Cyber-Security: A Journey, Not a Destination

  Enquire / contact me

Mitsubishi PLCs of the future will include multiple embedded features such as hardware security keys and multi-layer password structures


Cyber-Security: A Journey, Not a Destination
Cyber-Security: A Journey, Not a Destination

Cyber-security has been a hot topic since the Stuxnet incident of a few years ago. Previously it was thought that securing the "top end" of an organisation was an adequate solution but this incident and others like it completely changed the security landscape and highlighted vulnerabilities in the de-facto automation architecture that previously had not been considered.

Chris Evans, Marketing & Operations Group Manager at Mitsubishi Electric Europe B.V. Automation Systems Division UK-Branch, explains:

It shifted the problem to the automation domain, which had often operated under the radar and outside the remit of IT. Engineers suddenly started to reconsider their cyber-security arrangements. It was realised that many people may want to bring a plant to its knees, for political or commercial reasons, because they hold what they see as a legitimate grievance or simply to see what will happen.

Scenarios were imagined where drinking water became contaminated or supply interrupted, power plants shut down, or road, rail and air traffic management compromised. In the industrial world it was realized that control systems were potentially vulnerable, often due to out of date or poorly maintained operating systems and CD drives or USB ports that had not been locked down. It did not take a lot of imagination to work out that the more critical a control system, the more likely a target it would be to cyber-attack and the more damage that could be done.

Cyber-security is an arms race of escalating capabilities, so 'defenders' of vulnerable assets must see it as a journey rather than a destination, constantly reassessing the situation and implementing new defences whenever necessary. This is against the background of developing technologies and requirements that mean control systems are always becoming bigger, more complex, more distributed and increasingly open.

Most larger control systems have many points with potential for unauthorised access. Therefore layers of protection must be built into the system both at a network, hardware and software level. For instance, future PLCs (programmable logic controllers) will include multiple embedded features such as hardware security keys and multi-layer password structures.

Each PLC will be capable of hardware security key authentication to prevent programs from being opened or edited on unapproved personal computers that have not been "bound" to the security key. Furthermore, programs will be written so that they cannot be executed by PLCs which do not have a registered security key. Thus the integrity of embedded technologies and intellectual property will be protected from compromise.

Additionally, an IP filter can be used to register the IP addresses of devices approved to access each PLC. Thus unauthorised access, whether for operational reasons, hacking or implantation of malware, will become much more difficult.

Whilst end users will want maximum security; they will also continue to insist on simplicity of operation. Some of these automation security measures, all of which are optional, could be argued to complicate operations and that is why a holistic view of security needs to be taken, considering all aspects of the operation. It may be that in some areas, some measures can be relaxed for the sake of continued operations and this is fine provided that the risk has been assessed and counter measures are implemented elsewhere to elevate the threat. As with everything related to cyber security, the consideration has to be probability and risk and security and operational systems should be designed around these important criteria.

It is probably an unchangeable aspect of the human condition that some people will always seek unauthorised access to control systems. Therefore control engineers must build security measures into their products and systems - and recognize that these are surmountable hurdles rather than impregnable barriers, so must be constantly renewed and redeveloped.

Posted on June 23, 2015 - (1046 views)
Mitsubishi Electric Europe B.V
Platz 1
40880 Ratingen - Germany
+49-2102-486 0
+49-2102-486 7170
View full company profile
More products from this supplier
Delivering on Virtual Power Plants
Real-time data analyser utilisies Edgecross
Tough new HMIs for use in extreme conditions
e-F@ctory in action: Kani Success Story
New Industrial-use Computers: MELIPC
Industrial Robot Series
Collaborative Robot for HRC
Guided Operator Solutions
Pumping Station Optimisation Saves Energy, Reduces Leaks and Reduces TCO
Pumping Station Energy Optimisation
Related articles
''Esprit'' Libre
SCADA for Supervision and HMI
Advanced Automation Solutions
Solutions for Digital Data Exchange
Medical Grade PC
Widescreen HMIs GT21 and GT25
Power Management System for IIoT
Modular Compact CPU Board
Absolute Modular Encoders
Automation Server
Leading Distributor in Automation & Robotics Technology
IIoT I/O Series
Mercury: Mobile, multi-protocol diagnostics for all environments
Sure Signs of Excellence: Top Notch Products Offering Added Value
Innovative Systems Solutions Made by LAPP
Alarm-Annunicators, Grouped Indicators, Tri-Led and Phase Presences
Advanced Thermal Imaging Exx-Series
A Sure Sign of Excellence: Top-notch Products Offering Added Value
Medical Grade PC
Power Management System for IIoT
Modular Compact CPU Board
Absolute Modular Encoders
High-Performance Box PC
Photovoltaic Fuse Holder
Fanless Controller
Semi-absolute Linear Encoder
Web-Based Engineering Tool
Industrial Cellular RTUs