN coming into the plant, most facilities have no idea whether the remote machine has been compromised or not."

    And here is a scenario he outlined that, I noticed, had several audience members shifting in their chairs uncomfortably: Suppose it is late at night and you are trying to get a line up and running quickly because downtime costs thousands of dollars a minute. But you are missing a critical piece of driver software and the manufacture's web site is down, so you can't download it. You start searching. You eventually find the driver somewhere else. But if the site with the driver sits is a domain that looks something like ***.ru, are you still going to download that driver? And in the heat of the moment, will you take time to scan it first?

    Billedeaux's message was that manufacturers have to plan ahead to avoid sticky situations like this.

    About the Author

    Lee Teschler | Editor

    Leland was Editor-in-Chief of Machine Design. He has 34 years of Service and holds a B.S. Engineering from the University of Michigan, a B.S. Electrical Engineering from the University of Michigan;, and a MBA from Cleveland State University. Prior to joining Penton, Lee worked as a Communications design engineer for the U.S. Government.

    Continue Reading

    Sponsored Recommendations

    How to Build Better Robotics with Integrated Actuators

    July 17, 2024
    Reese Abouelnasr, a Mechatronics Engineer with Harmonic Drive, answers a few questions about the latest developments in actuators and the design or engineering challenges these...

    Crisis averted: How our AI-powered services helped prevent a factory fire

    July 10, 2024
    Discover how Schneider Electric's services helped a food and beverage manufacturer avoid a factory fire with AI-powered analytics.

    Pumps Push the Boundaries of Low Temperature Technology

    June 14, 2024
    As an integral part of cryotechnology, KNF pumps facilitate scientific advances in cryostats, allowing them to push temperature boundaries and approach absolute zero.

    The entire spectrum of drive technology

    June 5, 2024
    Read exciting stories about all aspects of maxon drive technology in our magazine.

    Voice your opinion!

    To join the conversation, and become an exclusive member of Machine Design, create an account today!