Manufacturing process control systems lack protection, says Norman

News

Manufacturing process control systems lack protection, says Norman

Warwick Ashford

UK manufacturers are at a higher risk of malware attack than other sectors because few manufacturing process control systems are protected, says security firm Norman Data Systems.

And manufacturers' unwillingness to publicise attacks is masking the size of the problem, it adds.

In 2005, car manufacturer Daimler Chrysler proved an exception to that rule and revealed that the Zotob worm had halted production at 13 US plants for almost an hour.

David Robinson, Norman UK country manager, said process control systems had traditionally been isolated and proprietary, but that was changing, with 42% of manufacturing systems having some form of external connection.

"Demand for real-time reporting and greater visibility has led to increased standardisation of technology frameworks and a greater number of connections to other IT systems internally and externally."

The problem, said Robinson, was that security within manufacturing companies' process control systems had not kept pace with these changes.

"These systems do not typically fall under the responsibility of company IT departments and consequently have little or no protection against malware threats, with operating system security patches not kept up to date."

Robinson said the US led the way in recognising the need to protect process control systems, but the UK's Centre for the Protection of National Infrastructure had published guidelines since it was formed last year.

The CPNI recommends a multi-layer approach to security rather than relying on any single supplier, security system, or malware detection technique.





Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.
 

COMMENTS powered by Disqus  //  Commenting policy