Maintworld 2/2017
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
CYBERSECURITY<br />
Digital Automation<br />
System Maintenance<br />
and Cybersecurity<br />
– the Perfect Partnership?<br />
In the last years, the number of cyber-attacks has<br />
increased dramatically. In light of this, it is not<br />
surprising that organizations are increasingly looking<br />
to invest in cybersecurity.<br />
ROBERT VALKAMA,<br />
Senior information<br />
security consultant at<br />
Nixu Corporation,<br />
robert.valkama@nixu.fi<br />
WHAT DOES a cyber-attack mean to you?<br />
The term brings many different mental<br />
images; from pizza driven nerds in a dark<br />
basement to organized operations funded<br />
and supported by state level actors.<br />
The intents for attacks vary greatly; from<br />
opportunistic hacking or showing off for<br />
friends to pursue of financial benefit and<br />
to well organized disruption of a specific<br />
physical function.<br />
Even in the best-case scenario,<br />
cyber-attacks in industrial automation<br />
are highly inconvenient. An example of<br />
such a scenario would be an inadvertent<br />
attack, where malware intended for<br />
ordinary ICT systems enters a production<br />
environment, causing disruptions<br />
40 maintworld 2/<strong>2017</strong><br />
and production downtime. Example of<br />
this type of an attack is a crypto malware<br />
infecting the HMI systems. In the worstcase<br />
scenario, the attack is intentional<br />
and causes total destruction, incurring<br />
substantial replacement and recovery<br />
costs both in terms of time and money,<br />
i.e. jeopardizing safety.<br />
Despite the intent of the attack, there<br />
are steps that can be taken in order to<br />
make it harder for the adversary to succeed<br />
in the attack. Securing industrial<br />
systems requires both technical and administrative<br />
controls to be put in place<br />
(essentially in the same way as securing<br />
ICT systems, but with slightly different<br />
emphasis), and in many cases, these controls<br />
also benefit the maintenance of the<br />
systems.<br />
Mutual benefits<br />
When it comes to automation systems,<br />
the goals of cybersecurity and maintenance<br />
are practically the same: ensuring<br />
error-free production and safety. The essence<br />
of automation systems is that they<br />
operate in the right way at the right time.<br />
In some industries, automation system’s<br />
cybersecurity also includes protecting<br />
intellectual property. In practical terms,<br />
this means protecting manufacturing<br />
processes’ run parameters from information<br />
leaks.<br />
Cybersecurity controls can also have