Security Factors considered at Baseel :
- Although it may not actually be connected to the internet, a control system is unsafe. Contrary to popular belief, a modem connection could also experience intrusion and a hack.
- Wireless networks, laptop computers, and trusted vendor connections could be other sources of connections in which people are likely to overlook.
- Majority of IT departments are unaware of factory automation equipment, including CNCs, CPUs, PCBs, robotics parts and, last but not least, PLCs.
- Piggybacking off of the last point, IT departments’ lack of experience with the aforementioned equipment, along with their lack of experience with industrial standards and scalable processes indicate that they should not be in-charge and responsible for a company’s PLC security.
- Hackers do not necessarily need to understand PLC or SCADA to block PC-to-PLC communication. They absolutely do not need to understand a PLC or SCADA system to cause operational or programming issues.
- Often times, control systems, including ones that many PLCs integrate with, use Microsoft Windows, which is very popular amongst hackers. Some PLCs crash simply by pinging an IP address.
Understanding Issues with Security
In order to create and implement training and procedures for staff, you must understand how issues with security occur. Not all cybersecurity attacks occur from external hackers or scammers. Almost always caused by software issues, device issues, and malware infections, cybersecurity seems straight-forward initially, until you dig into those fine, often overlooked details.
As many in the automation space may know, PLC cybersecurity wasn’t a thing a decade ago. These days, PLCs are connected to business systems through any run-of-the-mill network and aren’t separated from other networks that other automation equipment may also be on. As time goes on, it’s becoming more and more common to see TCP/IP networking from a business system standpoint by connecting via TCP/IP, data exchange, as well as more rational and scalable business decisions.
In conclusion, when a security breach occurs, regardless of the specifics, understanding that time is of the essence will help smooth over most incidents. Trusting who has access to a control systems environment and thumb drive is crucial. If someone has access to the control system environment and thumb drive, ensure they’re well-qualified and up-to-speed with their team and/or company.