Minimising cyber security threats on industrial control systems. Without a strong commitment to security, manufacturers will fall victim to the many pitfalls faced by open protocols.

Top Article for 2018 - Protecting Utilities
Top Article for 2018 - Protecting Utilities

Nick Boughton | Boulting Technology

In 2017, the UK Government proposed the implementation of the Security of Networking and Information Systems (NIS) Directive, with the aim of improving the security of essential services such as water and energy. Should providers fail to protect their systems, a £17 million penalty could be enforced. Here, Nick Boughton, sales manager at leading industrial systems integrator Boulting Technology, discusses why it is important for utility providers to protect themselves from cyberattacks.

Plant managers within utility companies are now demanding more from their industrial control systems (ICS) to deliver operational improvements through smarter, information-enabled machines. As a result, the domains of IT and OT are converging and becoming increasingly connected as many ICSs are now overlapping with enterprise systems to provide accessible, secure information that is visible across organisations. With these increased benefits, however, comes a rise in additional security risks.

Typically working on closed, proprietary communication protocols, the migration to open protocols can present several issues, including unpatched software and hard-coded passwords. Robust systems, such as PLCs, were built to last before network connectivity was even considered.

When connecting a legacy system to an open protocol, it is essential that it is done safely and securely. Security patches can be vital in reducing potential cyber-attacks, however many manufacturers forgo their roll out as the associated costs can be high. Every missed patch makes it much harder and more expensive to ensure a legacy system is protected.

It is these risks that the Joint Committee on the National Security Strategy discussed in late May 2018. If ICSs are not protected properly within the utility sector, then it is not just breaches of the GDPR we should be worried about, but the supply of water and energy.

There is no one size fits all solution to protecting industrial control systems and it shouldn’t just cover the protection of a single system. IT and OT convergence means a holistic approach to industrial security should be taken, extending from a single enterprise system, to the people, processes and technologies within a plant.

In its 2016/17 report, the cyber threat to UK business, the National Cyber Security Centre (NCSC) suggested cyber security is most effective when integrated with risk management procedures.

To give maximum protection against cyber-attacks, a plant must have a robust security framework that encompasses people, processes and technologies. Our alliance with Netbuilder, a leading provider of software and IT consulting services, allows us develop and implement seamless solutions across IT and OT, which have traditionally been managed separately.

While having the latest firewalls, antivirus and intrusion detection software is important, it is redundant if staff are not trained properly. Working with an experienced supplier, such as Boulting Technology, will aid in developing one such framework.

Without a strong commitment to security, manufacturers will fall victim to the many pitfalls faced by open protocols.

 

 

About Nick Boughton
Boulting Technology's sales manager, Nick Boughton has worked in the automation industry for over thirty years. He has gathered experience from roles with automation equipment vendors, process OEMs and system integrators, in sectors such as food and beverage, power, chemical and water.

 

About Boulting Technology
Boulting Technology is a leading supplier of Systems Integration, Industrial Network Solutions, LV Motor Control Centres, Switchgear, Control Panels and Telemetry, providing exceptional levels of technical expertise and customer satisfaction, making us the supplier of choice for the products and services that we deliver. It provides exceptional levels of technical expertise and customer satisfaction, making it the supplier of choice for the products and services it delivers.

 

The content & opinions in this article are the author’s and do not necessarily represent the views of ManufacturingTomorrow

Comments (0)

This post does not have any comments. Be the first to leave a comment below.


Post A Comment

You must be logged in before you can post a comment. Login now.

Featured Product

Quickbase: The first application platform built for dynamic work

Quickbase: The first application platform built for dynamic work

By connecting everything through a single source of truth, the Quickbase platform helps businesses mitigate risk, reduce waste, and cut down on unexpected costs. With automated workflows and granular permissions, the right people will have access to the right information.