On the back of research by AC drive technology specialist, Vacon, and global computer security provider F-Secure, the two companies have produced a new white paper that provides a detailed and up to the minute insight into security threats relating to industrial automation systems. The paper, which is the result of more than a year’s work by Vacon and F-Secure, identifies and analyses the nature of the threats as well as proposing methods for increasing security.
After introducing the types of malware and security threats that relate to industrial automation systems, the white paper goes on to discuss the level of standardisation in information security, comparing standardisation in the ICT (information and communications technology) field with that in the field of industrial automation.
The security aspects of traditional field buses and industrial Ethernet-based networks are examined, and the properties of industrial automation devices are described with a particular emphasis on security and opportunities for tampering.
Various techniques for increasing security, both in the network and at device level are proposed. These techniques range from correct network management to hardware differentiation at the device level. The paper concludes that the key to improved security is threat modelling and the implementation of effective security measures that resist reasonable efforts to circumvent them.
“We have taken great steps to make our products more secure against malware and tampering,” said Heikki Hiltunen, executive vice president at Vacon. “This has involved us in sizeable R&D investment and process development, but I see the results as very worthwhile. I believe we have established ourselves as the leaders in the AC drive market when it comes to protecting our products and, therefore, our customers’ processes.”
