Chemical processing march 2014

— worry about security. So, vendors are working on an ongoing basis to bolster security. For instance, Emerson’s Milavickas notes, “Ensuring security of data inputs is a constant challenge and we continually monitor and upgrade — doing everything we deem possible for the highest levels of security.” Security concerns likely ratcheted up recently because of a talk in January at Digital Bond’s 7th annual SCADA Security Scientific Symposium in Miami Beach, Fla. Alexander Bolshev of ERPScan, St. Petersburg, Russia, gave a presentation in which he demonstrated how HART has the same insecureby-design issues as other industrialcontrol-system protocols. He showed how access to the 4–20mA control loop could be used to attack the entire plant, including applications and protocols that appear to be unrelated to HART. “These findings are not new, but they are significant. None of the fieldbus/communications protocols were designed with security in mind and some are 20-odd-years old now,” says Eric Byres, CTO and VP engineering of Tofino Security, Lantzville, B.C. “Protocols such as HART and HART over IP are losing their ‘security by obscurity’ protection and are easy to hack — and once someone takes aim at them, the devices all are badly flawed. Once we were secure because we were obscure. Now we aren’t and as a result we are a lot more vulnerable,” he cautions. He urges vendors to ensure their products are ISA 100 certified. “Since Shamoon in the Middle East, the market there is demanding that vendors build the highest levels of security into their devices. These demands will come to North American and Europe, too.”