Increasing Security Risks
Siemens has been working for over a decade to improve the security of automation components. With the Stuxnet computer worm in 2010, the general public became aware of the threat to industrial plants from cyber attacks. Up until then, such attacks had involved data spying or corruption, but Stuxnet demonstrated how they could physically interrupt process automation.
Besides traditional industrial espionage, these attacks can also pose additional threats such as sabotage and extortion. Amateur hackers with little technical know-how can use ready-made malware to cause damage, and such vandalism can develop into other problems.
The areas and processes to be protected are as diverse as the possible methods of attack: "denial-of-service" attacks are used to overload web servers using SYN flooding or smurf attacks. Potential security gaps can be detected with security software, such as Metasploit. Pre-assigned default passwords from manufacturers make routers easy attack targets even for amateurs. False identities can be forged using MAC or IP spoofing. "Man-in-the-middle" attacks and viruses and trojans introduced with USB sticks make even your own employees a potential source of threat. Illegal web forums deal in undetected security gaps in common user programs in the form zero day exploits, often for considerable sums. And, finally, the previously mentioned Stuxnet worm has proven that cyber warfare by professional organizations (advanced persistent threat) is no longer just fiction.
A holistic approach
For a truly integrated industrial security approach, the company must always be examined as a whole and analyzed for possible vulnerabilities.
This poses significant challenges for system integrators, in particular. On the one hand, more and more customers are asking for a comprehensive security approach. On the other hand, the possible solutions are so diverse that it is almost impossible to manage their in-house development while running the actual day-to-day business. Siemens Industrial Security would be happy to assist you. Our know-how and unique product portfolio open up the full range of possibilities to you in this extremely up-and-coming market.