GAMBICA forms industrial network security group
02 May 2013
The group will aim to identify standards and best practice for members and their customers to help counter the threats of viruses, industrial sabotage and terrorism.
The industrial network security group has 19 members at the moment, and came about as a result of feedback from other group members suggesting that this is an area of increasing interest to the automation industry.
GAMBICA deputy director, Steve Brambley put out a proposal to the membership and says that within hours he got messages back from about 15 member companies saying they were definitely interested in participating in such a group.
“We had an exploratory meeting where it was determined that the industry is interested in spreading best practice among both vendors and their customer base," says Mr Brambley. "Defence-in-depth is what is needed; because there is no single solution to industrial network security – it is systematic.
"Industrial network system security is just part of the wider topic of security and needs to be integrated, not treated separately. There is no point in having an uncrackable password protection system if people write them on sticky notes and put them on their screens.”
Mr Brambley points out that industrial networks are rarely managed in the same way as enterprise networks, and fall under different areas of responsibility in a business. Office applications are typically managed by an IT department using its approved security software, standards and codes of practice, while the industrial side tends to be looked after by an engineering department without necessarily involving the IT team.
For example, it is not uncommon for a PC controlling a manufacturing cell to be running a very old version of Windows, such as NT or XP without an internet connection.
“At some point later in its life, the engineering department may decide it wants to connect some manufacturing cells to get production information out onto the IT network,” adds Mr Brambley. “This can introduce vulnerability if the cells are managed by a PC with an old version of Windows that has not been updated. Industrial network systems need to be dealt with differently from IT networks in a business.
“Communications need to be continuous and without glitch for monitoring a fast process, whether the controlled process is food, oil, metalworking, paper or anything else.
“This is different to an enterprise IT environment, where it does not matter if a PC takes a few seconds to update and the user can’t access a Word document during that time!”
Mr Brambley concludes that security measures need to recognise the needs of the system and that the automation industry has a part to play as the experts in integrating their own systems into a wider security policy. They need a voice and a presence to tackle these issues and GAMBICA’s new group provides this.
Contact Details and Archive...