Where do we start to build a cyber security program?
Dear Control Engineering: This Stuxnet worm problem has got me concerned about potential cyber security problems with our control systems. I’m afraid that we’re pretty far behind where we should be in developing a defense strategy. Where can I go for some basic help as we look at this in earnest?
You should be concerned with Stuxnet in that it represents a new level of awareness toward industrial networks. Control Engineering has covered cyber security extensively over the last few years, and you can find a great deal simply by searching on that term on our Website. One of the particular concerns in industrial environments is that much of the infrastructure running plants is pretty old and was installed well before any of these systems were interconnected or Internet use was wide spread. One article you may find particularly useful was published in July 2009, Cyber Security for Legacy Systems. It deals directly with what happens when these old platforms get connected and the potential for cyber threats.
The U.S. Department of Homeland Security (DHS) is concerned about cyber threats and offers many resources that will help you get started. Here’s a short video from the recent Emerson Global Users Exchange where Tom Dion from the DHS National Cyber Security Division explains where to find some of those.
DHS has also offered advisories on Stuxnet that you may want to read as well.
Control Engineering plant safety and security channel may have other articles of interest.
Peter Welander, pwelander(at)cfemedia.com