Physical and industrial control systems are now all around us, in the form of smart grid electrical meters, traffic light control systems and even basic proximity door access control panels. These basic computer systems can hold a vast array of sensitive data, with fully connected network access, central processing units and execution layers. Many however lack the basic security management expected of such powerful systems. Many 'don't get a quarter of the security governance an average corporate server' gets according to Greg Jones, of Digital Assurance.
Characteristics and Rise In Use
Micro computers with closed control systems have been in use for a number of years in industrial environments, where they are used to collect processing data or execute measurement or timing instructions. Their popularity in mainstream use has increased, with the likes of TV set-top top boxes and games consoles following a similar design. These more commercially focused devices however, often have stronger security due to their makers wanting to protect revenue streams, say Jones.
Lack of Security Management
Many of the control type systems in use, aren't manufactured or managed with security in mind. Performance, durability and throughput are often of greater importance, with basic security controls such as secure storage, administrative lockdown and network connectivity all potential hotspots.
The main security focus of many smaller control devices, is around physical protection. Devices such as traffic light systems or metering boxes, are generally well equipped to stave off vandalism and physical breaches, but much less so from a logical and access control perspective.
Data is often stored unencrypted, with limited validation being performed on any data collection and input channels. This can open up issues with regards to data integrity, especially in the field of electrical meter reading. This will certainly become of greater significance, as it is forecast that by 2020, 80% of European electricity supplier customers, will be using a smart-style.
By Simon Moffatt