Drives and Controls Magazine
Home
Menu
Gambica forms industrial security group
Published:  03 May, 2013

The UK automation trade body Gambica has formed a group to identify standards and best practice to help counter the threats of viruses, industrial sabotage and terrorism. The industrial network security group was set up as a result of feedback from Gambica members suggesting that this is an area of increasing interest to them.

“I put out a proposal to Gambica’s membership and within hours got messages back from about 15 member companies saying they were definitely interested in participating in such a group,” reveals the organisation’s deputy director, Steve Brambley. “We had an exploratory meeting where it was determined that the industry is interested in spreading best practice among both vendors and their customer base.” The group has 19 members already.

Brambley (above) points out that industrial networks are rarely managed in the same way as enterprise networks, and fall under different areas of responsibility. Office applications are typically managed by an IT department using its approved security software, standards and codes of practice, while the industrial side tends to be looked after by an engineering department.

It is not uncommon for a PC controlling a manufacturing cell to be running an old version of Windows, such as NT or XP, without an Internet connection.

“At some point, the engineering department may decide it wants to connect some manufacturing cells to get production information onto the IT network,” Brambley explains. “This can introduce vulnerability if the cells are managed by a PC with an old version of Windows that has not been updated.

“Defence-in-depth is what is needed,” he says. “Industrial network system security is just part of the wider topic of security and needs to be integrated, not treated separately. There is no point in having an uncrackable password protection system if people write them on sticky notes and put them on their screens.”