G4S Africa supports small business development thr... » The latest product in the G4S Deposita range is a smart safe system called mini-pay that holds up to... Commissioner's statement following incident in Man... » This is an utterly appalling attack. My thoughts are with the people of Manchester as they try to co... UPDATE: Policing events in the Capital » Following the horrific terrorist attack in Manchester last night, in which 22 people were killed and... Statement from Assistant Commissioner » Statement from Assistant Commissioner Mark Rowley, Head of National Counter Terrorism Policing: The... Met intensifies policing activities in London fol... » The Metropolitan Police Service (MPS) has increased police numbers and operations across the Capital... OF FOOLS OF THE MIDDLE BELT, ONE NORTH AND PASTORA... » Please visit also: www.scorpionnewscorp.com SERIES: BUHARISM AND THE FIERCE URGENCY OF NOW A treat... Home Secretary’s statement on the Manchester attac... » I know that some people will only just be waking up to the news of the horrific attacks in Mancheste... Checkpoint Systems unveils Bug Tag 2 loss preventi... » Checkpoint Systems has announced the launch of Bug Tag 2 – an innovative loss prevention solution th... Edesix launches new head and torso mounted body wo... » Edesix has announced the launch of new head and torso mounted cameras. The X-100 is a side-mounta... Banknote Watch offers essential advice as old £5 i... » As of Friday 5th May 2017, the paper £5 note was officially withdrawn from circulation and no lo...

CLICK HERE TO

SOCIAL BOOKMARK

Cyber Security and e-Crime

When hackers hijacked the electrical systems of three major Ukrainian power distributors back in December 2015, over 230,000 people were left without power for several hours. The uncertainty caused by the attack lasted much longer, especially since employees in both engineering and IT teams alike were initially unclear about how the hackers managed to infiltrate the system. The scale and severity of this incident illustrated, yet again, how important it is for companies to secure their cyber systems at all levels.

 

Here, Martyn Williams, Managing Director of industrial software provider COPA-DATA UK, discusses the latest developments in industrial cyber security.

The rise of the Chief Information Security Officer (CISO) role in the last few years demonstrates increasing cyber security concerns at board level. Although this is good news for industry, cyber security goes beyond the IT department - and even the boardroom - as one of the four pillars of Industry 4.0, alongside data, connectivity and simulation. So what should companies be doing to make cyber security central to their business?

Security standards

Industry standards such as IEC 62443 have been around for many years and define the procedures for implementing electronically secure Industrial Automation and Control Systems (IACS). The standard applies to end users, systems integrators, manufacturers of control systems and security practitioners.

The IEC 62443 set of standards defines four levels of security, where the lowest prevents the unauthorised disclosure of information via eavesdropping or casual exposure. The highest security level defined by the standard inhibits unauthorised disclosure of information to an entity actively searching for it, using sophisticated means with extended resources, IACS-specific skills and high motivation.

The truth is that any organisation — no matter how small — could become a target for cyber attacks, so all companies should aim for the highest security level described in IEC 62443. To do so, a company needs to ensure it protects its hardware, software, storage and personnel against cyber attacks, intrusions and information leaks.

Security in every layer

As Software is the gateway for most cyber attacks, it is imperative that both enterprise and industrial control software have security features embedded throughout. This multi-layered approach to cyber defence not only protects the company and users from unwanted loss of data and unauthorised access, it also means that in the case of a system breach, the software can identify the issue quickly, quarantine it and alert the Chief Information Security Officer and other responsible parties instantaneously.

Useful software security features can range from user authentication and strong encryption technology, to more inconspicuous features, such as file signatures, which allow the system to recognise manipulated program files using hidden algorithms. A combination of these features ensures a higher level of protection for the entire system.

Risk analysis

With the rise of Industry 4.0, the importance of IEC 62443 is on the rise. Although the implementation of the standard is still in its early stages, more and more companies are looking at it to understand best practice and improve the security of their systems.

To cope with the IT security challenges of automation and control systems, technical service provider TUV NORD has developed a customisable Safety for Security (S4S) risk analysis tool, which helps companies identify network weaknesses and proposes adequate measures.

This new tool merges the worlds of functional safety and IT security, covering all the major fields of an application: critical infrastructure, automation technology as well as sensor-related components with interfaces to the internet. The approach highlights the importance of ensuring security at all levels within the organisation.

As Industry 4.0 continues to grow, cyber security will be necessary from chip to industrial device, cloud and infrastructure, with applications spreading from process plants to energy. Similarly, as industrial software becomes more intelligent, cyber attacks become more complex. Because of this continuous race, it is important for companies to keep up to date with the latest cyber security developments. This shift also means that companies need to approach cyber security as a continuous improvement process rather than a one-off project.