The global site of the UK's leading magazine for automation, motion engineering and power transmission
28 March, 2024

LinkedIn
Twitter
Twitter link

Social media sites pose risks for control systems

07 February, 2014

Data in blogs, social networking sites and other online media could be used to mount cyber-attacks on the UK’s critical infrastructure, according to a new report from the design and engineering consultancy, Atkins.

The report, entitled Using open-source intelligence to improve ICS and Scada security, suggests that the online resources offer key information on vulnerabilities in company systems. It also found that many industrial Web sites and academic papers contain information which identifies staff, and that information on social media can be used to corroborate control systems data.

Known vulnerabilities and exploits against specific control systems can also be found online, along with the identification of third parties, such as contractors, who have detailed knowledge of company networks, and access to these networks.

“To illustrate the increased threat to industrial control systems, the assessment used freely-available tools to demonstrate the identification of networked control systems, their vulnerabilities – and the exploits that may be used to attack them,” explains Dr Richard Piggin, head of control systems security consulting at Atkins. “The research demonstrates the low level of technical knowledge that is required to successfully mount an attack against industrial control systems.”

The findings highlight the need to manage third parties, especially their access and activities while on site. “In the control system context,” Piggin says, “suitable access control – including role-based access to software and systems with activity logging – is recommended.”

The results of the Atkins research were revealed at a London seminar on cyber-security for control systems, organised by the Institution of Engineering and Technology (IET).

“It is essential that any connections between the Internet and industrial control systems are adequately protected,” says IET cyber-security expert, Hugh Boyes. “However, there continue to be real and growing threats to our interests in cyberspace.

“The availability of these open-source tools makes it easier to locate and attack or interfere with poorly-protected control systems,” he adds. “The IET is working with industry to raise awareness of the issue and to promote the development of suitably skilled cyber-security professionals."




Magazine
  • To view a digital copy of the latest issue of Drives & Controls, click here.

    To visit the digital library of past issues, click here

    To subscribe to the magazine, click here

     

Poll

"Do you think that robots create or destroy jobs?"

Newsletter
Newsletter

Events

Most Read Articles