Safety, Security are One

Wednesday, November 3, 2010 @ 08:11 AM gHale

By Gregory Hale
Safety and security are not just two sectors that intersect on occasion, they need to work hand in hand in any manufacturing enterprise, said the chief of the control systems division at the National Security Agency (NSA) Tuesday.
“Safety is about protecting people,” said Frank Staples, the NSA’s chief of the control systems unit during Tuesday’s Safety Automation Forum at Rockwell’s Automation Fair. “Security is about protecting assets, but remember a person is also an asset.”
Cyber security, Staples added, needs to keep the system up and running.
“Control system cyber security is essential to maintain safety, integrity, and stability of critical infrastructures,” Staples said. “We can withstand a short term disruption, but what happens when short term becomes medium to long term?”
Eliminating disruptions and unplanned downtime, Staples said end users need to demand tougher security in suppliers’ products.
“Safety and security are intertwined,” said Sujeet Chand, senior vice president, Advanced Technology and chief technology officer at Rockwell. “We have to push for increased safety and security in products. We have to make sure safety and security are tightly integrated.”
Staples gave his talk saying the federal government needs to work with the private sector to ensure a safe and secure working environment. No one agency, organization or sector can solve the issue individually. Everyone needs to work together, he said. “We realize this problem is much greater than our sphere.”
“Protecting industrial control systems against cyber incidents is an imperative for safe operations,” Staples said. That is why “we need a common philosophy about cyber security in industrial control systems,” Staples said.
Security cannot be an afterthought. Rather, you have to think of security when designing a system, he said.
Staples told a story of a young Polish boy that found a hole in the system of a European tram system. He was able to get into the system and navigate his way around and then, using a television remote, he was able to switch tracks using the infrared device on the remote. The end result, Staples said, was four trains ended up derailed and 12 people suffered injuries.
That led Staples to say any manufacturer cannot rely on just one way to protect themselves. Manufacturers need different levels of protection.
That thought process led Chand to say manufacturers need to remain vigilant with safety and security procedures.
He pointed out the recent Stuxnet attack as a case in point. Even though reports right now say the attack did not affect any industrial sites. Chand said “If Stuxnet (had been) successful in infiltrating a nuclear plant, all the safety features would have been averted. That tells you how closely safety and security work together.”
Safety and security are not a one-time installation. The systems need constant attention because there are people out there that will try to get into a system and manufacturers need to stay one step ahead of the bad guys.
“If somebody wants (what you have) bad enough, they will fight through any type of cyber protection,” Staples said. “Your goal is to make it a hell of a lot harder for them to get through.”

Leave a Reply

You must be logged in to post a comment.