I’ve spent the last two days at Digital Bond’s excellent S4 conference, listening to descriptions of dramatic industrial exploits and proposals for stopping them. A couple of years ago Stuxnet captured the imagination of people who foresee a world of interconnected infrastructure brought down by cybercriminals and hostile governments. S4 — which stands for SCADA Security Scientific Symposium — is where researchers convene to talk about exactly that sort of threat, in which malicious code makes its way into low-level industrial controls.
It is modern industry’s connectedness that presents the challenge: not only are industrial firms highly interconnected — allowing a worm to enter an engineer’s personal computer as an e-mail attachment and eventually find its way into a factory’s analytical layer, then into its industrial controls, bouncing around through print servers and USB drives — but they’re increasingly connected to the Internet as well.
Vendors counter that the perfect alignments of open doors that security researchers expose are extremely rare and require unusual skill and inside knowledge to exploit. And the most catastrophic visions — in which malicious code shuts down and severely damages a large city’s water system or an entire electrical grid — assume in many cases a level of interconnection that’s still theoretical.
In any case, industrial security appears to be advancing quickly. Security firms are able to make particularly effective use of anomaly detection and other machine-learning-based approaches to uncover malicious efforts, since industrial processes tend to be highly regular and information flows tightly prescribed. These approaches will continue to improve as the networks that feed information back to analytical layers become more sophisticated and computing power makes its way deeper into industrial systems.
The efforts of industrial security researchers seem to be paying off. In his keynote talk, Digital Bond founder Dale Peterson noted that the exposure of new vulnerabilities has slowed recently and wondered whether security might be subject to something of apredator-prey cycle, in which weak defenses in industrial controls attract hackers, which draws the attention of security researchers, who in turn drive away the hackers by closing vulnerabilities.
If that’s the case, then we’re looking at a gradual victory for the industrial Internet — as long as we don’t reach the last phase of the predator-prey cycle, in which security researchers, feeling they’ve vanquished their enemies, move on to a different challenge.
This is a post in our industrial Internet series, an ongoing exploration of big machines and big data. The series is produced as part of a collaboration between O’Reilly and GE.