Recently the Digital Bond cyber-security blog pointed to a vulnerability note on the Trend Micro anti-virus package and noted:
Software designed to protect ends up putting virtually every system on your network at risk.
This had to cause pause among anyone reading this blog. In spite of best efforts to ward off the ravages of viruses, even those packages responsible for protection can be compromised.
When I saw this article appear in my RSS feeds, I ran it by our resident cyber-security expert and DeltaV product manager, Bob Huba, who you may recall from earlier cyber-security posts. Bob noted that the unfortunate reality of today’s highly interconnected world is that new vulnerabilities come up all the time.
Constant vigilance must be a critical part of your cyber-security efforts. Patch, patch, patch is your best practice and this process requires a close partnership between you and your automation suppliers to perform these practices. Suppliers have to do their part with prompt patch certification and anti-virus support to make sure these patches and additions don’t break existing software functionality. This certification must get clearly communicated to the automation system/cyber-security administrators around the globe to quickly plug these vulnerabilities.
One thought Bob shared is that perhaps some installed automation systems are “over connected” with the enterprise. Each connection is a source of vulnerability and its business case should be carefully considered. The connections should be designed more with cyber-security than low cost in mind. It’s likely best to have a single external connection from these automation systems that “you can guard like heck.”
An analogy is the bank vault with layer upon layer of security which serves to slow down potential breaches so that they can be discovered and thwarted in time.
It sounds like the choice is either to heavily devote attention to these connections or lock down and disconnect from the network–something not too practical as process manufacturers try to optimize their business processes and manufacturing systems.
