By Gregory Hale
When it comes to cyber security for manufacturers, there is no one single superstar that can solve all the problems. Rather, it is a concerted effort by a group of people from different areas working in unison that know their specific roles.
That seemed to be the overall consensus Wednesday at the “Cyber Security – Collaboration is the Key to Success” panel session at Invensys’ OpsManage’10 in Orlando, FL.
“We need to stop the enemy,” said Peter Kwaspen of Shell. “The experts need to be organized and they need to be team players. With a clear set of rules, we can be stronger.”
One of the rules Kwaspen talked about was the emerging security standard coming out of Europe from the WIB (The International Instrument Users’ Association). The document, put together over a two-year period, is the “Process Control Domain-Security Requirements for Vendors.”
“Everyone needs to understand their roles,” said Tyler Williams, president at security and certification provider Wurldtech.
Right now, Williams said, Stuxnet is in the news and it has caught the eyes and ears of manufacturers across the globe. But everyone should remember to keep their eye on the ball.
“We are all swarming around Stuxnet, but there are plenty of other problems out there,” Williams said.
Along those lines, Charles Ross of security software provider McAfee said there has been an 800 percent increase year over year in malware attacks. In 2010 alone, we had more attacks on record by the end of April than the year before.
Attacks focus on various systems, but the problem is how intricate systems have become.
“The complexity that has come into the industry over the past 20 years has been staggering,” said Tim Roxy of the North American Electric Reliability Corp. (NERC).
Everything has become more complicated; standards, organizations, sectors, Roxy said. “If you don’t start making the complex less complex (then there will be more problems),” he said. “You have to understand the path being followed.”
At the end of the day, though, everyone wants to walk along the same secure path.
For manufacturers to remain secure they have to collaborate with a diverse group of organizations, said Marty Edwards from DHS CSSP.
They have to work with the user community, government, sector groups, researchers, security technology groups and the vendor community.
“Each of these groups has a different set of goals,” Edwards said. “Above all trust is required across the entire collaborative community.”
From a supplier perspective, even though the major players compete against each other, they all should be able to work together toward important industry initiatives.
“We need to view requirements as a responsibility, not a competitive advantage,” said Ernie Rakaczky, program manager for control systems cyber security at Invensys.
By Gregory Hale