Manufacturing process control systems lack protection, says Norman

UK manufacturers are at a higher risk of malware...

UK manufacturers are at a higher risk of malware attack than other sectors because few manufacturing process control systems are protected, says security firm Norman Data Systems.

And manufacturers' unwillingness to publicise attacks is masking the size of the problem, it adds.

In 2005, car manufacturer Daimler Chrysler proved an exception to that rule and revealed that the Zotob worm had halted production at 13 US plants for almost an hour.

David Robinson, Norman UK country manager, said process control systems had traditionally been isolated and proprietary, but that was changing, with 42% of manufacturing systems having some form of external connection.

"Demand for real-time reporting and greater visibility has led to increased standardisation of technology frameworks and a greater number of connections to other IT systems internally and externally."

The problem, said Robinson, was that security within manufacturing companies' process control systems had not kept pace with these changes.

"These systems do not typically fall under the responsibility of company IT departments and consequently have little or no protection against malware threats, with operating system security patches not kept up to date."

Robinson said the US led the way in recognising the need to protect process control systems, but the UK's Centre for the Protection of National Infrastructure had published guidelines since it was formed last year.

The CPNI recommends a multi-layer approach to security rather than relying on any single supplier, security system, or malware detection technique.



Enjoy the benefits of CW+ membership, learn more and join.

Read more on IT risk management

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.