The world's most capable, rugged and secure
industrial control system...

Introducing Bedrock OSA® Remote

  • Intrinsically-secure PLC and RTU control
  • 10 or 20 channels of universal I/O
  • Free IEC 61131-3 engineering software
  • -40ºC to +80ºC temperature range
  • Rugged, all-metal case 5.4 in x 8.9 in x 2.3 in
Learn More

Industry News

Cyber Security & Standards
 

Built-in Cyber Security vs. Built-in Cyber Security

November 22, 2019
Robert Bergman

If any of today’s large vendors of automation systems offer cyber security protection, odds are good that it has been bolted on after the fact. Cyber security was not an issue when these systems were originally designed, so swapping them out now would be a major challenge for both the vendor and the end user. But those systems are due for update eventually and legacy vendors are now striving to build in as much security as they can.

 

We are starting to hear it now, and over the next five or so years, we expect to see more and more companies claiming to offer some degree of built-in cyber security. Although they will be guided somewhat by standards such as ISASecure – IEC 62443, each will likely interpret it and integrate it into their business model differently and to different levels. As you evaluate your next PLC, SCADA RTU, DCS or other industrial control system claiming to have built-in cyber security, ask the following questions to determine if you are getting maximum protection.

 

  • ______ Is there an embedded public key infrastructure (PKI) to manage an encryption and authentication of messages based on a known 3rd party root of trust?
  • ______ Does the authentication support Transport Layer Security (TLS) 1.2?
  • ______ Is encryption compliant with NMIST SP800-57, Suite B?
  • ______ Does the system have secure boot?
  • ______ Does security extend to sub-components as well as to the device itself?
  • ______ Is there anti-tamper protection at the component level?
  • ______ Are the modules all-metal, anti-tamper, sealed and FIPS 140-2 compliant?
  • ______ Does the system use a pin-less I/O backplane?
  • ______ Is the system firmware secure and protected?
  • ______ Are open communications protocols such as OPC UA and MQTT secure and protected?
  • ______ Does the system have a secure component supply chain?
  • ______ Does the system have the built-in bandwidth to support high-performance hardware accelerators without disrupting performance?
  • ______ Is the security included in the basic cost of the control system?

 

For a truly intrinsically secure control system, the answers to all these questions must be yes. For more detail on them and many other essential components of an intrinsically secure system, download our white paper: Chapter Three: Intrinsic Cyber Security Fundamentals.

 
Cyber Security & Standards

U.S. Security Agencies Warn of Cyber Attack Threats to Unauthenticated PLCs and other OT

August 27, 2020
Robert Bergman

The National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) have urged critical infrastructure facilities to take […]

Cyber Security & Standards

Encrypt or Be Encrypted: Mysterious Ransomware Attacks OT

August 27, 2020
Robert Bergman

A second bit of ransomware code designed to target industrial control systems has emerged. Similar to the Megacortex malware that […]

Cyber Security & Standards

Signs of Hope in Cyber Security, But …

August 27, 2020
Robert Bergman

Accenture has published its 2020 Cybersecurity Resilience Report based on its survey of 4,644 executives in 24 industries. Although few […]