The world's most capable, rugged and secure
industrial control system...

Introducing Bedrock OSA® Remote

  • Intrinsically-secure PLC and RTU control
  • 10 or 20 channels of universal I/O
  • Free IEC 61131-3 engineering software
  • -40ºC to +80ºC temperature range
  • Rugged, all-metal case 5.4 in x 8.9 in x 2.3 in
Learn More

Industry News

Cyber Security & Standards

Six IoT Security Predictions for 2020

December 16, 2019
Robert Bergman

It’s that time of the year and everybody is making predictions. IoT World Today has joined in the crystal gazing, sharing predictions gleaned from discussions with cyber security service providers. Here are some of the highlights.


Increasing concern about building security


Building security impacts all facilities, including industrial plants. There is growing concern that as more and more devices and controllers connect to building-wide networks, attackers will find their way into critical management and control systems. Author Brian Buntz called out the 2013 Target credit card breach, in which attackers found their way to the payment system via the HVAC network, as an example of this type of penetration.


Securing 5G communications


The fifth generation of wireless communications (5G) is here, offering speeds more than 10 times that of existing 4G networks. Verizon, for example, claims its 5G implementation will boost speeds from the 4G top end maximum of 53.3 Mbps to a whopping 1.07 Gps. Such speed will ultimately translate into more connected devices and more need to protect them.


“Telecommunications and infrastructure firms are touting 5G for an array of use cases, including in the industrial realm. The potential of 5G to be used for critical industrial processes with a tangible business impact is a potentially risky proposition,” said Andrew Howard, chief executive officer of Kudelski Security, a managed security service provider Buntz interviewed for this article.


And we would add that the greatest threat to 5G cyber security may be in the supply chain. A recent European Union report identifies the proliferation of software within 5G networks among the top security challenges facing the next generation of mobile networks.


Growing need to manage Security


While industrial connectivity is expected to continue to expand, the availability of trained professionals is not. These factors are contributing to a predicted 15.62 percent growth rate in cyber security service (Kenneth Research). Other approaches that are predicted to emerge to handle the projected workload increase include partnerships, outsourcing, SaaS solutions, and regular services, as well as hybrid approaches.


More attention to OT cybersecurity


Exploits such as Stuxnet to the more recent Triton attack are elevating the importance of securing an operational technology (OT) system. One contributing factor is the immaturity of the market, which means that industrial end-users have little nuanced guidance standards on which to rely.


“I think the OT space is tougher than the IT space around this topic. Because the reality is, in the IT space, the difference between laptop A and laptop B and server C is just not that different, especially as the operating systems have consolidated,” said Kudelski Security’s Howard. “But the difference between a Rockwell PLC and a Honeywell manufacturing system is just enormous.”


Security by Design


Charlene Marini, vice president of strategy, at IoT services group at Arm, told Buntz that IoT device makers and deployers of connected devices will put plans in place to upgrade the capabilities they offer to ensure secure IoT systems. This she believes will result in a mindset shift in which device makers will begin prioritizing the creation of trusted connectable and manageable products. That new mindset will include embedding life cycle management capabilities at design time, writing software with security and privacy principles at the forefront and providing accessible updates to deployers of their devices.


AI-driven Security


Although Buntz’s sources were predicting a slight uptick in the use of artificial intelligence in cyber security and significant long-term potential, they still found it to be far from maturity. Andrew Howard shared the following anecdote that encapsulates the current state of the AI art:


“I was in a meeting with a lot of other cyber security leaders and the topic was about how artificial intelligence is driving change in behavior. The various people in the room began to provide examples regarding how they used AI to minimize their cyber-risk and they kept naming off examples. “By the time I got to the seventh one, I just raised my hand and I said: ‘No one has described an artificial intelligent use case. You guys are just describing process workflow and software. If there’s not something like a machine learning model or neural networking capability behind the scenes, it’s just software.’”


Read the full article here.

Cyber Security & Standards

U.S. Security Agencies Warn of Cyber Attack Threats to Unauthenticated PLCs and other OT

August 27, 2020
Robert Bergman

The National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) have urged critical infrastructure facilities to take […]

Cyber Security & Standards

Encrypt or Be Encrypted: Mysterious Ransomware Attacks OT

August 27, 2020
Robert Bergman

A second bit of ransomware code designed to target industrial control systems has emerged. Similar to the Megacortex malware that […]

Cyber Security & Standards

Signs of Hope in Cyber Security, But …

August 27, 2020
Robert Bergman

Accenture has published its 2020 Cybersecurity Resilience Report based on its survey of 4,644 executives in 24 industries. Although few […]