Manufacturers need to assess the risks before they install networked-based control systems in their manufacturing plants, PA Consulting said.
Control system suppliers offer discounts to manufacturers to encourage them to install control devices with telephone, wireless or internet links, which can be maintained remotely.
But this can be a false economy if it opens up a manufacturing plant to attacks from computer viruses or hackers, said Justin Lowe, principal consultant at PA Consulting.
"Manufacturers need to examine the risks, examine their systems, identify the potential source of an attack, find out the impact of an attack and discover how they are putting themselves at risk," Lowe said.
However, securing control systems is far from straightforward. Simply plugging firewalls or anti-virus software designed for IT systems into a control system is not an option - the risks are too great.
"There is one example of a security monitoring firm that did a network scan and crashed all the PCs in a production plant, causing millions of dollars of lost production. You need to be careful how these technologies are deployed," Lowe said.
Solving the problem requires process manufacturers to encourage plant engineers and IT staff to work together to develop security countermeasures.
"Many of the standard security technologies in IT can be used in control systems, but they need to be carefully monitored and designed. It is not just a case of putting in a standard IT solution," Lowe said.
A mixture of firewalls, virus protection, segregated networks and intrusion monitoring should protect process manufacturers from attack.
"You also need to train plant operators. Its not just a matter of throwing a firewall into a system," Lowe said.