Sopra Steria finds UK citizens want more secu... » London: Sopra Steria has revealed that UK citizens are keener than ever to use digital public servic... World’s top education experts to answer key q... » Education experts, Edtech entrepreneurs and an assortment of thinkers, analysts and administrators f... HAUD gives more value through its Traffic Audit ... » Singapore: HAUD has now established itself as a market leading SMS firewall provider, and through ex... 365squared launches 365analytics » Macau, China: 365squared introduced 365analytics to its portfolio of services. 365analytics is a rea... Checkpoint Systems deploys its EAS Solutions at ... » Checkpoint Systems has announced its partnership in implementing EAS pedestals and deactivation syst... Evander Direct wins commendation for uPVC window... » Evander Direct have been commended for their innovative uPVC cleaning process that dramatically help... Electrical Industries Charity to benefit from pr... » Thousands of pounds are set to be raised for good causes in the electrotechnical industry at the upc... Secure I.T. Environments achieves new internatio... » Data Centre World, London: Secure I.T. Environments Ltd has announced that it has achieved new inter... OKI upgrades wide format with new Teriostar Multif... » Egham: OKI Europe Ltd has launched two new wide format Teriostar multifunction printers designed to ... BSIA members push aggressively for cyber-security ... » BSIA members have pledged to lead the way in cyber-security education, Vigilance can report.

CLICK HERE TO

Cyber Security and e-Crime

When hackers hijacked the electrical systems of three major Ukrainian power distributors back in December 2015, over 230,000 people were left without power for several hours. The uncertainty caused by the attack lasted much longer, especially since employees in both engineering and IT teams alike were initially unclear about how the hackers managed to infiltrate the system. The scale and severity of this incident illustrated, yet again, how important it is for companies to secure their cyber systems at all levels.

 

Here, Martyn Williams, Managing Director of industrial software provider COPA-DATA UK, discusses the latest developments in industrial cyber security.

The rise of the Chief Information Security Officer (CISO) role in the last few years demonstrates increasing cyber security concerns at board level. Although this is good news for industry, cyber security goes beyond the IT department - and even the boardroom - as one of the four pillars of Industry 4.0, alongside data, connectivity and simulation. So what should companies be doing to make cyber security central to their business?

Security standards

Industry standards such as IEC 62443 have been around for many years and define the procedures for implementing electronically secure Industrial Automation and Control Systems (IACS). The standard applies to end users, systems integrators, manufacturers of control systems and security practitioners.

The IEC 62443 set of standards defines four levels of security, where the lowest prevents the unauthorised disclosure of information via eavesdropping or casual exposure. The highest security level defined by the standard inhibits unauthorised disclosure of information to an entity actively searching for it, using sophisticated means with extended resources, IACS-specific skills and high motivation.

The truth is that any organisation — no matter how small — could become a target for cyber attacks, so all companies should aim for the highest security level described in IEC 62443. To do so, a company needs to ensure it protects its hardware, software, storage and personnel against cyber attacks, intrusions and information leaks.

Security in every layer

As Software is the gateway for most cyber attacks, it is imperative that both enterprise and industrial control software have security features embedded throughout. This multi-layered approach to cyber defence not only protects the company and users from unwanted loss of data and unauthorised access, it also means that in the case of a system breach, the software can identify the issue quickly, quarantine it and alert the Chief Information Security Officer and other responsible parties instantaneously.

Useful software security features can range from user authentication and strong encryption technology, to more inconspicuous features, such as file signatures, which allow the system to recognise manipulated program files using hidden algorithms. A combination of these features ensures a higher level of protection for the entire system.

Risk analysis

With the rise of Industry 4.0, the importance of IEC 62443 is on the rise. Although the implementation of the standard is still in its early stages, more and more companies are looking at it to understand best practice and improve the security of their systems.

To cope with the IT security challenges of automation and control systems, technical service provider TUV NORD has developed a customisable Safety for Security (S4S) risk analysis tool, which helps companies identify network weaknesses and proposes adequate measures.

This new tool merges the worlds of functional safety and IT security, covering all the major fields of an application: critical infrastructure, automation technology as well as sensor-related components with interfaces to the internet. The approach highlights the importance of ensuring security at all levels within the organisation.

As Industry 4.0 continues to grow, cyber security will be necessary from chip to industrial device, cloud and infrastructure, with applications spreading from process plants to energy. Similarly, as industrial software becomes more intelligent, cyber attacks become more complex. Because of this continuous race, it is important for companies to keep up to date with the latest cyber security developments. This shift also means that companies need to approach cyber security as a continuous improvement process rather than a one-off project.