'. PHP_EOL; } elseif ( strpos( $page_path, "deutsch") !== false) { echo ''. PHP_EOL; } elseif ( strpos( $page_path, "francais") !== false) { echo ''. PHP_EOL; } elseif ( strpos( $page_path, "italiano") !== false) { echo ''. PHP_EOL; } ?>

Strong Points on Cyber-Security

by | Feb 25, 2010 | Control & Safety Systems, Cybersecurity

Jim Cahill

Jim Cahill

Chief Blogger, Social Marketing Leader

As I was catching up on my RSS feeds for all the things going on in our world of process automation, I came across a cyber-security podcast interview conducted by Traci Purdum, senior digital editor for Chemical Processing magazine. She interviewed Eric Byres, who is the chief technology officer of Byres Security. I gave the 23-minute podcast a listen yesterday and sent the link to Emerson’s Bob Huba, whom you may recall from earlier cyber security-related posts.

Borrowing a page from my playbook, Bob listened to the podcast during his commute. Eric made some strong points in the podcast that resonated with both Bob and me. Eric noted his perception that chemical plants assume they are more secure than they really are, mainly because the risks are invisible. You don’t really see the risks until something happens. Bob notes:

I agree with Eric for the most part especially the part about needing and following procedures to remain protected. You are never “secure”. There are still many process manufacturers who are waiting for or wanting the technology to solved the security problem for them.

Eric mentioned a great phrase, “security by obscurity”, which painted a very clear picture of one of his points. Some process manufacturers stay with very old, proprietary automation systems hoping to avoid the security issues associated with more modern systems built on commercially available operating systems, databases, communication stacks, etc. He explained that even in these plants, there are Windows-based systems connected in. These connections introduce holes into the hope of remaining invisible.

Eric also makes a strong point that complexity is the enemy of security. To this point, Bob adds:

The part about being simple is a great comment–as you know we have a simple to use firewall for our controllers similar to the one mentioned. We have also introduced our DeltaV Smart Switch with easy to use security features. The DeltaV team strongly believes that “keep it simple” solutions will be the most successful.

One final part of the podcast that struck a chord with Bob:

He is on target that we need to have concerns about the current SCADA security solution movement to treat the SCADA system as an extension of the plant LAN and apply the same solutions. There is great complexity in many of these IT-based solutions that are simply not needed for many SCADA systems. Complex solutions may be necessary in the IT world. In the SCADA world, they just increase the complexity beyond what a control system maintenance person can hope to implement successfully–especially at 3am Sunday morning when something fails. There is almost a greater danger these solutions will create more operations problems than the security threats they are intended to mitigate.

If cyber-security is part of your set of concerns and you’ve got 23 minutes to spare, possibly on your commute, the podcast is worth a listen.

GreenPodcast.gif (Sound quality is unfortunately noisy. The Chemical Processing one is much better!

Popular Posts


Follow Us

We invite you to follow us on Facebook, LinkedIn, Twitter and YouTube to stay up to date on the latest news, events and innovations that will help you face and solve your toughest challenges.

Do you want to reuse or translate content?

Just post a link to the entry and send us a quick note so we can share your work. Thank you very much.

Our Global Community

Emerson Exchange 365

The opinions expressed here are the personal opinions of the authors. Content published here is not read or approved by Emerson before it is posted and does not necessarily represent the views and opinions of Emerson.