Device Level Cybersecurity at ARC Industry Forum Orlando

As part of our considerable coverage of cybersecurity at the ARC Industry Forum in Orlando this February, we will continue to discuss the importance of device level cybersecurity for manufacturing operations.  Unfortunately, today’s device-level networks and connected devices may have little in the way of protection from cyber-attack.  There is implicit trust of sensors and actuators that employ purely physical principles.  But most modern devices have some level of intelligence, which can make them potentially vulnerable to attack and compromise. Failures or inaccurate data at this level, in turn, can compromise the integrity of the entire control system

Live Demo and Panel Discussion on Monday

During our cybersecurity workshop sessions to be held on Monday, ARC will host a panel discussion and live demo on device level cybersecurity.  The live demo will be held in conjunction with the leading cybersecurity education and training organization SANS. The demo will use real-world plant equipment and will highlight various approaches to manipulating data within a PLC/PAC that can affect a process and impact safety, performance, and productivity.  With PLC/PACs at the core of many critical systems that also rely on Level 0/1 and higher-level cyber-physical devices, the integrity and trustworthiness of the data used for process logic is paramount.  You can learn more during this demonstration about cybersecurity risks and some practical methods to help protect control systems from fake I/O data. The demo will be followed by a panel discussion with experts in the field of digital devices. We’ll talk about some of the things you can do to make your devices more secure and what to expect as far as future trends, technologies, and standards.  

As the level of understanding of possible new risks increases, so must the response by the technical community including suppliers, integrators, asset owners, and standards development organizations. This response should include activities to raise the awareness of possible risks. Automation and security experts must continue to collaborate to validate threats to field-level devices and assess the potential risk, leading to a consensus about the most suitable response. This can include any combination of improved designs and common practices.