Heating Industry Turns Up The Temperature On PLC Cybersecurity
How important is cybersecurity for PLC in today’s industrial settings? Merely a matter of national security. Consider this: in 2016, the US and NATO nations officially recognized cyberspace as domain of warfare.In geopolitical terms, a cyberattack is now as actionable as a naval attack. Within industrial and commercial settings, cyber malice is a frequently seen as a leading threat, and likely a permanent one.
As first brought to global attention by the Stuxnet attack in 2010, PLCs are a tempting target for malice. Since that event, cyber attacks on PLCs and beyond have sent alarming messages throughout the heating and energy industries. The ingress point for the massive 2013 hack of retailing giant Target is believed to have been its HVAC management company.In 2016, a cyber attack in Finland crippled residential heating systems in freezing winter. In March of this year, a Saudi petrochemical plant’s system was hacked not only for its data, but as an attempt to sabotage internal systems and trigger an explosion.
Today, every industry executive understands the need for cybersecurity in PLC systems.Not all, however,are fluent with their own company’s risk profile. Many more don’t understand the methods and limits of prevention. Federal agencies have no doubts about these topics, and have strenuously advocated both risk assessment and intrusion prevention for the industrial sectors. The National Institute for Standards in Technology (NIST) has particularly active in this arena, and has assembled a Manufacturing Extension Partnership (MEP) program to help businesses of all types understand cyber threats and how to deal with them.
The NIST MEP program, created together with private enterprise, has been developing a framework for cybersecurity risk management, and guidelines to assess and mitigate cyber risk to manufacturing systems. Businesses that have not yet conducted a serious assessment of their cyber vulnerabilities would do well to start their education with the NIST overview. In addition to NIST, the Center for Internet Security (CIS) also offers a resource and security risk assessment method that helps organizations implement and assess their security posture against CIS controls.
Best practices for safeguarding are a more complex topic. As more Industrial Control Systems are connected to the Internet and the IIoT, there is predictable debate over where the security dollarsare best applied. The cybersecurity services industry is flush with new vendors ready to serve the ICS markets. The threat of cyber attacks has actually created a flourishing new industry.
Quality, not quantity, is the problem when it comes to finding cyber security for PLC systems. Much of today’s talent pool is drawn from the IT world, where cybersecurity has long been an established discipline. Proprietary or legacy PLC systems are often outside their experience.Training new professionals in relevant cyber security techniques is crucial, and is being addressed by programs supervised by the International Society of Automation (ISA). Businesses seeking to build their in-house cyber security competencies can find up-to-date training and certification through these programs.
To combat the problems of not enough security and not enough security experts, some PLC manufacturers are touting built-in cyber security features. These include integrated firewalls, secure booting, and preventive measures against uploading of unauthorized software. In these new PLC designs, slots can accept authorized, non-rewritable memory, which can be securely locked as a safeguard against tampering. This simple level of physical security is more important than most CIOs give credit to. Many cyber threats don’t necessarily begin as deliberate, planned invasions; they are a product of opportunity. A careless employee or careless password maintenance can be as big a threat to the PLC system as the most relentless black hat. The insurance industry calls these risks a “moral hazard,” like a homeowner that doesn’t lock all the doors when leaving home to get groceries.Many of these security holes around the PLC are often overlooked and expedient to solve.
The U.S. Department of Homeland Security has also issued specific, emphatic cyber security messaging for companies in the HVAC spaces. According to the Department, “HVAC and fire systems have significantly increased roles in security that arise from the interdependence of process control and security.” The agency goes on to warn that computers and computerized devices used for ICS functions (such as PLC programming) should never leave the ICS area. Laptops, portable engineering workstations, and handhelds should be tightly secured and never used outside the ICS network. With these kinds of warnings in mind, it’s easy to understand how simple cures to the aforementioned “moral hazards” contribute to a more secure system.
The HVAC sectors are on the front lines of the cyber threats against industry. Climate control is a universal need for both people and machines. Understanding and accepting the differences between what should be done and what can be done are crucial to a successful cyber security strategy, for PLCs and beyond. Not every attack can be prevented, and not every component of every system can be secured. However, strategies for preventing the preventable are critically necessary. Building those strategies and executing them with tactics that can adapt over time is not just worthwhile to industry –it’s imperative.
Reason To Choose Comodo SSL Certificate To Secure Your Website
It should be clear by now that for your website to survive in this modern era, hacker ridden internet era, it is important for all the information that go on it or through it to be encrypted. To have a website without SSL protection is…
6 Unexpected Security Concerns, and How to Prepare
As powerful as the Internet is right now, it’s impossible to even imagine where it will go over the next years and beyond. But, as fast as security protection continues to improve, hackers seem to improve even more quickly. Everything from new devices to apps…
Your Business Needs These 13 Digital Security Solutions – Here’s How To Get The Most Out Of Each
How would you characterize your organization’s digital security posture? If you’re not sure how to answer this question, or perhaps would prefer not to answer it at all, you’re not alone. Countless decision-makers, from uber-competent CTOs and CISOs to CEOs and COOs who couldn’t code…
Louisiana And Oklahoma Introduce Digital Identification To Prevent Fake ID Use
Digital ID in Louisiana Utilizing digital IDs has been a commonly broached topic for a while now. Although most states are only either deliberating their helpfulness or in the utmost initial stages, Louisiana has moved forward. The primary introduction of this technology was done back…
ScanGuard Review – Here is What You Should Know
Doesn’t it sound good and satisfying to have a goop-performing antivirus that is reliable enough? Yes, it is. For that reason, you need to be extra careful when you are in search of a good antivirus. Put all the necessary factors into consideration so that…
- 3D Printing
- App Dev
- Artificial Intelligence
- Arts and Entertainment
- Big Data
- Blockchain Tech
- Business Technology
- Car Technology
- Cloud Computing
- Cloud Storage
- Computer and Technology
- Conference Calling
- Coupons and Deals
- Cyber Security
- Dark Left 1
- Data Center
- Data Recovery
- Digital Arena
- Digital Marketing
- Edu Tech
- Email Marketing
- Google Glass
- Guides and Tutorials
- Health and Fitness
- Home Improvement
- Home Security
- Internet and Businesses Online
- Internet Marketing
- IT Careers
- Mobile Apps
- Mobile Security
- New Tech
- Online Shopping
- Project Management
- Reference and Education
- Reputation Management
- Sales & Marketing
- Shopping and Product reviews
- Small Business
- Social Media
- Tech Trends
- Technical Support
- Technology in Education
- Tips & Tricks
- Tips And Tricks
- Video Conferencing
- Virtual Reality
- Wearable Technology
- Web Design
- Web Development
- Web Hosting
7 Important Things To Test in Ecommerce Web And Mobile Applications
If you are planning to launch a mobile app or eCommerce websites in the market, it is essential to perform software testing services before launching in the market so that there is no compromise on different vital parameters like mobile responsiveness, user experience, and security…
Androidhackers.net Offers You A Better Gaming Experience!
Are you using an Android device? It is the most popular platform that is being adopted by the people in current times. There are different types of emulators and so it is convenient to create cheating apps and tools. Android is quite an easy platform…
3 Ways to Prepare For Cyber Security Risks That Employees Must Know
In a world where everything is much easier to do via mobile, app, or device, technology is not going to slow down. We’re all guilty of potentially owning more than one device, whether that is our personal phones, work phones, tablets or fitness trackers. All…
Non-Negotiable Elements For Your Business IT Security Plan
In 2019, having a business IT security plan is more important than ever. An IT security plan is the first line of defense you have for protecting your business – and your clients – against cybercriminals. Cybercriminals include hackers, who frequently obtain personal information with…
Businesses Need To Be Proactive When It Comes To Cyber Security
For business of any size, making sure they are not only compliant with security regulations but continually improving and adjusting the measures they have in place is vital. Quite often the factor which determines how a business approaches cyber security is the mindset of the…
How To Become A Cyber Security Analyst
What is Cyber Security? Cyber security is the practice of protecting a system or network from digital attacks. These attacks are generally aimed to retrieve or destroy sensitive information and it is a serious threat to all the organizations. Who is A Cyber Security Analyst…