Marketplaces of malevolence
The Stuxnet attack on Iran’s uranium enrichment facilities and the Shamoon attacks on industrial companies in the Mideast have been a wake-up call for the process industries, says ARC Advisory Group. What’s more, the global hacker community openly sells on-line malware and access to established footholds. ARC and others are developing services meant to give managers some piece of mind in an uncertain world. It’s a market place born of malevolence.
Industrial automation systems need different protection from what works for transaction-based business and enterprise systems, says automation supplier Invensys. Its recently released Invensys Cyber Threat Management Module takes care of firewall, anti-virus and other kinds of protection for small or remote industrial-control systems.
It’s amazing how well versed we’ve all become in the jargon of ubiquitous computing – servers, the cloud, an interface. You’re not surprised when either your grandfather or grandchild is familiar with these kinds of terms.
Engineers are generalists too
Still, it’s another matter when an educated generalist, or even an engineer, is responsible for the security of a computing infrastructure and its associated applications and data, upon which the livelihoods of perhaps a considerable number of people depend. Further, what’s best to do can be hard to tell in a world where some people are just out to make a buck.
In 2010 the Dept. of Homeland Security and the Centre for the Protection of National Infrastructure released “Cyber Security Assessments of Industrial Control Systems.” It’s still relevant and easily found online via search.
Today, Invensys is amongst many well-established companies offering cyber-security assessments as a vital first step to protect networks and systems, identify requirements, establish a critical-asset baseline, meet regulations and have in hand a gap analysis, including needed mitigation. And Invensys knows the process industries.
Some jargon included
Two areas in particular are noted as needing extra attention, the company says, and will be the target of services available in the near future. The databases within SQL servers are a favorite target of hackers, with “SQL injection” being one of the top four attack modes, Invensys says. SQL server hardening should reduce loss of data or information, safety risks, fines and penalties.
Another place where bad things can happen are IIS servers, which are found on virtually all networks, including those used by industrial-control systems. IIS is for Internet Information Services, which Wikipedia defines as a set of Internet-based services for servers using Microsoft Windows. Research shows that 75% of cyber attacks occur at the application level, says Invensys.