Sweden is often considered to be one of the world's most cybersecure countries but despite this, it was revealed in 2017 that a security slip up made confidential police records available to IT workers in the Czech Republic. This throws into question other security systems across Sweden and the globe. Here, Sean Robinson, service leader at industrial automation provider Novotek UK and Ireland, explores how automation systems in manufacturing can be made more secure.
Industrial automation and control systems are vital in the modern manufacturing industry, whether they are physical automated assets or enterprise management systems. Regardless of their role in manufacturing plants, one thing remains the same: plant managers don't want them, or their data, compromised.
There are primarily two areas of concern with system cybersecurity. The first area is protection of intellectual property surrounding processes and recipes. Here, a more considered approach to the system design, such as separating the formulation data and control functions, will make systems more flexible and--at the same time -- make it more difficult to extract key information in a simple format.
The second area of concern is the flow of outsiders, whether that be contractors or temporary staff, that can accidentally cause production losses. Security methods need to be put in place to reduce the risk of accidental interference with production systems.
When considering security solutions for these two areas, and indeed other areas of manufacturing, the common theme is that sensitive data is being handled. A mix of technical tools and human processes offer good protection and often changes can be made to existing security systems to aid this.
Technical tools are understandably most effective in safeguarding against cyber-attacks, as industrial software will often be the access point for malicious attacks on industrial systems. In this regard, it's important that plant managers ensure their industrial automation software has embedded security features, such as encryption and digital file signatures, to help prevent unauthorised access.
It is far more common for security breaches to occur internally and by accident as opposed to a malicious attack from an outsider but, even in that scenario, systems should provide an audit trail where activity can be tracked back to the source. Usually...