(Click here to view article in digital edition)It was recently announced at November’s SPS IPC Drives exhibition that Siemens had become the first company to gain TÜV SÜD certification for the secure system integration of process automation and drive solutions in compliance with the international IEC 62443-2-4 standards (https://bit.ly/2Snhcz8). The announcement reminded me about the fantastic documentary Zero Days (2016) which focuses on Stuxnet, a piece of self-replicating computer malware thought to be developed by the U.S. and Israel – although never officially confirmed – that was unleashed to destroy a key part of an Iranian nuclear facility. A ‘zero-day’ is an undetected software vulnerability that allows hackers access to exploit and affect computer programs and data. In the case of Stuxnet, the zero-day exploit allowed hackers to target SCADA systems and the specific Siemens PLCs being used to control the centrifuges at the Iranian facility. However, the virus spread well beyond the Iranian facility and ultimately infected computers and industrial control systems worldwide.Since the discovery of Stuxnet in 2010, a number of standards and best practices have been published. These have led to the premise of a “defence-in-depth” prevention approach where multiple layers of security are recommended. The international IEC 62443 standard, which Siemens gained certification for, outlines an IT security concept based on this “defence-in-depth” approach. This entails the direct integration of device and system suppliers, system integrators and operators, making them an integral part of the overall solution. On this basis, companies are able to review potential weak spots in their control and management technology and develop effective protective measures.With the advent of Industry 4.0 and the ever-increasing numbers of connected devices, it is essential that companies have effective and in-depth cyber security. As Siemens highlights, simply relying on the security of certified products and systems is not enough – alongside a secure operator concept, secure system integration and solution implementation in conformity with IEC 62443 must form part of any truly secure solution.The applications that many system integrators are working on are probably not as high profile as an Iranian nuclear research facility, but nevertheless, cyber security should never be overlooked or undervalued in this increasingly connected world. So make sure your cyber security knowledge is up-to-date and try to see Zero Days as it offers a fascinating insight into one of the most significant, yet under-reported, recent events that continues to have far-reaching repercussions.For now though, enjoy the issue!
Print this page | E-mail this page
Discover the future of engineering today
Download a copy of our digital magazine