FLSmidth Automation / Solutions / Utilities / Security Information / Security Information

You are here:

FLSmidth Automation > Solutions > Utilities > Security Information

Security Information

Security is an increasingly important subject and its significance has entered control systems. In order to service our customers in the most beneficial way, we have studied the security risks and the measures that can be taken. The appropriate security methods vary from plant to plant, why we have compiled an introduction to the subject and the vulnerabilities.

Security Risks

Background
Most control systems are at present rather isolated from the outside world, including intranets and the Internet. This isolation has worked well and the number of reported security attacks is insignificant.
However, as the possibilities of control systems expand, so do the security risks. One of the most occurring subjects is the matter of connecting control systems to the Internet and the increasing spread of viruses.

Types of security risks
The different types of security risks can generally be described as follows:

Viruses
Hackers
Accidental
Disgruntled Employees
Nature Catastrophes

Viruses is the most influential of the above because of their ability to uncontrollably spread. Viruses only act with indirect intent, meaning that nobody actually has to specifically wish to infect your control system. On the contrary it simply might happen because of absent or insufficient security.

Known Viruses
1986     1 virus
1989     6 viruses
1990     80 viruses
1999    20.500 viruses
2001    50.000 viruses
2004    15 viruses discovered every day

Hackers are the second most significant security risk. As opposed to viruses, a hacker acts with intent, which is - until recently - not commonly seen on a control system. Recent studies at the British Columbia Institute of Technology shows that control systems are earning increasing interest from hackers, because the effect of a successful hacker attack on a control system can have widespread consequences.

Accidental security attacks include employees that harm a control system because of their recklessness. A common example of this, are operators installing computer games on control systems, which are very likely to render the control system overloaded or in some cases, completely crash the system.

Disgruntled Employees are people who, for some reason or another, intentionally try to damage the control system or a dependency thereof. This is often hidden and unspoken of, but nevertheless it is a security risk that must be accounted for.

Nature Catastrophes (fires, earthquakes, hurricanes and lightening etc) is out of our control, but we can work to prepare ourselves to suffer the least of the consequences possible. Thereby, natural catastrophes become an important matter in relation to the security subject. In the computer industry preparation for natural catastrophes has been around for years, but there will always be room for improvements.

Today's Security Requirements

Most control systems have previously been isolated from the outside world, since there was no reason for connecting them to other networks. Many modern plants now require the process network to be connected to the Intranet or Internet. The requirement for information sharing increases with the introduction of MES (Manufacturing Execution Systems) and MIS (Management Information Systems).

Solutions offered by F.L.Smidth Automation

Firewalls
If you are connecting the process network to your Intranet, the Internet or other networks, it is highly recommended to employ a firewall solution, which can deliver the required security against different virus and hacker attacks. A firewall has the capability to protect you against most security risks related to networking. This does however depend on the employed software.

F.L.Smidth Automation has researched the firewall solutions available on the market and we have compiled a firewall concept, which can be deployed for most uses. Please contact F.L.Smidth Automation for more information on how we can help to protect you against security risks.