GAMBICA forms industrial network security group
07 May 2013
GAMBICA, the trade association for instrumentation, control, automation and laboratory technology in the UK, has formed an industrial network security group to identify standards and best practice for its members and their customers to help counter the threats of viruses, industrial sabotage and terrorism.
The new group already has 19 members and came about as a result of feedback from other group members suggesting that this is an area of increasing interest to the automation industry.
Steve Brambley, deputy director of GAMBICA, explains more about the aims of the aims of the group. ““We had an exploratory meeting where it was determined that the industry is interested in spreading best practice among both vendors and their customer base.
“Defence-in-depth is what is needed; because there is no single solution to industrial network security – it is systematic. Industrial network system security is just part of the wider topic of security and needs to be integrated, not treated separately. There is no point in having an uncrackable password protection system if people write them on sticky notes and put them on their screens.”
Brambley went on to point out out that industrial networks are rarely managed in the same way as enterprise networks, and fall under different areas of responsibility in a business. Office applications are typically managed by an IT department using its approved security software, standards and codes of practice, while the industrial side tends to be looked after by an engineering department without necessarily involving the IT team.
For example, it is not uncommon for a PC controlling a manufacturing cell to be running a very old version of Windows, such as NT or XP without an Internet connection.
“At some point later in its life, the engineering department may decide it wants to connect some manufacturing cells to get production information out onto the IT network,” continued Brambley. “This can introduce vulnerability if the cells are managed by a PC with an old version of Windows that has not been updated. Industrial network systems need to be dealt with differently from IT networks in a business.
“Communications need to be continuous and without glitch for monitoring a fast process. This is different to an enterprise IT environment, where it does not matter if a PC takes a few seconds to update and the user cannot access a Word document during that time.”
Brambley concludes that security measures need to recognise the needs of the system and that the automation industry has a part to play as the experts in integrating their own systems into a wider security policy. They need a voice and a presence to tackle these issues and GAMBICA’s new group provides this.
Contact Details and Archive...
Most Viewed Articles...