UK manufacturers are at a higher risk of
malware attack than other sectors because few manufacturing
process control systems are protected, says security firm
Norman Data Systems.
And manufacturers' unwillingness to publicise attacks is masking
the size of the problem, it adds.
In 2005, car manufacturer Daimler Chrysler proved an exception
to that rule and revealed that the
Zotob worm had halted production at 13 US plants for almost an
hour.
David Robinson, Norman UK country manager, said process control
systems had traditionally been isolated and proprietary, but that
was changing, with 42% of manufacturing systems having some form of
external connection.
"Demand for real-time reporting and greater visibility has led
to increased standardisation of technology frameworks and a greater
number of connections to other IT systems internally and
externally."
The problem, said Robinson, was that security within
manufacturing companies' process control systems had not kept pace
with these changes.
"These systems do not typically fall under the responsibility of
company IT departments and consequently have little or no
protection against malware threats, with operating system security
patches not kept up to date."
Robinson said the US led the way in recognising the need to
protect process control systems, but the UK's
Centre for the Protection of
National Infrastructure had published guidelines since it was
formed last year.
The CPNI recommends a multi-layer approach to security rather
than relying on any single supplier, security system, or malware
detection technique.