Are vendors on the wrong path where smart plant security is concerned?

As the number of smart plants that use M2M, sensors, and other ICT continue to rise, so too does the lure for attackers.

Manufacturing, energy, and utilities sectors are reportedly spending a combined 206.51 billion Euros globally on ICT in 2019, says Shuba Ramkumar, senior research analyst, Frost & Sullivan.

Organizations are connecting systems to the Internet that they once kept purposely siloed for safety. “Smart plants face new challenges due to the ever-expanding connectivity of their control systems as they link into and rely on business operations and remote monitoring and management,” says Graham Speake, lead trainer at the SANS Institute and a 30-year cyber security industry veteran.

You would think that most vendors are planning tighter, more effective security measures for smart plants now and into the future. One expert says it just isn’t so.

“Based on my interactions with vendors at the Industrial Internet Consortium, I see a big problem looming. Many vendors have this naïve vision of a product ecosystem so robust that any fool can connect a bunch of pieces together any way they want and have a secure system. Concepts like strong encryption and fine-grained, role-based access controls are bandied about. These are not solutions though; they ignore important attack modes,” insists Andrew Gitman, Co-Chair of the ISA SP-99 Working Group 1 revising the SP-99 report on cyber security technologies.

To continue reading this article register now

Get the best of CIO ... delivered. Sign up for our FREE email newsletters!