JUNE - 201919MANUFACTURINGTECHNOLOGYINSIGHTSAcross the Industrial Manufacturing sector, the average plant and equipment life span is around 20 years. To put that in context; 20 years ago, Windows 98 & Visual Basic 6.0 had just been released by Microsoft, Google had just hired their first employee and US Robotics started selling the first 56k modem. The Intel Pentium II 400MHz CPU was newly available at only $1124, XML became a W3C standard and the movie, Titanic became the highest-grossing film of all time. 20 years ago, the third industrial revolution was at full steam and when Windows XP was released in 2001, many plant and equipment manufacturers jumped to embed XP and a tremendous amount of PC technology in their products or run automation, inspection and SCADA systems. Now, in 2018, the implications of those decisions are becoming clear.Problem 1: Embedded Windows OS.Hindsight is a wonderful thing And it's hard to claim that these manufacturers should have predicted the future­but intrinsically combing computer technology with a lifecycle of two years and industrial technology with a lifecycle of 20 years was a poor architectural decision. The constant stream of security patching and OS updates combined with the need for virus and malware detection software installed throughout the environment mean that, best case the manufacturing environment is hard to manage and worst case, it's an unmaintained attack surface. Segregated networks, VPNs and industrial firewalls help until the inevitable USB stick or infected third party laptop connects to the environment - at which point you are in recovery mode. Problem 2: Enterprise Strength SoftwareThe introduction of user friendly operating systems, simple to learn programming languages and easily deployable databases opened new doors for equipment manufacturers. The SCADA, DCS and MES markets exploded with offerings from 100's of industrial device companies and while many were successful and served a purpose ­otherslacked consideration for cybersecurity basics such as protocol/packet level authentication, data encryption, buffer overflow checking and other secure coding methods. Even PLC's, historically "secure through obscurity", were suddenly under attack The IndustrialBy Matt Griffiths, CIO, Stanley Black & Decker IndustrialIoT Attack SurfaceCIO INSIGHTS
< Page 9 | Page 11 >