When hackers hijacked the electrical systems of three major Ukrainian power distributors back in December 2015, over 230,000 people were left without power for several hours. The uncertainty caused by the attack lasted much longer, especially since employees in both engineering and IT teams alike were initially unclear about how the hackers managed to infiltrate the system. The scale and severity of this incident illustrated, yet again, how important it is for companies to secure their cyber systems at all levels.
Here, Martyn Williams, Managing Director of industrial software provider COPA-DATA UK, discusses the latest developments in industrial cyber security.
The rise of the Chief Information Security Officer (CISO) role in the last few years demonstrates increasing cyber security concerns at board level. Although this is good news for industry, cyber security goes beyond the IT department --and even the boardroom--as one of the four pillars of Industry 4.0, alongside data, connectivity and simulation. So what should companies be doing to make cyber security central to their business?
Industry standards such as IEC 62443 have been around for many years and define the procedures for implementing electronically secure Industrial Automation and Control Systems (IACS). The standard applies to end users, systems integrators, manufacturers of control systems and security practitioners.
The IEC 62443 set of standards defines four levels of security, where the lowest prevents the unauthorised disclosure of information via eavesdropping or casual exposure. The highest security level defined by the standard inhibits unauthorised disclosure of information to an entity actively searching for it, using sophisticated means with extended resources, IACS-specific skills and high motivation.
The truth is that any organisation--no matter how small --could become a target for cyber attacks, so all companies should aim for the highest security level described in IEC 62443. To do so, a company needs to ensure it protects its hardware, software, storage and personnel against cyber attacks, intrusions and information Leaks.
Security in every layer
As Software is the gateway for most cyber attacks, it is imperative that both enterprise and industrial control software have security features embedded throughout. This multi-layered approach to cyber defence not only protects the company and users from unwanted loss of data and unauthorised access,...