Security Breach Attacks On Industrial Computers
All too often, network or security administrators only often focus on the security of regular computers, servers, and networks because these often contain sensitive information. By contrast, industrial computers tend to be overlooked when it comes to security. They are often regarded as mere workhorses, running a few core functions, without much sensitive information to protect.
This neglect to outfit industrial computers with security features is a serious issue because embedded computers need to be readily available to work. If they are not secure and protected, they are not productive. Insufficiently protected industrial computers can be compromised by security breaches.
What Is a Security Breach?
Often enough, due to coverage in the popular press, security breaches are often just considered to be theft of sensitive data. In other words, they are often considered to be synonymous with data breaches. People tend to recall incidents like the Target Corporation’s data breach announced Dec. 19, 2013 where 40 million credit and debit cards and 70 million Target shoppers personal records were stolen. As a result of that data breach, the company suffered a 46% drop in profits compared to profits a year earlier during the fourth quarter of 2013,
However, a security breach is not the same thing as a data breach. It has to be understood in a broader context. According to Techopedia, “A security breach is any incident that results in unauthorized access of data, applications, services, networks and/or devices by bypassing their underlying security mechanisms. A security breach occurs when an individual or an application illegitimately enters a private, confidential or unauthorized logical IT perimeter.”
What all this basically means is that a security breach is much more than just a data breach. It is, in fact, any incident where an intruder slips past the existing security mechanisms in place. An industrial PC that is built to last must be able to prevent any intrusion. An intrusion by an application, a cracker or a hacker could range from a low risk violation to a highly critical one.
In essence, then, a security breach is a violation of a system, a procedure, or a security policy.
Who Would Attack an Industrial Computer?
In a sense network or security administrators are quite right in assuming that most hackers are after information that could be profitable like names and addresses, Medicare information and social security numbers, and credit and debit card information. They are after “the loot” so to speak. However, cyber criminals who attack industrial computers are a different breed altogether. They are actually much more sophisticated and sometimes may be on the payroll of governments or corporate rivals who are funding malware specifically intended to violate industrial controls – that is, malware that has been designed to destroy industrial machinery or interrupt an industrial process. If this sounds like sci-fi, conspiracy theory, or some other catch-phrase people often drum up to avoid looking at what is actually happening, you have only to consider what happened at the Iranian nuclear facility. A virus called Stuxnet traveled to the PLCs that controlled their centrifuges. This was so successful in its mission that it delayed the development of Iranian nuclear power development.
What Is The Threat?
There are numerous threats to any computer systems, with many of the threats to regular computers also affecting industrial computers. These threats include, viruses, worms, and Trojan horses; spyware and adware; zero-hour attacks; hacker attacks; and Denial of service attacks. These attacks can be prevented through the use of anti-virus and anti-spyware; firewalls to block unauthorized access to a company’s network; and intrusion prevention systems (IPS), to catch zero-hour attacks.
Irregular maintenance of industrial computers and neglected compliance with security policies can be expensive—it can cost an organization money when their computer goes down, a damaged reputation and even fines by government agencies.
Industrial computers, like any other computers, need a robust and comprehensive solution to minimize risks. Providing these types of solutions, as well as ensuring regular maintenance, will help any organization prevent a security breach.