Why we worry about cyber security
There are times when we see glimmers of hope, and then there are situations like this one.
One of the legitimate complaints against industrial networking and control equipment from a cyber security standpoint is that many individual devices are very soft targets. User names and passwords are often difficult to change or even fixed. Programs can be changed without authentication. That sort of thing. If the network does not adequately shield these from the outside, they are usually easy to break. As one cyber security student described a PLC, “If you can ping it, you can own it.”
That being the case, stories like this one are particularly problematic. According to reports by Wired and The H, RuggedCom has built an undocumented backdoor into its ROS (rugged operating system) that cannot be disabled. This is designed to be a factory user account, and the password can be derived from the MAC address. There are workarounds suggested by the US-CERT, but this is a band-aid until the company comes up with a more substantial solution.
To make matters worse, the stories allege that RuggedCom has known about this for a year. Or, maybe it's more accurate to say that the cat has been out of the bag for a year, because the company has known about it all along. Read the stories, but don’t complain to me if they turn you into an insomniac.
Peter Welander, firstname.lastname@example.org
Annual Salary Survey
After almost a decade of uncertainty, the confidence of plant floor managers is soaring. Even with a number of challenges and while implementing new technologies, there is a renewed sense of optimism among plant managers about their business and their future.
The respondents to the 2014 Plant Engineering Salary Survey come from throughout the U.S. and serve a variety of industries, but they are uniform in their optimism about manufacturing. This year’s survey found 79% consider manufacturing a secure career. That’s up from 75% in 2013 and significantly higher than the 63% figure when Plant Engineering first started asking that question a decade ago.