Here’s an interesting question. One might think that the rise in hacking of industrial control systems may have everything to do with the advanced capabilities of the hackers. However, what if we’ve traded security for interoperability and “open” systems?
There’s a new report out by Marsh Risk Management Research, "Advanced Cyber Attacks on Global Energy Facilities," stating that by moving from standalone and closed industrial control systems towards open systems for greater interoperability and Internet-connected systems for efficiency and cost effectiveness, we’ve unleashed risks that are just beginning to become visible.
Attacks, according to the report, are moving from attempts to gain personal or sensitive financial data to a more sinister system-takeover motivation. And, the global energy sector is targeted more often over the past few years than any other industry segment.
So, while the question of industrial control system security is at the heart of this, what about the vulnerability we’re building into all sectors? Are our attempts to adopt open systems for greater interoperability setting us up for a world of hurt?
Across many industries, the movement is towards these open systems for open software standards, portability, and interoperability. By their nature, they are fully defined, fully published, and not under the control of one entity. From the ability to design, it sounds like heaven; from a security point of view, well...
So it’s open this and open that, and maybe the door is open a wee bit too much? What do you think?
— Carolyn Mathas is a freelance blogger and editor for EE Times' Industrial Control Designline