Talk to Me: Elevating Security Awareness

Wednesday, April 23, 2014 @ 05:04 PM gHale


By Gregory Hale
As the manufacturing automation industry inches toward understanding and accepting security as an enabler to their business, the idea of folks being more aware of the issue appears to be taking over for what had been out-and-out denial.

While that may appear obvious with all the security news hitting the front pages across the globe, for an industry to acknowledge the issue is a big deal. The next great frontier is for manufacturers to start moving toward implementing security solutions. But after a spate of new studies coming out, it truly appears as if one hand really doesn’t know what the other is doing.

One survey found a majority of U.S. companies now regard the cyber attack threat one of their top three business risks. Another report says chief executives and board members are only told what they want to hear instead of the unfettered truth.

RELATED STORIES
Attacks a Top Risk after Target Hack
Awareness Awakening: Firms Assume Compromise
ARC: Securing Internet of Things
Cyber Threat: Managed Services

The idea of increased security awareness is clear amongst some of the leading industry suppliers.

“I think there is building level of concern and awareness where we have started building a practice around helping people think through where to start and how to broadly attack the problem and we are making progress in that regard,” said Mike Caliel, president and chief executive of Invensys’ Software and Industrial Automation businesses during a meeting at the ARC Forum in Orlando, FL, earlier this month. “I think beyond the cyber dimensions of the problem and system dimensions are the issues around physical assets as well. I think there is a building awareness of people looking at the problem and it is such a complex problem that people just don’t know where to start.”

“When you talk to (executives) they are really concerned. Think about food safety, if someone could do something to a food processing, what kind of image damage could it do for a company in the public environment,” said Clemens Blum, executive vice president Industry Business at Schneider Electric Industries during a meeting at the ARC Forum. “Huge damage is possible, people are really concerned. It is top of their agenda.”

In his keynote address during the ARC Forum, Andy Chatha, president of ARC Advisory Group was talking about the strong potential for the growth of the Internet of Things, but added security plays a major role in its adoption.

“Cyber security is by far on everybody’s mind; the biggest challenge,” Chatha said.

On top of what some of the automation leaders said, just a quick glance at some reports and some numbers gives a clear indication of the growing awareness levels.

One survey found a majority of U.S. companies now regard the cyber attack threat one of their top three business risks.

Attacks on businesses, including banks and retail giants such as Target, have now led businesses to increase their cyber security budget. Of those businesses planning to increase their cyber security budget over the next 12 months, 78 percent cited the recent attacks as having a significant influence on their decision, the survey said.

The research found 53 percent of U.S. companies surveyed now regard the threat from cyber attacks as one of their top three business risks, which echoes the warning from the World Economic Forum that cyber attacks are among the 5 biggest threats facing the world in 2014. That research, conducted by BAE Systems Applied Intelligence, details business concerns and opinion around security and indicates a strong demand from major global companies for greater intelligence about the nature of new cyber threats and a better understanding of business vulnerability.

Another survey by the SANS Institute points out a majority of organizations now operate under the assumption their network already suffered a compromise, or will soon suffer an attack.

One key finding from the SANS survey shows 47 percent of respondents are operating under the assumption they’ve suffered a compromise; with another 5 percent saying they operate under the assumption if they have not already suffered a compromise, eventually they will.

Yes, there is more awareness of security and the inevitability of an attack, but enterprises still remain vulnerable to all manner of cyber assaults, yet another report said.

Configuration issues and widespread use of antiquated technologies are among the main threats to large organizations, said Hewlett-Packard in the latest installment of its annual Cyber Risk Report.

Technology in the automation environment has come a long way in the past decade. It has gotten to the point where communication and real time decision making can occur from the sensor to the boardroom. The problem remains, though, that bad guys can get in and take over or hurt a process or rip off vital data.

The benefits of the open architecture and communication far outweigh the negatives, but there needs to be a solid security plan in place to ensure open communication.

Bad guys are able to take advantage of vulnerabilities across an attack surface that gets larger each day and the industry needs to come together to share security intelligence and tactics in order to disrupt attacks. That should be the next level after awareness sets in.

The time to become aware is over, now the industry needs to start acting on security across the board and fight to remain protected.

Talk to me: Gregory Hale is the editor/founder of ISSSource.com.



Leave a Reply

You must be logged in to post a comment.