SCADA Security Solutions Scarce at SPS IPC Drives Show

Submitted by Eric Byres on Wed, 2011-11-30 10:32

I just returned from the massive SPS IPC Drives show in Nuremburg, Germany. This is a massive show - according to the SPS web site, there were 56,321 visitors! An industrial automation show of this size is something I haven’t seen in North America since the glory days of ISA in the 1980s. If you want to see the trends and new technologies in the automation world, this is a good place to start.

Eric and Joann Byres at SPS IPC Drives Show

Now I must be clear that with 1,429 exhibitors to visit, there was a lot I didn’t see. But what I did see was instructive.

Ethernet Rules the Plant Floor

First of all, Ethernet has definitely won the buses war. When you can walk into the Rockwell booth and not see ControlNet or DeviceNet – just Ethernet – you know that the day of the non-Ethernet bus is numbered. And granted I didn’t spend much time in the Siemens booth, but I failed to see much in the way of communications that wasn’t ProfiNet.

Many companies were showing Ethernet-based networks for applications where Ethernet never used to be considered. For example, B&R demonstrated some amazing high speed machine control across different vendors’ servo controllers. The Ethernet Powerlink booth highlighted safety systems using Ethernet communications. And Endress+Hauser had a number of process instruments that were completely Ethernet-based.

SCADA Security Solutions Scarce

What concerned me was the lack of booth space dedicated to security of any type. Of the 1,429 exhibitors, only 16 reported supplying “Industrial security” technologies or services according to the show guide. This is a hopelessly small number (but I am proud to say that Tofino Security technology accounted for nearly 25% of that total!).

When I talked to the vendors, a significant number told me that security wasn’t a concern for them. The users seemed to see it differently  – many I talked to wanted to secure their control systems, but didn’t know what steps to take. It seems like the vendor community is not keeping up with the technology and their users' needs.

If the automation world is going to adopt industrial Ethernet with such enthusiasm (which I support), it might want to consider securing it too.

When the automation industry adopts IT technologies like Ethernet, it gets both the good and the bad.  Amazing progress has been made in real-time control and reliability for Ethernet, but security is not keeping up. Vendors need to do more to support their customers when it comes to securing these new technologies.

Related Content to Download

Note: you need to be a member of tofinosecurity.com and logged in to have access to the document below. Register here to become a member.

White Paper - "Ethernet and the Factory Floor"

 

This paper by Eric Byres et al, evaluates the risks to industrial control systems from both accidental and malicious intrusion.

It also includes a number of recommendations for designing network security for critical industrial control installations.

Related Links

 

 RSS Feed Subscribe to the "Practical SCADA Security" news feed

Comments

2
Submitted by Jon De Main (not verified) on Fri, 2011-12-09 07:04

I attended the UK Institution of Engineering and Technology conference on SCADA CyberSecurity in London last Friday. There was some good stuff presented there, but the one presentation that really disappointed was from a major automation vendor (not one we use in our company to a significant degree).
The vendor did not get CyberSecurity at all - they were explaining features relating to how all actions by the operator are stored in logs and how graphics can be tailored to different login access levels. I was more interested in what stopped a device on the ethernet being taken over or spoofed and sending instructions to the controllers. They seemed puzzled when asked!
I struggle to see how a major vendor can appear to have misunderstood the problem so badly - I am not a security or networking expert (I have a background as an instrument engineer), but even without understanding all the technical details of how a cyber attack can be arranged, the concepts are fairly simple aren't they?

Submitted by Eric Byres on Fri, 2011-12-09 13:23

I agree - the range of vendor understanding of security issues is all over the map. Some are pretty good (especially once a serious vulnerability for their system goes public), but others are completely asleep.

I didn't space to mention this in my blog, but at the same show I had an interesting experience when being introduced to a safety system vendor by an end-user of that system. While I listened, the end-user explained to the vendor that they had accidentally shut down all SIS communications when a protocol analyser laptop had been plugged into the network for troubleshooting. They then explained that this could be done either by accident (such as a consultant connecting for troubleshooting purposes) or by a hacker. Clearly it needed to be addressed. The vendors only response was that they should consider filling open Ethernet ports with silicon!

Add new comment