Global Sources
EE Times-Asia
Stay in touch with EE Times Asia
EE Times-Asia > EDA/IP

Improving industrial cyber security one layer at a time

Posted: 31 Jul 2015 ?? ?Print Version ?Bookmark and Share

Keywords:Tripwire? IIoT? Internet of Things? OT network? OT network?

The uptake of Industrial Internet of Things (IIoT) is increasing across industrial plants, connecting sensors, connecting machines to machines, and sending condition data on plant equipment to outside vendor. Although there is apparent improvement in efficiencies and optimisation, there still remains cyber security issues that need to be addressed.

Much of the connectivity shift includes moving from proprietary systems to standard IP networks. "When you move from proprietary to standard IP, there are efficiently gains from communication and connectivity, but there are also security vulnerabilities migrating to the OT network," said Dave Meltzer, chief research officer at Tripwire, a cyber-threat detection company. "Traditionally the plant was disconnected from the public internet, but the leap from IP to OT has become very real, which gives the attacker easier access to OT networks."


Cyber-attacks on plants come in many flavours. (Source:

One of the challenges in protecting the industrial network against cyber intrusions is the inability to know if the network has been compromised. "When someone breaks into a manufacturing operating system, nobody finds about out it," said Meltzer. "We've seen this in a handful of incidents that have been publicised, and we've seen it in many more behind the scenes."

The Inevitable OT vs. IT Clashes

Part of the difficulty in making the extended OT network secure is that the plant network is typically connected to the enterprise IT system, thus giving IT some ownership, or at least some oversight, of the plant OT network. Problem is, the IT priorities (security as the uppermost concern) differs from the OT priority of continual uptime. Many plant managers when told of a breech say, "Keep the plant running while you work on the problem."

Meltzer noted that the plant managers and IT staff have to work together to ensure security. "OT and IT clashes don't help. OT wants availability, while IT believes confidentiality is more important," said Meltzer. "When IT looks at industrial security, they have to understand the priorities of OT."

According to Meltzer, there is progress in settling the OT/IT differences. "IT as a whole is starting to appreciate the importance of availability," said Meltzer. "If you try to apply IT solutions to OT wholesale, it doesn't work. So you have to find out how to introduce security while respecting the OT view."

1???2?Next Page?Last Page

Article Comments - Improving industrial cyber security ...
*? You can enter [0] more charecters.
*Verify code:


Visit Asia Webinars to learn about the latest in technology and get practical design tips.

Back to Top