Are fieldbuses less secure than Industrial Ethernets? I think not (in a rare disagreement with Mike Miclot and Brian Oulton from Belden in the webinar “Industrial Security in the Real World: Practical Steps”). They said Industrial Ethernet is more secure. I think the potential security problem with fieldbuses is that they connect to controllers which connect to computer-based HMIs. And the controllers and HMI are where vulnerabilities exist. But if you think “I’m using a fieldbus so I don’t have to be concerned with security,” you’re missing the vulnerability!
That said, you should watch this webinar in its entirety. It does an excellent job of presenting the steps you can take to add security to an existing installation.
In our PROFINET one-day training classes I walk through five steps:
On a continuing basis: audit. Then follow the same procedure that the shampoo bottle instructions advocate: “lather, rinse, repeat.” New threats appear, new solutions become available.
My steps are not incompatible with those in the webinar, nor are they incompatible with the steps Eric Byres (with John Cusimano) outlines in “7 Steps to ICS and SCADA Security” accessible here. Different steps are outlined in Taking Simple Steps Toward Industrial Security.
The number of steps you need to take may vary, but you must start taking steps to secure your network. And note that this is not just about the technology of security; it’s about physical security and trained personnel, too.
Related past post: IT and Automation Synergies.
Self-serving aside: it was seven years ago today that the PROFIblog began with the aptly-titled post, “Let the Blogging Begin.” That was 413 posts ago! Not as many as I thought there would be – about a blog a week on average. Prolific times were interspersed with droughts. The droughts were more the result of lack of time as opposed to lack of topics. I’ve resolved to maintain a post a week going forward.