Published on 11/17/2016 | Technology
Over the past decade or more the need for cyber security in industrial automation and control systems has been accelerating at an ever increasing rate. Adoption of the benefits of commercial off-the-shelf and open technologies, awareness of the systems, exposure of the systems and precedents set by previous attacks have all contributed to the increase. The advent of the Industrial Internet of Things (IIoT) pushes this even further with the increased uptake and reduced cost of powerful computing technologies like cloud, virtualization, shared networks and so on.
While cyber security can be seen as both a barrier or an enabler to the adoption of IIoT, depending on your point of view, what is clear is that no discussion on IIoT is complete without the mention of this topic. And it has to be a comprehensive mention. You know the phrase “You’re only as strong as your weakest link.” Well, this is just as applicable for football teams as it is to industrial automation and control systems. And with industrial automation and control systems it’s not just the weakest link that needs to be secured, it’s also the highest potential risks that need to be planned for and mitigated.
Just as openness and standards in automation technology are essential in realising the promise of IIoT, so too is the adoption of certified industrial security standards. These standards must be robust and take into account the security not only of individual assets but also of the larger systems and systems of systems. Adherence to the certifications will mean that the elements of a system hold the key security building blocks, the elements are combined in a secure way by security certified teams and finally operated as a secure system by security trained operators.
Worldwide the IEC62443 series of security standards covers all elements of security from product development through to product features, system features, delivery and operation. Complementary to the IEC62443 security standards, existing industrial standards are also evolving to be more secure. DNP3 has evolved to DNPV5 to add security, OPCUA offers significant security enhancements, Modbus is evolving to Modbus Secure, EtherNET/IP is becoming EtherNET/IP Secure. In addition many IIoT systems are adopting security features coming from existing IT standards such as HTTPS, Certificates, Encrypted/Authenticated protocols etc.