Automation Portals

Security Portal

Articles

		Pipeline Security: New Technology For Today’s Demanding Environment - 05/21/12 Pipeline & Gas Journal, May 2012 By Adrian Fielding, Honeywell New sensing solutions provide greater visibility into the pipeline network and buy operators additional time before an event occurs, allowing for repairs, evacuations or a security response to reduce potential damage or losses.

		Cyber security: Common sense security for industrial engineers - 05/20/12 Control Engineering, May 2012 By Dan Schaffer and Dan Fenton, Phoenix Contact Even the best industrial security products cannot prevent all unwanted traffic and malicious attacks to control systems. Control engineers can reduce cyber incident risk by consistently investing time and effort in security measures.

		Securing Personnel Remains Critical - 05/13/12 Automation World, May 2012 By Terry Costlow No matter how sophisticated technology gets, security will always have a human element. The operators of the equipment monitored by the most advanced hardware and software still play an important role in the success or failure of the protective scheme.

		Network Security Matures - 05/13/12 Automation World, May 2012 By Terry Costlow From oil platforms to auto parts manufacturing, the how-to of industrial network protection is improving in this post-Stuxnet world. Given the high cost of downtime, the motivation is to minimize any shutdowns associated with networks and electronics.

		About That Safety and Security Stuff - 05/12/12 Control, May 2012 By Walt Boyes A plant that can be easily penetrated by an evil-doer, or a plant that can easily have a cyber-induced accident is not a safe plant. Yet many companies in the process industries are taking a jaundice-eyed approach to security and cybersecurity.


		The imaginary hacker - 04/26/12 Hydrocarbon Processing, April 2012 By Goble, W., exida No matter how many blogs, magazine articles and white papers are written, a real credible threat to a refinery or petrochemical facility from some vague person or organization seems “imaginary” to those controlling plant budgets.

		Remaining vigilant to cyber attack - 04/07/12 Control Engineering Europe, March 2012 By Dr. Peter Fröhlich, Belden The newest malware is called Duqu, which installs a backdoor on the infected computer that can be used to load and execute other programs on the system. Duqu is more of a spy than a saboteur.

		Network Security To-Do List - 03/12/12 Industrial Networking, February 2012 By Symnantec Minimize existing threats and keep ahead of new ones with this list of basic tasks.

		Security - 03/12/12 Industrial Networking, February 2012 By Jim Montague Network security begins with password control and firewall maintenance, but it requires layers of chores and vigilance to prevent unauthorized access.

		How Hackers Could Target Power Plants - 03/12/12 NPR, March 2012 By Steve Henn Independent hackers and cyber security researchers have demonstrated the ability to take control of the basic machinery that is built into many power plants and water treatment facilities.

		Securing the benefits of integrated networks - 02/15/12 What’s New in Process Technology, February 2012 By Gordon Bartlett, Rockwell Automation The level of security an individual process may require is dependent on the perceived damage a security breach may cause. Deciding what course of action should be taken in the event of a security breach will also need to be considered.

		Cyber Espionage comes to SCADA Security - 02/06/12 Automation.com, February 2012 By Eric Byres, Tofino Security Today’s attacks show a different focus – attempts to steal valuable information that can be used to make a counterfeit product, out-bid a rival, or coordinate a short selling campaign against a company’s stock.

		Industrial Security Trends & Best Practices - 02/04/12 Automation.com, February 2012 By Paul Didier, Cisco In production environments, typically the order of priority is Availability, Integrity and then Confidentiality. This is opposite of the priority in IT, where it's Confidentiality, Integrity and last is Availability. That makes a big difference in the way security is approached.

		Is Stuxnet Dead? - 02/04/12 Flow Control, January 2012 By Amy W. Richardson 40 percent of critical infrastructures that did a security audit found Stuxnet in their systems. Experts say Stuxnet is no longer itself a threat as much as the legacy it has left behind — a roadmap for cyber war.

		Uninterruptible power supplies and cybersecurity - 02/04/12 InTech, February 2012 By Michael A. Stout Every network connected device in a data or SCADA network is a potential backdoor—even a UPS connected to the company’s Ethernet network for remote monitoring and management could be compromised by a hacker.

		Using ANSI/ISA-99 standards to improve control system security - 01/29/12 Industrial Ethernet Book, February 2012 By Eric Byres, Tofino Security Product ANSI/ISA-99 Standards provide a framework for companies to achieve and maintain security improvements through a life cycle that integrates design, implementation, monitoring and continuous improvement.

		Security for automation systems using risk analysis techniques - 01/29/12 Industrial Ethernet Book, February 2012 By Franz Köbinger To make a sound decision about which security measures will be implemented, it is first necessary to analyse those existing risks that cannot be tolerated. It is then necessary to derive protection targets, and from these, the concrete measures that can and should be implemented.

		Remote maintenance through networked security appliances - 01/29/12 Industrial Ethernet Book, February 2012 By Ingo Hilgenkamp, Phoenix Contact To save time and money, operating companies therefore frequently link their applications to the service network of the manufacturer via the web. But you may need a security appliance to protect yourself.

		The Role of Utilities in Securing a Smart Grid - 01/22/12 Electric Light & Power, January 2012 by Sambit Bisoi and Ashiss K. Dash, Infosys Security concerns include hacking, data stealing, privacy breaches, meter fraud and compromise of physical security. Utilities must streamline their processes, distribute responsibilities and increase resilience to such incidents.

		Major Automation & Control Trends in 2012 - 01/16/12 Automation.com, January 2012 By Bill Lydon, Editor Here are my thoughts on major automation and control trends in 2012. These opinions are based on a wide range of inputs from users, suppliers and industry consultants, and from attending numerous industry forums, conferences and trade shows every year.

		Security at the device level - 01/15/12 Plant Engineering, January 2012 By Matt Luallen Individual field devices may be the target of cyber attacks. Getting that deep is a challenge, but attackers have done it.

		Taking Control Of Open Process Control Networks - 01/15/12 Industrial Automation Asia, December 2011 By Chris Lyden, PAS As vendors have now moved to open platforms, plants face new challenges maintaining the reliability of automation systems which arise from the management of an IT infrastructure that simply did not exist with traditional proprietary automation systems.

		Down Goes the Network - 01/15/12 Control Design, January 2012 By Jeremy Pollard It's no secret that a system integrator or automation pro has to keep pace with technology developments such as Ethernet and other networks. But how about Cisco IOS or configuring a router and an access control list?

		Protecting the Network, Enclosing the Cloud - 01/11/12 Control, January 2012 By Jim Montague How can you protect an industrial network or the cloud from any harm? Follow these tips.

		Balancing Security, Compliance and Operational Management - 01/11/12 Automation World, December 2011 By Gary Mintchell Disappearing air gaps and growing network connectivity increase the burden of managing security, compliance and operations, according to Industrial Defender’s global survey of critical infrastructure operators regarding cyber security.

		Security in the Spotlight in 2012? - 12/28/11 Automation World, December 2011 By Grant Gerke It seems like 2012 could be a bad year for manufacturers and utilities if security investments were not made in 2011.

		Measuring Wi-Fi attack threats - 12/18/11 Industrial Ethernet Book, November 2011 By Wenye Wang Researchers from NC State University say that they can determine how a Wi-Fi network would be disrupted by various attack vectors. The information gained enables more secure security systems to be designed, so it is likely to be a valuable tool for developing new security technologies.

		IP security and EN50155 series benefit Ethernet network safety - 12/18/11 Industrial Ethernet Book, November 2011 By Lantech This article looks at how hardware and technology developers are making great strides towards providing a solution to protect networks from all threats and vulnerabilities that exist today.

		The changing network security threat demands layered defence - 12/18/11 Industrial Ethernet Book, November 2011 By John Browett, CPLA The recent issues with the clever Stuxnet malware have given us all a wakeup call, and we need now to take a fresh look at how security is managed within industrial networks.

		Cyber Warfare and the Control Systems Community - 12/18/11 Control, December 2011 By Robert M. Lee, USAF What must the control systems community do to adapt to the threat of cyber warfare? The community must get back to the basics of security, take part in creating better regulations, and band together to face the threat as a community instead of as individuals.

		Behind wireless technology and industrial automation systems - 12/18/11 Process & Control Engineering, December 2011 By Ray Rogowski Due in part to security concerns, the adoption of wireless networks has been gradual. The threat of cyber attacks, coupled with open enterprise wireless architectures, have had the biggest impact on electronic security fears.

		SCADA virtualisation – delivering real benefits? - 12/18/11 Control Engineering Europe, December 2011 By Tony Chapman, Siemens Virtualisation for SCADA systems brings many benefits such as time and cost savings, greater levels of security and operational efficiency advantages

		Conservation of Merging Technologies - 12/17/11 Automated Buildings, December 2011 By Clark Northcott, Schneider Electric Both access control and video surveillance have completely embraced IP Technology. With this embrace, manufacturers are able to share information across platforms. The fluidity of this information is how the modern building will move to the future.

		Cyber Security for Industrial Control Systems - 12/17/11 Power Engineering, November 2011 By Steve Cunningham, Rkneal Engineering Risks exist in adopting Internet technology without vigilant attention to security. With proper preparation, risks can be mitigated. A security policy, careful design of the network architecture, exception tracking and the development of an incident response team are needed.

		A New HMI Software Product. Why? - 11/28/11 Automation.com, November 2011 By Bill Lydon, Editor I was recently introduced to a new HMI software offering, Tatsoft FactoryStudio. My first reaction was - Why does the industry need another HMI software product? I interviewed Tatsoft CEO and founder, Marcos Taccolini to learn more.

		Securing software for the smart grid: Analyze early and often - 11/18/11 Embedded Computing Design, November 2011 With the proliferation of the smart grid, companies in the energy and utilities sectors will need strict cyber security measures enacted for software-based systems.

		Must Industry Choose Between Security or Efficiency? - 11/14/11 Automation.com, November 2011 By Eric Byres, Byres Security Inc. On one hand, industry is becoming increasingly concerned about just how vulnerable control systems have become to outside attacks. At the same time, new tools and applications that improve efficiency, but increase that exposure, are appearing daily. So must we sacrifice these gains in efficiency if we want to be secure?

		Changing the way we think about Security - 11/10/11 Automation.com, November 2011 By Rick Kaun, Honeywell Process Solutions Security is thought of as physical protection against intrusion or the detection of hackers when, in fact, little thought is given to the security threats that exist inside the fences of any given facility.

		Stuxnet Raises 'Blowback' Risk In Cyberwar - 11/02/11 National Public Radio By Tom Gjelten The challenge of managing a Stuxnet-like attack is compounded by the possibility that the U.S. government itself had a role in creating the cyberweapon. Concerns now are about the "blowback" risk to the U.S. homeland from the development of this potent cyberweapon.

		Sunny Side Security - 10/21/11 Control, October 2011 By Jim Montague It's just a matter of adding new security tweaks as needed, much like an immune system that evolves to counter biological viruses and threats.

		Protecting ICSs from Electronic Threats, Part 3 - 10/21/11 Control, October 2011 By Joe Weiss IT security certification exams don't address ICS issues, and professional engineering exams don't address cybersecurity.

		First Aid for Process Security - 10/21/11 Control, October 2011 By Jim Montague Viruses and cyber attacks are looming. Help from governments and standards is lacking. Some engineers and managers are fighting back to protect their applications and companies. Here's how they do it.

		New defences after Stuxnet - 10/21/11 Automation, September 2011 By Chris Evans, Mitsubishi Electric It is generally accepted ‘gateway PCs’ found in many automation architectures, represent weak points and are vulnerable to potential malware attacks from ‘the outside’ and also from CDs and USB sticks.

		Control system integration: Security and efficiency key considerations for plant operations - 10/15/11 Plant Services, October 2011 An integrated system can change the way a company operates and make it more efficient. But with a shift toward dispersed operations with centralized control, the need has evolved for companies to more tightly intertwine control systems with safety, security, fire, manufacturing execution systems and more.

		Securing the smart grid - 10/15/11 Power-Technology.com, October 2011 By Chris Lo Smart grids hold the potential to revolutionise power distribution, but going digital opens the grid up to new risks. Article explores the new connected frontier of energy infrastructure to discover the threat posed by hacking and other cyber attacks.

		Cyber Security Threats - Actions to Take - 09/26/11 Automation.com, September 2011 By Bill Lydon, Editor In Part 2 of my interview with Eric Byres, leading industrial automation cyber security expert, he expands on the challenges and solutions for industrial cyber security, and includes recommendations for actions to take to protect your company and assets.

		A fresh approach to data management and transfer - 09/08/11 Control Engineering Europe, August 2011 By Chris Evans, Mitsubishi Electric Stuxnet has given us a wakeup call. A fresh approach is required as to how data is transferred and managed within all industrial control systems.

		Cyber Security Threats: Expert Interview with Eric Byres, Part 1 - 08/28/11 Automation.com, August 2011 By Bill Lydon, Editor Cyber Security is a hot topic that has become more intense since the notoriety of the Stuxnet virus. I interviewed Eric Byres, one of world’s leading industrial automation cyber security experts, to gain a greater understanding of the challenges and solutions for industrial cyber security.

		Executive Interview - Norm Gilsdorf of Honeywell Process Solutions - 08/28/11 Automation.com, August 2011 By Bill Lydon, Editor Norm Gilsdorf of Honeywell Process Solutions sits down with our editor, Bill Lydon, to discuss their organizational changes, asset management, PLC competition, wireless, skill crisis, energy and sustainability.

		Is the Cloud Safe Enough? - 08/18/11 Control Design, August 2011 By Jeremy Pollard The Cloud is not a safe place. but is it really any different than any other client/server type arrangement?

		Really, Really, Really Cyber Secure - 08/18/11 Control, August 2011 By Walt Boyes It is now clear that machine-level, embedded controllers, such as PLCs, PACs and DCS controllers are vulnerable from both inside and outside the plant.

		Protecting ICSs from Electronic Threats, II - 08/18/11 Control, August 2011 By Joe WEISS, Applied Control ICS security is a lifecycle process that begins with conceptual design of a system and continues through to its retirement.

		SCADA Security's Air Gap Fairy Tale - 08/17/11 Automation.com, August 2011 By Eric Byres This tale doesn’t have princes or frogs in it, but instead it deals with SCADA and industrial control system security. It is the myth of the "air gap" between control systems and the rest of the world. Believing in it leads to a false sense of complacency by both end users and vendors, making it a very dangerous fairy tale indeed.

		Cyber Security Alert - 08/13/11 Control Engineering Asia, July 2011 By G Venkatesh With the huge publicity given to last year’s sophisticated virus attack on an Iranian nuclear power station, industrial cyber security is rapidly shifting from the sidelines to center stage. Registration required to read story.

		This is war and your SCADA is the target - 08/13/11 South Africa Instrumentation & Control, August 2011 Stuxnet has irrevocably changed the future of automation practitioners, SIs and end users. If you use a SCADA system, any SCADA system, you are almost certainly just as vulnerable to determined attacks by suitably motivated groups.

		Redundancy in EtherNet/IP systems - 08/07/11 InTech, August 2011 By Alain Grenier Article explores the balance between the cost of ensuring systems redundancy in an EtherNet/IP network and the cost of failure within a system and inevitably lost production.

		More on Cloud Computing: What Does It Really Do? - 07/22/11 Control Design, July 2011 By Jeremy Pollard Partly cloudy: what's the real difference between this cloud data aggregation solution vs. a local server, local runtimes, with secure remote access?

		Effective OPC security for control systems - Part 2 - 07/22/11 What’s New in Process Technology, July 2011 By Darek Kominek, Matrikon Any OPC server or product has the option to implement one of three levels of security: disabled, DCOM or OPC security. Each level offers more security and control over who has access to data within the OPC architecture.

		Giving your plant a cyber health checkup - 07/22/11 Control Engineering, July 2011 By Jason Urso and Kevin Staggs, Honeywell Creating a strong cyber security health regimen so you can defend against threats, external and internal.

		Architecture for Secure SCADA and Distributed Control System Networks - 06/28/11 Industrial Automation Asia, June 2011 By CK Lam, Juniper Networks It is important to realise the distinction between safety and security. While machines are built with several fail-safes to ensure safety, these fail-safes are designed against circumstances that have realistic probabilities. A cyber attack can skew the probabilities severely or mislead the operator into taking inappropriate actions by presenting false information.

		Roadway Barriers Go Electric - 06/28/11 Design News, June 2011 By Charles J. Murray Roadway barriers, the last line of defense for hundreds of military installations and utility plants, are undergoing a transformation. Once powered exclusively by hydraulics, the giant barriers are now moving to simpler, greener electric actuators.

		RFID for More Foolproof Access - 06/27/11 Control Design, June 2011 By Aaron Hand RFID technology makes users more accountable with their own access keys or tags, significantly reducing the likelihood that machine access control will be passed around.

		Stuxnet and the Paradigm Shift in Cyber Warfare - 06/27/11 Control, June 2011 By Robert M. Lee A brief history of the Stuxnet worm including its targets, the initial findings, possible creators of the worm and its effects.

		Protecting ICSs from Electronic Threats, Part 1 - 06/27/11 Control, June 2011 By Joe Weiss, CISM Applied Control Solutions From a cybersecurity perspective, industrial control systems (ICSs) are very brittle and attacking them isn't rocket science. On the other hand, it can be rocket science to protect them and maintain their missions at the same time.

		Physical Security 101: Evolving ‘defense in depth’ - 06/12/11 InTech, June 2011 By Scott Hillman What good is cybersecurity if the bad guys can walk through the front door? A site vulnerability assessment determines possible holes in a plant’s overall security system and prioritizes improvement opportunities.

		SCADA and Control System Security: New Standards Protecting Old Technology - 06/01/11 Automation.com, May 2011 By Scott Howard Industrial control systems were designed and built with a primary focus on performance, availability and reliability - not security. A new generation of standards-based security offerings lets operators defend their control system networks using the same technology that protects telecommunications, banking, and other critical IT infrastructure.

		Fears of security deterioration in Yemeni oil regions - 05/27/11 Oil & Gas Engineer, May 2011 The security situation for oil companies in Yemen is getting increasingly precarious and complicated, as the defection of senior generals with many of their troops is leaving the countryside and key oil areas exposed.

		European Process Industry Debates Security Objectives - 05/27/11 Automation World, May 2011 By Thomas Menze and David Humphrey In the European process industries, hackers or other intruders have yet to breach security—no attacks by viruses, worms, or Trojans have been recorded. Nevertheless, protection scenarios are necessary because attacks have already been seen in other parts of the world.

		Certified Security: It’s Coming - 05/27/11 Automation World, May 2011 By Dave Gehman Industrial controllers, devices and networks that are certified secure—comprehensively secure—don’t exist, for the simple reason that the standards are not all in place. But bits and pieces of the puzzle are coming together.

		Network Security Requires Multi Layer Defense - 05/27/11 Automation World, May 2011 By James R. Koelsch A rash of recently published vulnerabilities and exploits prove that the conventional methods of blocking them are not enough. Here’s how to exploit the stability of automated processes to secure control networks.

		Securing The U.S. Power Grid From Cyber Attack - 05/27/11 Automation World, May 2011 By Gary Mintchell The North American Electric Reliability Council oversees the reliability and security of the U.S. electric power grid. Some think its NERC/CIP standards do not go far enough to protect control systems at power generating plants.

		Why Stuxnet has changed the security landscape - 05/14/11 Control Engineering Europe, May 2011 By Chris Evans, Mitsubishi UK What has changed our perception of business security and the way we deal with a malicious attack has been the experience gained from the Stuxnet malware incident--because the target of this attack was the automation system components, the point of entry was not the business level but the MES Level.

		From the Field - ABB Automation and Power World 2011 - 05/11/11 Automation.com, May 2011 By Bill Lydon, Editor Here are a few highlights from ABB Automation & Power World 2011. The event attracted a record number of participants, totaling more than 4,200, and featured over 400 educational workshops and hands-on training sessions, over 45 customer-presented case studies, and an exhibition of ABB and partner products.

		Do Firms Expect Too Much Cyber Threat Data? - 04/17/11 Control, April 2011 By Michael Peters A recent U.S. General Accounting Office (GAO) report reveals that a key expectation from industry is for actionable cyber-threat information from the federal government. But the dissemination of this tactical level of information has not been completely met.

		Industry Gets Cyber-Security Reality Check - 04/09/11 Chemical Processing, April 2011 By Seán Ottewell The emergence of the Stuxnet worm, which apparently targeted Siemens control systems at an Iranian nuclear-enrichment facility, certainly exposed serious knowledge gaps in how cyber security is implemented and maintained by process companies. Registration required to read story.

		Network security in the Automation world - 04/09/11 InTech, April 2011 By Dan Schaffer The need for cybersecurity to protect industrial networks is real and growing. While today’s control systems are increasingly complicated, protecting them from a cyber threat does not need to be.

		Defense in depth: It’s more than just the technology - 04/09/11 InTech, April 2011 By Jason Urso There are three keys to a successful cybersecurity program for any industrial manufacturing plant: people, process, and technology. We tend to rely on technology to keep us safe, but the other two aspects are just as important.

		Skid Integration Problems Solved by PLCopen Standards - 03/29/11 Automation.com, March 2011 By PLCopen North America The use of skid mounted equipment has become popular for a number of reasons but they pose some unique automation and control challenges that can be solved by using IEC 61131-3 and PLCopen standards.

		Hyper-Secured PLC…and other curious combinations - 03/24/11 Control Engineering, March 2011 To make life easier for automation engineers, and less costly for OEMs and end-user companies to build control systems, clever companies are converging previously separate products.

		How to Prepare for a NERC CIP Audit (and Protect Yourself!) - 03/24/11 Control, March 2011 By Phil Marasco and Jay Abshier, CISSP Until you have actually been through a Critical Infrastructure Protection (CIP) audit at least once, there will likely be some uncertainty regarding how you should prepare. However, with some planning and focus, the process should not be as daunting as some would have you believe.

		Ethernet Infrastructure - Is IPv6 another Y2K? - 03/15/11 Automation.com, March 2011 ODVA is taking IPv6 seriously because it could have major implications for existing EtherNet/IP installations and product developers. This is not unique to EtherNet/IP, the change has an impact on all Ethernet devices and infrastructure including business, industrial, home, and mobile communications.

		Demanding Software Security Assurance - 02/17/11 Control, February 2011 By John Cusimano, exida Security Services Owners/operators are ultimately responsible for the safety and security of their facilities, but that responsibility needs to be shared with their automation equipment suppliers. These suppliers have a responsibility to ensure that their products are safe, secure and reliable.

		Cyber Threat to Control Systems - 02/17/11 Control, February 2011 By Michael Peters Reliance on tactical threat information is a false interpretation of the environment and is a major impediment to securing our critical infrastructures from attack.

		Cyber-Security - 02/14/11 Automated Buildings, February 2011 By Nino Kurtalj, Elma Kurtalj For the last ten years the whole industry has been talking about IP, Web, interoperability and open systems. Security however, has been mostly left behind, somewhere in the pre-internet age.

		Do Not Slip Up On Security - 02/11/11 Industrial Networking, February 2011 By Jim Montague Industrial network security demands attention and focus because some intrusions might occur, but ongoing and evolving deterrence and mitigation can prevent most break-ins and limit those that do happen.

		Network Security - 02/11/11 Industrial Networking, February 2011 By Jim Montague if I were a plant manager, I think my first impulse would be to cut all ties with Ethernet-based networking and the Internet. Business-level reporting and remote troubleshooting be damned.

		Important Operating System Characteristics for Safe and Secure Applications - 02/11/11 Design News, February 2011 By Joe Wlad, Wind River When computing platforms are used in applications where safety or security is paramount, special requirements may need to be addressed.

		Revealing network threats, fears - 02/07/11 InTech, February 2011 By Eric Byres Data shows security problems arise from three common sources: proliferation of “soft” targets, multiple points of entry, and poor network segmentation. Here’s how to use ANSI/ISA-99 standards to improve control system security.

		Major Automation & Control Trends 2011 - 01/25/11 Automation.com, January 2011 I am taking a risk at the beginning of the year to provide my thoughts on automation and control industry trends. I invite readers to contact me and share any other trends or expand on the trends listed. Trends include industrial Ethernet proliferation, leveraging information, remote monitoring, virtualization, mobile device usage, energy conservation and wireless implementations.

		Pharmaceutical Automation Roundtable (PAR) - 5 Part Article Series - 01/25/11 Automation.com, January 2011 This 5 part article series is based on the recent Pharmaceutical Automation Roundtable (PAR). Automation professionals from leading life sciences companies gathered together to discuss MES, visualization, software development, system life-cycle planning, executive governance, electronic testing, wireless and more.

		Data Center Security Design - 01/16/11 Building Operating Management, January 2011 By Maryellen Lo Bosco The risks of a fire or security breach should be of constant concern to facility managers responsible for data centers.

		How to Hijack a Controller - 01/16/11 Control, January 2011 By Ralph Langner Even though Stuxnet as such is not a generic attack on control systems, several parts of the attack are generic, and these parts are easy to copy. With these generic attack techniques, an attacker may not only implement a similar targeted and surgical strike, but may choose to create widespread, random havoc, using any vendor's controller.

		Security Appliances Can Be Your Best Option - 01/16/11 Control, January 2011 By Dan Hebert The path to a more secure system can take two main routes. You can upgrade network devices to newer versions that possess the needed security features. Or you can keep existing devices and add security appliances throughout the network.

		Pharmaceutical Automation Roundtable (PAR) - Part 2 - Virtualization & Software Configuration Management - 01/11/11 Automation.com, January 2011 This is the second article in a series that are the result of the annual Pharmaceutical Automation Roundtable (PAR). A PAR member started the discussion by relating their experience deploying Virtual Machine (VM) technology. Then the discussion turned to Software Development Environment & Configuration Management.

		How the U.S. Grid’s Unpredictability Increases Its Security - 12/20/10 Power, December 2010 By Sonal Patel A study funded by the National Science Foundation, shows that the electric grid is probably more secure than many people realize—because it is so unpredictable. “It takes an incredible amount of information,” the study says, “to really figure out how to make the grid fail.”

		The Do All and Be All of SCADA - 12/18/10 Industrial Networking, December 2010 By N. Lewis Bodden Security is a big concern with open systems. Physical security should be paramount. The cost of a separate network could be nothing compared with the damage from a malicious attack.

		Stuxnet: Cybersecurity Trojan horse - 12/14/10 InTech, December 2010 By Joe Weiss Much has been written about Stuxnet from many different sources and perspectives. However, there are still many misconceptions and lessons to be learned. The purpose of this article is to provide observations and recommendations for industrial control system (ICS) cybersecurity practitioners and standards organizations to consider.

		Control Systems, HMI Change Management, Security - 12/12/10 Control Engineering, November 2010 By Krzysztof Pietrusewicz and Mariusz Postol Change management and security concerns have increased as human-machine interfaces have become more open and expose process data and metadata. Security precautions need to provide selective availability to control functions. OPC can help.

		You Get the Security You're Willing to Pay For - 12/12/10 Control, December 2010 By Walt Boyes You have to be firm with your vendors and with your integrators, and insist on secure implementation of secure-by-design systems and devices. No caving when they tell you that will cost lots extra—or you'll get what you are willing to pay for.

		How Can the NERC CIP Standards Be Improved? - 12/12/10 Control, December 2010 By Jay Abshier, Sentigy and Phil Marasco, Ison Many people familiar with the North American Electric Reliability Corporation (NERC) and its Critical Infrastructure Protection (CIP) standards say the standards are flawed. The requirements in the CIP standards are pretty good, but they do not address common methods of attacking a protected network.

		Cloud Computing Proves Essential for Engineering Automation Teams - 12/07/10 Automation.com, December 2010 Power plant management represents one of the most demanding applications for engineering automation software. Equipment from different manufacturers must be coordinated, simultaneously using several protocols. Many facilities require the use of up to a million tags, refreshed at sub-second intervals.

		Invensys OpsManage 2010: Enterprise Control System - the journey continues... Automation.com, November 2010 At Invensys OpsManage 2010, IOM expanded on their Enterprise Control System (ECS). Steve Blair defined enterprise control as understanding and manipulating the real business drivers to optimize operations from plant floor through enterprise.

		The Secure Connection - 11/24/10 Transmission and Distribution World, November 2010 By John Wesley Stewart, Tennessee Valley Authority The Lemnos project supports the U.S. government's “Roadmap to Secure Control Systems in the Energy Sector.” Lemnos project partners include EnerNex, TVA, Sandia Labs and SEL.

		Emerson Exchange 2010 - Conquering Complexity - 11/23/10 Automation.com, November 2010 The 2010 Emerson Global Users Exchange in San Antonio, Texas was a successful event, hosting more than 2300 attendees, representing 47 different countries. Bill Lydon reviews a few of the event highlights including keynote addresses, Human Centered Design, Asset management enhancements, DeltaV product roadmap, and control over wireless.

		Machine Vision Puts Bold Face On Growing Biometrics Industry - 11/15/10 Machine Vision On-Line, November 2010 By Winn Hardin One of the most active areas of development for security imaging systems is video analytics, or the ability to screen images for security dangers by making automated measurements, often by combining imaging with non-imaging sensors.

		Using an IEC 61508-certified RTOS kernel for safety-critical systems - 11/15/10 Industrial Embedded Systems, November 2010 By Chris Hobbs, QNX Software Systems Designing Safety into industrial systems requires starting at the basic level of an operating system kernel that addresses the appropriate safety needs. Here are the key points of IEC 61508 and how a kernel can assist with system compliance.

		Can security certification control cyber risk? - 11/15/10 Industrial Embedded Systems, November 2010 By Jens Wiegand, Wind River Industrial devices comply with many standards, but Security certification is a relatively new area that is quickly rising in importance as devices are increasingly connected.

		Industrial data now in the Cloud - 11/01/10 Automation.com, October 2010 By Bill Lydon Software Toolbox is now providing a cloud-based repository for industrial plant data which can be accessed with web-based clients. Industrial applications using cloud computing are starting to emerge. The IT world has been using cloud computing to lower ongoing support costs and provide greater flexibility.

		Defending Against the Next Stuxnet - 10/26/10 Automation World, October 2010 By Wes Iversen Experts agree that defense in depth is the best approach to guard against future cyber attacks targeting industrial control system networks. Here's a look at two emerging technologies that may provide added tools for defense-in-depth strategies.

		Understanding and minimising your HMI/SCADA system security gaps - 10/20/10 What’s New in Process Technology, October 2010 By GE Intelligent Platforms Asia The focus on HMI/SCADA security has grown exponentially in the last decade and, as a result, users of HMI/SCADA systems across the globe are increasingly taking steps to protect this key element of their operations.

		The Can of Worms Is Open-Now What? - 10/19/10 Control, October 2010 By John Cusimano, Exida, and Eric Byres, Byres Security Designing a good cyber defense for your SCADA or process control system is no longer an option.

		Worst Fears Realized - 10/19/10 Control, October 2010 By Nancy Bartels A scary piece of malware named Stuxnet is in town. Remember its name. Its arrival may make you want to change the way you think about control system security.

		The Straight Scoop on OPC and Security - 10/19/10 Control, October 2010 By Roy Kok So you're considering OPC for an application, and with today's concerns over security, you want to make sure your choice is a good one. Is OPC capable? In order to answer that question, we need to ask and answer a few others first.

		OPC: Standardizing Integration of Security and Energy Management - 10/19/10 Control, October 2010 By Eric Murphy Many organizations are putting intelligent infrastructure networks in place that enable them to add systems to make their operations more efficient. The key to integrating these systems, including security and energy management, is the adoption of open standards such as OPC.

		7 tips for an industrial Ethernet cyber security strategy - 10/13/10 Control Engineering, September 2010 By Peter Wood, GarrettCom Industrial operations are becoming more aware of their vulnerability to cyber mischief or cyber attacks. Here are seven tips that can create the foundation for a cyber security strategy.

		Industrial Ethernet: Switches help flexibility, security - 10/13/10 Control Engineering, September 2010 By Gregory Wilcox, et al, Rockwell Automation A secure network infrastructure requires protecting the integrity, availability, and confidentiality of control and information data. Establishing smaller LANs helps manage different types of network traffic and creates domains of trust to limit access to authorized personnel.

		Balancing security and safety with risk - 10/12/10 InTech, October 2010 By Graham Speake Process control systems have almost universally moved from being a custom development to using a Microsoft Windows platform. Malware writers have now set their sights on control system vulnerabilities and started to develop viruses.

		Sophisticated Surveillance - 09/16/10 Vision Systems Design, September 2010 By Ross McNutt and John Egri Coupling Gigabit cameras, GPS, and INS systems to an onboard computer allows high-resolution, airborne surveillance images to be captured and analyzed.

		CFATS: Implementation Issues Come Into Focus - 09/16/10 Chemical Processing, September 2010 By Seán Ottewell As more and more chemical companies move through the various review and evaluation processes demanded by the Chemical Facility Anti-Terrorism Standards (CFATS) of the U.S. Department of Homeland Security (DHS), important issues about the practical implications and the cost of the initiative are emerging.

		Fallout from Stuxnet Continues - 09/10/10 Control, September 2010 Stuxnet is notable not only for its technical sophistication, but also for the fact that it targets industrial control systems (ICS) designed to run power plants including nuclear plants, smart grid, water systems, off-shore oil platforms, ships, other critical infrastructure. Just because Stuxnet was first discovered in a Siemens system, doesn't mean other ICSs aren't vulnerable.

		Copper Theft: Out of Control - 08/30/10 Utility Products, August 2010 By David Lambert The 2008 Copper Theft Report showed that U.S. utilities spent more than $60 million and experienced over 456,000 outage minutes. It also showed that 52 injuries and 35 deaths occurred because of copper theft. With 95% of U.S. utilities experiencing some degree of copper theft, it is a big problem.

		Shedding Light on Right to Know Bill - 08/30/10 Transmission & Distribution, August 2010 By Joel Hoiland, Utilimetrics One of the big challenges facing the utility industry when it comes to smart meter deployments and advanced metering infrastructure (AMI) are the questions of who owns energy-usage data, how it will be protected, and how privacy will be administered and secured.

		Securing the smart grid: the road ahead - 08/30/10 International Power Engineer. August 2010 With the help of the government and security experts, utilities are taking strides to improve the security of the smart grid and all of its components. As a result of improving security protocols, both consumers and utilities will thrive from the vast benefits of the smart grid, while ensuring the present and future safety of the world's critical infrastructure.

		Wireless Internet plant security - 08/30/10 Energy Tech, August 2010 By Komandur Sunder Raj Several advances in technology have led to increased use of the Internet for wireless applications in power plants. Increased use of wireless Internet applications for power plants has resulted in a need to protect both physical and digital critical assets that are vulnerable to cyber threats and attacks.

		Protecting data and IP with flash memory - 08/26/10 Embedding Computing, July 2010 By Bill Stafford, Micron Technology Flash memory devices often do more than just store data – they offer specific features to secure data in embedded designs. Here’s an overview of what some flash devices provide.

		Protect and control software stored in flash memory - 08/26/10 Embedding Computing, August 2010 By Kerry Maletsky, Atmel Corporation Authentication chips in an embedded system can detect unauthorized modification or copying of system software stored in flash memory.

		Rethinking Cyber Security for Industrial Operations - 08/26/10 Automation World, August 2010 By Robert Mick Cyber-security attacks and defenses both continue to escalate and grow in sophistication.

		Justifying Cyber-security Expenditures - 08/26/10 Automation World, August 2010 By Wes Iversen Here are some tips from one cyber-security program manager on what to say—and what not to say—when making your pitch to top management.

		Protect Your Control Networks - 08/26/10 Automation World, August 2010 BY James R. Koelsch Control networks are way too open to cyber attack.

		Control Systems a New “Bull’s-eye” for Hackers - 08/26/10 Automation World, August 2010 By Wes Iversen The Stuxnet worm that attacked Siemens SCADA and control systems is highly sophisticated, and should be a wake-up call for the industrial controls community.

		Facility Managers Should Reassess Security Plans as Terrorism Threats Change - 08/22/10 Building Operating Management, August 2010 By Desiree J. Hanford Facility managers can take any number of steps to make it more difficult to attack their facilities, yet not diminish the use of those facilities.

		Security Threats to Facilities are Changing as Terrorists Becoming Decentralized - 08/22/10 Building Operating Management, August 2010 By Desiree J. Hanford Immediate responders are trained to arrive on the scene of any incident within two to three minutes while law enforcement officials are still mobilizing. The objective is to help law enforcement address the actual incident instead of training people to help them.

		Getting OPC Security Under Control - 08/13/10 Control, August 2010 By Eric Byres, Byres Security If your company is like most, it will be a while before you can rid your plant of all traces of the DCOM-based OPC. So, until that day, you need to take a serious look at improving the security of your OPC.

		Protecting Your Smart Grid - 07/25/10 Transmission & Distribution, July 2010 By Michael Echols and Gib Sorebo, SAIC In most cases today, security standards and regulations fall short of what is needed to provide maximum assurance of smart grid reliability from a cyber security perspective.

		Smart Security on the Grid - 07/25/10 Power Technology, June 2010 By Phil Thane A security breach could easily gridlock the smart grid. But with careful thought, such risks can just as easily averted.

		3 Reasons Linux Is Preferred for Control Systems - 07/20/10 Automation.com, July 2010 By Krista Duty, Inductive Automation Linux has long been on the "wishlist" for control systems. Until now, most systems have been locked-in to the Windows operating system due to reliance on classic OPC. The name of the game is changing, however, with the arrival OPC-UA. The new standard was designed for cross-platform compatibility, which makes room for Linux to gain popularity in the automated control industry.

		Industry Perspectives from Honeywell User Group 2010 - 07/20/10 Automation.com, July 2010 By Bill Lydon Review the industry perspectives, technology and solutions from HUG Americas 2010. Highlights include an overview of five megatrends identified by Norm Gilsdorf, Honeywell's commitment to legacy products, training and service, and introduction of a new RTU, safety remote IO, in-controller batch manager, and turbo machine controller. Plus, see an example of control system virtualization.

		Driving Technology and Innovation Together Automation.com, July 2010 By Bill Lydon Review the technology and innovations presented by Siemens at their recent 2010 Automation Summit, held in Charlotte, NC. Highlights include Siemens’ focus on energy, advancements in their process control offering, their industrial communications strategy and new distributed panel devices.

		PACs & I/O Go Wireless - 07/11/10 Industrial Automation Asia, July 2010 By Jean Femia, Opto 22 Automation engineers are beginning to seriously consider wireless solutions for all or part of their applications. But with all these good reasons to use wireless, several concerns remain. Among them are security, network performance and reliability, availability and cost of I/O components

		Keep Controls Network Separate From Business Network - 06/23/10 Control Design, June 2010 By Steve Perry, Barber Foods Physically separate the controls network from the business network. Minimize the number of connections between the two networks, and implement tight restrictions on the traffic across those connections.

		Plant Security Deserves More Attention - 06/16/10 Chemical Processing, June 2010 By Mark Rosenzweig In today's world a lax approach to security is indefensible, particularly at sites that handle hazardous chemicals,but government mandates and industry self interest are fostering progress.

		Plant Video: Opening Secret Corners of the Plant - 06/16/10 Automation World, June 2010 Cameras have become an inexpensive way to view the world, and now they’re being introduced into human-machine interface/supervisory control and data acquisition (HMI/SCADA).

		Questions of Security - 06/12/10 Control Engineering Asia, May 2010 By Matthew Luallen and Steven Hamburg While the awareness of potential cyber security threats to industrial control systems has increased over the last few years, a recent survey reveals some still significant gaps in users’ defenses.

		Could Cyber Terrorists Attack Our Company? - 06/12/10 Control, June 2010 By John Cusimano and Eric Byres When cyber-related events cause outages and plant shutdowns—whether they were caused by accident, employee, hacker or terrorist—the first question should be, "What made our system unstable and susceptible, and what can we do to prevent it from happening again"?

		Securing SCADA and Control Networks Automation.com, June 2010 By Scott Howard, Byres Security Although Trusted Network Connect (TNC) was originally conceived for protection of IT networks, it addresses many security issues that are also encountered in industrial control and SCADA systems.

		The power of integration exemplified at ABB A&PW 2010 By Bill Lydon, Automation.com The "Connect, Learn, Succeed" theme of this event was about users forming stronger working relationships with ABB. The event brought the opportunity to connect across disciplines and apply products and knowledge - focusing on the power of integration, particularly between automation and power systems. The event attracted more than 4,000 people and offered more than 400 educational and hands-on sessions and a 100,000 sf. exhibit area.

		Strengthen Your Cyber Security - 05/25/10 Chemical Processing, May 2010 By Andrew Ginter, Industrial Defender The most effective approach to meeting the CFATS cyber-security standard includes a comprehensive vulnerability assessment of physical and cyber aspects of a site, and layered defense-in-depth cyber security. Evaluating and addressing cyber-security issues demand deep domain-level expertise in industrial control and SCADA systems.

		Niagara Building Automation Summit Illustrates Diversity By Bill Lydon, Automation.com Attendance has increased significantly each year and the striking thing about the Niagara Summits is the high level of energy, large number of knowledgeable automation professionals, and sense of community where people openly share ideas. Niagara Summit is also an opportunity for users and systems integrators to “show and crow” about their application accomplishments.

		Security since September 11th - 05/23/10 Nuclear Engineering International, May 2010 By Edwin S. Lyman As the September 11, 2001 attacks on the World Trade Center and the Pentagon fade from memory, it becomes harder for regulators to justify and licensees to maintain the vigilant posture needed to protect nuclear plants from radiological sabotage.

		Hardware authentication secures design IP and end-user experience - 05/23/10 Embedded Computing Design, May 2010 By Robert Rozario, Infineon Technologies Protecting electronic systems from counterfeiting is a growing challenge for OEMs. With the move to outsourced manufacturing for consumer electronics and computer peripherals, it is increasingly difficult to protect IP and prevent unauthorized production of devices using an OEM brand.

		PKI security for embedded systems - 05/23/10 Embedded Computing Design, May 2010 By Nadaradjane Ramatchandirane, Renesas Public Key Infrastructure (PKI) isn’t just for enterprise applications – a Machine-to-Machine (M2M) authentication strategy based on PKI can form the backbone of a secure embedded system.

		Consortium Reports New Findings on Alarm Rates - 05/23/10 Automation World, May 2010 By Wes Iversen New research funded by the Center for Operator Performance shows that process operators may perform better at high alarm rates when alarms are grouped by priority, rather than chronologically.

		Industrial Cyber-security Incidents Revealed - 05/23/10 Automation World, May 2010 By Wes Iversen With cyber incidents affecting control systems on the rise, a new report lays out trends seen in 2009 and makes comparisons to historical data.

		Thin Clients Can Eliminate Software Issues - 05/19/10 Control Design, May 2010 By Jeremy Pollard Appications are installed and run from the server, and the clients just need run software such as VNC, VMware client or RDP protocol to connect to the server to use the server-based applications. The applications could range from Open Office to HMI and SCADA software.

		Substation Security - 04/23/10 Utility Products, April 2010 By Paul Hull The security of your substations may depend on where they are. In big cities, the dangers may be from human vandals with equipment (and even training) that can break into a facility in minutes. In rural communities threats from wildlife can be more real than those from people. But there are products to help every utility.

		Safety and Security: Two Sides of the Same Coin - 04/14/10 Control, April 2010 By Eric Byres and John Cusimano A weakness in security creates increased risk, which in turn creates a decrease in safety, so safety and security are directly proportional, but are both inversely proportional to risk.

		New Gigabyte Industrial Ethernet Open Protocol - CC-Link IE The CC-Link Partner Association (CLPA) announced the release of the open architecture gigabit (GB) CC-Link IE Field Network. I recently met with two members of CLPA Americas to get an update on the latest CC-Link IE standard. Chuck Lukasik is the Director of CLPA Americas and John Woznaik is their Network Specialist.

		Unifying the Physical Infrastructure to Advance Lean - 02/28/10 Managing Automation, February 2010 By Stephanie Neil Moving all building automation systems into a unified physical infrastructure that can control the lights, security cameras, and climate from one box makes it easier to manage all aspects of the entire building and saves money as well.

		Network Security Demands Less Complexity - 02/22/10 Automation World, February 2010 By C. Kenna Amos As threats multiply, network security technologists rush to neutralize them.

		How Much Network Access Should You Allow? Industrial Networking, March 2010 By Jim Montague The two main questions in network security are: How closed does your network need to be? And, how open can you afford it to be?

		Highlights from the ARC 2010 Orlando Forum General Session - Part 1 By Paul Miller and Dick Hill, ARC Advisory Group Tuesday morning's general session for all forum tracks included presentations by Andy Chatha, ARC's President and Founder, Marty Edwards from the DHS Control Systems Security Program at Idaho National Laboratories (INL); Thomas Lange, Director of Modeling and Simulation at Procter & Gamble; and Ralph Rio, Research Director, Enterprise Advisory Services here at ARC.

		Cyber security: Vendors fight back - 02/16/10 Control Engineering Europe, January 2010 There is increasing attention by control system vendors to enhance cyber security and operate better in corporate IT environments. This attention is good because cyber threats are not decreasing and, at the same time, corporate IT environments are becoming more protected.

		Build a cyber security incident response plan - 02/16/10 Control Engineering Europe, January 2010 By Kevin Staggs, Honeywell Process Solutions A plan lets everyone respond properly to a control system security breach, whether it’s a failure of a critical cyber component or an intentional break.

		ISA99: Charting a security standards roadmap into a risky new decade - 02/16/10 InTech, February 2010 By Charley Robinson In the past year, ISA99 has established a roadmap that calls for delivering at least 14 standards and technical reports addressing vital aspects of industrial control systems security. Work is underway in areas including system security requirements and security assurance levels, target security assurance levels for zones and conduits, compliance metrics, and patch management.

		When updating your computer security, why patch? - 01/27/10 Plant Engineering, January 2010 By Michael Bush, Rockwell Automation While the installation of a buffer zone in a manufacturing environment provides an excellent barrier to block direct attacks from the outside, no buffer zone provides a perfect security solution for your automation system. This is why you patch.

		A Security Vulnerability Analysis Helps Identify Real Threats - 01/27/10 Building Operating Management, January 2010 By Sean A. Ahrens A security vulnerability analysis seeks out root causes for a security vulnerability and applies physical, technical and operational controls to deter, delay and minimize the impact on the organization for an incidence.

		Integrated solutions for the safeguarding of power plants - 01/24/10 Power Engineering International, December 2009 By Horst Köhler, Siemens Power facilities carry many inherent operational, security and fire risks that threaten their daily operations, from theft, vandalism and equipment failure to fires and leakage of potentially hazardous materials. Safeguarding power facilities against such diverse internal and external threats calls for an integrated risk management strategy.

		Control System Security Perceptions and Practices - 01/20/10 Control Engineering, January 2010 By Matthew E. Luallen and Steven E. Hamburg Nearly 200 responses were received to Control Engineering’s Industrial Control Systems Cyber Security Assessment Survey. Here’s an analysis of the results.

		Don’t cloud your compliance data - 01/20/10 Control Engineering, January 2010 By Dennis Brandl Cloud computing is coming! Even the best security and data integrity processes may not be enough. Make sure your company’s legal advisors are involved.

		Functional Security–Walking the Walk - 01/20/10 Control, January 2010 By Walt Boyes Fundamentally, the issue is how to make all these things actually work. From upgrades to monitoring the fence line, we have to make this stuff is as automatic as streetlights, or we won't be any safer or any more secure.

		Security vs. Sustainability - 12/18/09 Building Operating Management, December 2009 By Daniel O'Neill There is no shortage of conflicts between sustainability and security goals. Fortunately these conflicts can be resolved to the mutual benefit of both parties, resulting in sustainable and secure buildings and campuses.

		Physical-Device Recognition Improves Cyber Security Automation.com, December 2009 By Jim White, Uniloc Physical device recognition (PDR) technology uses the unique hardware characteristics of a user’s computer to generate a highly unique signature or “device fingerprint” for that specific device. This highly secure “fingerprint” is then used as an online credential that is “locked” to that device for use as its authentication credential.

		Securing your industrial control network - 11/24/09 Plant Engineering, November 2009 By Dan Schaffer, Phoenix Contact Steps you can take to protect your control networks include setting up a firewall, segmenting the control network from the office network and taking some common-sense security steps.

		Hacking The Industrial SCADA Network - 11/21/09 Pipeline & Gas Journal, November 2009 By Frank Dickman, RCDD Malicious hackers have discovered supervisory control and data acquisition (SCADA) and distributed control systems (DCS) Now that inexpensive solutions are available, the security of industrial networks can no longer be ignored. With threats to industrial networks increasing in complexity and scope, decision makers need to take action before it is too late.

		Research Leads to Improved Human, Object Detection Technology - 11/21/09 Robotics Trends, November 2009 University of Missouri scientists develop software that detects humans and objects in videos, creating new possibilities for safety and surveillance.

		Video monitoring of process control and automation systems - 11/11/09 What’s New in Process Technology, October 2009 By Telvent Australia Video monitoring is a proven technology for security monitoring in many industries. So why not use video to monitor process control and automation systems? Why can’t video be another sensor? Why not use video to allow operators to see what is happening in the plant? Answer: Nobody is doing any of this, but it is certainly possible.

		Cyber security: Vendors fight back - 11/11/09 Control Engineering, November 2009 By Dennis Brandl New aspects of control system software are reducing the need for manufacturing IT personnel to be security experts.

		Getting The Best Results From Thermal Cameras - 10/22/09 Maintenance On-Line, October 2009 Thermal cameras can be used within virtually every industry to help businesses make significant cost savings through predictive maintenance.

		Current trends in cyber attacks on mobile and embedded systems - 10/19/09 Embedded Computing Design, September 2009 By Kurt Stammberger, Mocana With the advent of the "Internet of things," we are encountering a new wave of hacking that threatens mobile devices as well as wired computers and networks.

		Security for everyone - 10/19/09 Embedded Computing Design, September 2009 By Jerry Gipper When it comes to embedded computing, security is an escalating issue that has become more critical with the explosion of connected devices. The combination of intelligence and connectivity in many of our electronic devices makes them prime targets for intrusions of all kinds.

		Creating a Safety and Security Culture - 09/22/09 Control, September 2009 By Walt Boyes Functional safety and security are so similar in organizational structure and in management emphasis that cultures can be created in the process industries that produce safe and secure plants and maintain them as a matter of course.

		Pursuing the discipline of control system cyber security - 09/20/09 Plant Engineering, September 2009 By John Cusimano What does it mean to have a safety and security culture? First, it means management commitment from the highest levels. Second, it means management demonstrates that commitment by establishing and improving safety and security management systems. Finally, it means enforcing these systems and holding individuals accountable for failure to follow them.

		SCADA Security, Compliance, and Liability – A Survival Guide - 09/20/09 Pipeline & Gas Journal, September 2009 By Clint Bodungen, et al Operators face an almost overwhelming number of standards, guidelines, and best practices that require interpretation with little guidance. Operational and security requirements are often confusing, sometimes inconsistent. Security-related documents often purport to be the required standard even when they are not while security programs are not tailored for specific operations. Addressing this requires an understanding of the requirements and development of an appropriate solution.

		Are you looking forward to Windows 7? I’m not - 09/13/09 Control Engineering Europe, September 2009 By Mike Babb Windows 7 is the same old stuff, just re-arranged a little bit to make you think you’re getting ‘the latest technology.’ In the past 15 years Microsoft has done nothing new in the way of office software technology, yet they have millions believing the illusion that they have.

		Managing an open system - 08/27/09 Plant Engineering, August 2009 By Shawn Gold, Honeywell Process Solutions For all the benefits open systems provide, they pose significant IT challenges. End users can only rely so much on their automation suppliers for support to keep process control networks secure. The reality is that plant engineers are now responsible for increasingly complex open automation architectures and the specialized IT support functions that go along with them.

		Data Security and Integrity On Your CMMS - 08/24/09 Maintenance On Line, August 2009 Your CMMS data is never 100% secure from mechanical breakdown, natural disasters, human error, or malicious acts.

		Four Building Security Hotspots - 08/24/09 Building Operation Management, August 2009 By Lacey Muszynski If a company hasn’t had a serious security incident for some time, C-suite executives often become complacent and may wonder if all the security systems, regulations and jobs already in place are necessary. But complacency isn’t a good reason to cut the security budget, especially in a recession when crime often increases.

		Wireless BAS Networks Benefit from Mature Standards and Security Improvements - 08/24/09 Building Operation Management, August 2009 By Josh Thompson The benefits of a building automation system are well-documented: energy efficiency, cost management, accessibility and flexibility. But if cabling is required, even the latest IP-based BAS can be difficult to deploy and integrate in an existing building

		Security Comes Knocking on Machine Vision’s Door - 08/24/09 Machine Vision Online, August 2009 By Winn Hardin Long distances between cameras and recorders, plus budget limitations, have kept security applications away from machine vision advances. Today, with the emergence of digital IP camera networks, video analytic software and a willingness on the part of machine vision suppliers to alter designs to meet security needs, the security industry is taking renewed interest in machine vision products.

		Cyber Security = Safety. Get It? - 08/20/09 Automation World, August 2009 By Wes Iversen There is a growing realization that cyber security—once considered primarily an information technology (IT) problem—has different ramifications on the plant floor than it does in the office.

		Security and Safety Follow Parallel Paths - 08/20/09 Automation World, August 2009 By Wes Iversen By picking the brains of functional safety experts, industrial cyber-security standards makers hope to make gains. Meanwhile, some companies are launching new business plans based on a tighter alignment between safety and cyber security.

		Creating Functional Security and Safety - 08/16/09 Control, August 2009 By Walt Boyes Walt asks, “Can automation professionals do anything to keep companies from ignoring safety and security, operator training and awareness?”

		Cyber Security Lessons from Electric Utilities Industry - 08/14/09 Control Engineering, August 2009 By Frank O Smith Compliance with regulations in version 2 of the North American Electric Reliability Corporation’s Critical Infrastructure Protection (NERC CIP) standard becomes mandatory this year. Within it are lessons for plants and SCADA systems of all types.

		Return on Imagination - Honeywell User Group (HUG) 2009 Honeywell Process Solutions continues to grow in a number of dimensions including: additional products, wireless, energy, PLCs, independent system integrator initiatives, and Integrated Master Automation Contractor (IMAC) focus. This year’s attendance was lower than previous years, but David Wade, Honeywell Users Group Americas Chairman, officially opened the HUG 2009 conference commenting that there were more than 50% new attendees.

		Investing In Security Now Could Save You Later - 07/15/09 Manufacturing.net., June 2009 By Amy Radishofski For manufacturers, a good safety and security system is like an insurance policy -- you hope you never have to use it, but if you need to, you’re glad you have it.

		PC Access Could Invite Hackers - 07/15/09 Control Design, July 2009 By Dan Hebert One major concern for many machine builders and their customers is holding PC implementation back, namely the lack of security inherent to most PC platforms when they are connected to the outside world.

		Web 2.0 tools Conduct in Concert - 07/15/09 Control, July 2009 By Jim Montague Increased computing power is allowing colleagues to move themselves and their documents from user-located and maintained servers and software out into web-based environments on the Internet. These tools can be used by process control engineers to improve set-up, operations and maintenance of their applications and plants.

		Secure Embedded Wireless—Part II - 07/14/09 Industrial Networking, July 2009 By Ned Lecky, Lecky Integration The previous column explained how to go wireless, but the trick is ensuring security and creating adequate redundancy.

		Addressing SIS Cyber Security; Is it First or Last? - 07/14/09 Control Engineering, July 2009 By Bob Huba and Chuck Miller, Emerson Process Management Part 2: When considering integrated control and safety systems, building a strong defense is an investment in ensuring business continuity. How should you implement the concepts?

		Service Oriented Architecture and its Impact on Automation - 07/14/09 Control Engineering, July 2009 By Dennis Brandl Service oriented architecture (SOA)—everyone seems to be talking about, teaching, selling, or implementing it, but there is also a lot of confusion about what it really is. This article is a guide to understanding what it is, how it works, and how it applies to manufacturing-related applications.

		Securing Legacy Control Systems - 07/14/09 Control Engineering, July 2009 By Peter Welander Very few of the process control platforms operating today were installed with any cyber security protection built in. Most predate wide deployment of the Internet. Can these systems be protected against today’s threats?

		Software via the internet offers a cost-effective alternative to licensing - 07/14/09 Asia-Pacific Engineering News, July 2009 For most companies it is probably a fair assumption that their internet connection will suffer less downtime than their in-house severs. The SSL (secure sockets layer) cryptographic protocol, which is commonly used by SaaS vendors, offers high security and is routinely used for applications such as electronic commerce.

		Securing integrated Scada systems against cyber attacks - 06/24/09 European Chemical Engineer, June 2009 By Paul Hurst, Citect UK Failure to protect a plant's Scada system from the threat of cyber attack can have big security implications.

		Electronic Signatures and Data Quality Pharmaceutical Processing, May 2009 By John Avellanet, Cerulean Associates You will have a problem if you rely on electronic data capture, review and approval, and you are unable to prove that the person who was supposed to collect/review/approve the information was the actual person who did the collection/review/ approval.

		Security Technology Value Engineering: Mistakes to Avoid Building Operating Management, May 2009 By Sean A. Ahrens Consider the time it takes to review an incident on an analog security camera system. That review may require hours and possibly days. New digital camera recording technologies allow security investigators to review footage from multiple security cameras simultaneously, rather than individually.

		Secure Embedded Wireless—Part II Industrial Networking, Spring 2009 By Ned Lecky, Lecky Integration To experiment with Zigbee, start with the $500 Jennic Home Monitoring evaluation kit that contains five AA-powered evaluation boards, seven Zigbee radio modules and a set of C-based development tools with enough sample code and documentation to get you started on becoming a Zigbee expert.

		Critical compliance InTech, May 2009 By Rick Kaun Debate surrounds critical infrastructure compliance in power industry. Reliability standards have created a frenzy in the power industry, especially with the mandatory critical infrastructure protection (CIP) standards the North American Reliability Commission (NERC) has issued.

		The New Look of Facial Recognition Control Engineering, May 2009 By Peter Welander Machine vision evaluates human faces to recognize age, gender, and even state of mind.

		Securing industrial control systems against threat of cyber infection Asia-Pacific Engineer, April 2009 By Alistair Rae We are all aware of the need to protect desktop computers from viruses and other malware, but what about industrial systems? These are generally less well protected, yet a malicious attack or an infection with malware can have devastating results. Fortunately there are ways to reduce the risks.

		Containing Wireless Cyber Security Threats Automation World, April 2009 By Wes Iversen Electric utility operators already have their hands full in achieving compliance with mandatory federal Critical Infrastructure Protection (CIP) standards aimed at cyber security in the electric power industry. But when the use of wireless technologies is thrown into the mix, the problem gets even more complicated.

		Give the Green Light Control Design, April 2009 By Chris Roach, FKI Logistex As manufacturing and distribution warehouse systems adopt more complicated and inter-networked technology, the ability to fix controls and software issues in-house and on-site diminishes. The best solution is often to allow individual OEMs access to their installations through secure, remote-access VPNs.

		A Distinction with a Difference in SCADA Security Control, April 2009 By Nancy Bartels and Walt Boyes When you’re talking about cybersecurity in the process industries, there are only two issues that matter. The first is how much security you need to be really secure. The second isn’t all that obvious, but in many ways defines the first—and it’s one people aren’t thinking about. What’s the difference between “compliance” and “security?”

		What’s the Difference Between Security and Compliance? - The Long Answers Control, April 2009 Supplement to the article, “A Distinction with a Difference in Functional Security.” Contains the complete answers from security consultants, regulatory experts, vendors, systems integrators and end users who contributed to the article.

		Get your feet wet InTech, April 2009 By Scott W. Sommer, Jacobs Engineering Industrial users can get started with wireless implementation by following a few guidelines: Determine plant viability for wireless; determine scope, and do a site survey; do not forget about security measures.

		Tomorrow has not been canceled! Report from ABB Automation & Power World 2009 Mark Taft, Group Vice President, Process Automation, Global control System Business opened with, "...it is important for us to remember that tomorrow has not been canceled." Mark's point was the conference was designed to provide a great deal of useful and actionable information that will help attendees survive and thrive in the current economy, and be prepared to take advantage of the future. Mark further noted that having a combined event encompassing automation and power is timely.

		Managing batch process security Plant Engineering, March 2009 By Karl Williams and Daren Moffatt, Invensys Process Systems For batch operators, the primary focus of process security has been on controlling and managing access to recipes, process operations and process change. But today batch access control should be integrated with managed enterprise security programs that mitigate potential threats from terrorists, hackers, malicious codes and other sources.

		Security, do I really need it? Control Engineering Europe, March 2009 By Karl Williams, Invensys Process Systems If production is lost, what would be the business impact? Who would be responsible? How would the incident and recovery be handled? The reality is that production has been impacted by security incidents in varying degrees from degraded performance and availability to complete plant shutdown.

		Helping Power Plant Control Systems Achieve NERC CIP Compliance Power, March 2009 By Jonathan Pollet and Walter Sikora NERC standards require that critical cyber assets (CCAs) must be protected with an electronic security perimeter (ESP) and a six-walled physical security perimeter (PSP). Noncritical cyber assets within an ESP must receive the same protection under the standards as a CCA.

		Winning Strategies and Best Practices for Sustainable Manufacturing By Bill Lydon, Contributing Editor The initial focus of the ARC Forum in Orlando was sustainable manufacturing strategies as they relate to environmental performance and resource management. Based on the recent economic downturn, the conference was expanded to address strategies for bottom line business sustainability of process and discrete manufacturing companies.

		Robots in Every Building? Automated Buildings, February 2009 By Jeanne Dietsch, MobileRobots, and Stuart Rich, PenBay Forces are converging to pull mobile robots into facilities. These include: Building Information Model (BIM) requirements; supplying data for LEED documentation; staffing problems; management & maintenance costs; high liability risks; and increasing security demands.

		Plant Safety: Are You Safe Enough? Industrial Automation Asia, February 2009 By Honeywell Process Solutions An integrated approach to plant safety includes independent yet interrelated layers of protection to deter, prevent, detect and mitigate potential threats.

		Network Management Struggles At Grassroots Level Automation World, February 2009 By C. Kenna Amos Though still in relative infancy, there’s a turf struggle in network management. IT [information technology] managers are penetrating the plant-floor space and making security and purchasing decisions that control engineers historically have made

		Living in a Virtual Machine Automation World, February 2009 By Gary Mintchell Managing a large number of personal computers (PCs) in an organization can be a nightmare for information technology (IT) professionals.

		Socializing Plays a Role In Network Security - 02/24/09 Automation World, February 2009 By Terry Costlow Technology plays a big role in securing corporate networks, but it won’t work unless companies set up good processes for employees. Employees need to understand not only the rules, but also why those rules are needed, before they will remember to implement them at all times.

		Secure Embedded Wireless Can Be Practical Industrial Networking, February 2009 By Ned Lecky, Lecky Integration How to go wireless, and how to do it securely? Try IEEE 802.15.4, a set of communication standards and applications commonly called ZigBee.

		Find the best path to security in wireless sensor networks Plant Engineering, December 2008 By Steve Toteda, Dust Networks In a typical refinery, the harsh environments created by the complex piping of the production facilities pose serious challenges to wireless sensor technology. These environments are often quite hostile to RF signals as well; the use of concrete, glass and steel in typical plants exacerbates the traditional RF issues of path loss, fading and multi-path.

		Embracing Wireless Technology for Industrial Automation Sensors, January 2009 By Arun Veeramani, National Instruments The key to getting plantwide real-time data is communication between the machines on the factory floor and the enterprise. As wireless networking has become more commonplace, its performance, reliability, and security has matured to make the technology viable for industrial measurement and monitoring applications.

		Cyber Security Hits Home Control Engineering, January 2009 By Peter Welander If you’ve been wondering if and when you might be forced to address cyber security issues with your process control or SCADA systems, watch efforts with electric utilities. Implementations going on now could serve as models.

		SCADA Systems: Unknown Connections Could Spell Trouble Power Engineering, November 2008 By Michael Markulec, Lumeta Corp. The complex designs, interconnected nature and extreme sensitivity of SCADA and other process control systems mandate that utility organizations implement comprehensive plans for assessing and mitigating potential network vulnerabilities and threats. To do this successfully requires development of comprehensive security risk management programs that start with gaining control over network risk.

		Control Systems and Cyber Security Control Engineering Europe, December 2008 By Karl Williams, Invensys Process Systems The security threats and vulnerabilities we see today are wide ranging, often complex, and are not always well understood, particularly what impact if any they may have on an individual system, part of a system, or production facility itself.

		Where’s the Remote? Control Design, December 2008 By Mike Bacidore Any IT department worth its bandwidth has built a wall of security that keeps its data communications secure and reliable. The conflict arises when IT security must be compromised to accommodate things like remote diagnostics or troubleshooting of machines.

		IP Camera Or Analog? CCTV Technology Update Building Operating Management, December 2008 By Sean A. Ahrens Digital camera technology is the future of CCTV. For those who have not embraced digital, realize that the train is boarding and will soon leave the station.

		Rockwell Automation Fair 2008 Review By Bill Lydon, Contributing Editor As usual, the Rockwell Automation Fair was an impressive event with over 11,000 attendees and over 90 Encompass partners. This is a very successful show that creates enormous goodwill and is the most successful control show in North America. Training is becoming a big part of the event and allows users to justify the time and money to attend. Distributor travel packages also make it much easier for users to attend the event.

		Wireless & Networking Dominate ISA EXPO 2008, Product Highlights The emphasis on networked communications whether wired or wireless was visible at the event. We review the ISA Wireless Industrial Automation Standard (SP100) Committee meeting in Houston, which drew a standing-room-only crowd. Other product highlights include: PLC/Programming Learning Package, EtherNet/IP Controller, Single Board Industrial Controller, Remote Eyeballs for Wireless Reading Gauges, Quad Process Safety System, Universal Gas Transmitter and HMI Enhancements.

		Bulletproof Machine Design, October 2008 By Vishal Kakkad, Lantronix No question that interest in wireless technology is on the rise, even for industrial uses. Experts predict the worldwide market for wireless devices in discrete manufacturing will grow 16% annually over the next five years. But the security of these networks is a mounting concern. Here’s how to keep hackers out of your industrial wireless networks.

		Distributing security for Industrial Ethernet networks Industrial Embedded Systems, November 2008 By Torsten Rössel, Innominate Security Technologies New Industrial Ethernet networks provide decentralized security with effective protection devices arranged in a distributed architecture.

		OPC Security: Seven Years, Seven Fears - 11/24/08 Automated Buildings, October 2008 By Eric Murphy, MatrikonOPC The first OPC Security specification was released in 2000, and the next major OPC security revision, OPC UA Security, was released in 2007, seven years later. It’s said that a little fear is a good thing. Here are seven security fears every OPC systems owner should consider, and what OPC options exist to soothe them.

		Strictly no admittance Power Engineering International, October 2008 By M. Braendle, et al, ABB Greater interconnection of utility automation systems provides more opportunities for breaches in IT security. The integration of IT security monitoring in the overall utility automation control structure is ABB’s response to this growing concern.

		Seven Steps to Protect Your Control System Utility Automation & Engineering, November 2008 By Justin Lowe, et al, PA Consulting Ensuring the resilience of control systems from security threats is vital to ensuring a utility’s future. Systems are at risk from cyber threats, such as hackers, viruses and worms, because of the increased use of standard IT technologies like Microsoft Windows, TCP/IP, Web technologies and wireless.

		Access Control Control, November 2008 By Rich Merritt In the old days, chain link fences and junkyard dogs were enough to scare off intruders and trespassers. But times have changed. If you have a plant that might be the target of terrorists, industrial spies, activists, the anti-this or anti-that group, disgruntled employees or sophisticated thieves, your security problems have increased a thousand-fold.

		Defending Your Plant Control, November 2008 By Rich Merritt That nice-looking sales rep in the business suit got through the perimeter security and has arrived at the guard shack, seeking admittance to the plant for an appointment with Paula Process, one of your instrument engineers. The rep could be packing a Hekcler & Koch 9mm pistol, be wrapped in explosives under that suit coat or carrying a bomb or an AK 47 in the attache case. Can your security handle this?

		Infrastructure Cybersecurity Is in Our Hands Control, November 2008 By Keith Larson Securing industrial control systems isn’t rocket science, but it does involve the considered deployment of firewalls and other protective measures. And it can’t just be left to the folks in IT. Those whose business it is to understand the unique performance requirements of process automation networks must add a working knowledge of security to their kit bags.

		Nuclear Plant Security and Cyber Terrorism Control, November 2008 By Béla Lipták All our nuclear power plants are old and decades ago, the controls of all nuclear power plants were completely analog. Today, digital systems monitor the critical operating conditions. NRC should require total separation between the corporate networks of utilities and the SCADA networks of the plants.

		Security Standards Stewpot Simmering Control, November 2008 By Jim Montague Two years ago, there were about 40 government, trade and corporate organizations developing network security standards, and 38 of them reportedly were unaware of similar projects by the others. Since then, many have scrambled to coordinate their standards work.

		Protecting Our Cyber Infrastructure Control, November 2008 By Walt Boyes and Joe Weiss One of the very largest problems is that the control systems in plants and the SCADA systems that tie decentralized facilities together were designed to be open, robust and easily operated and maintained—but not necessarily to be secure.

		Do Safety and Security Mix? Control, November 2008 By Dan Hebert Integrated systems can simultaneously address process control, safety and security. Once installed, these complex integrated systems can provide value by simplifying plant operations and reducing on-going system maintenance costs. But is the cost and complexity of an integrated safety and security system worth it?

		Shhhhhhhh.. .It’s a Secret Control, November 2008 By Bob Radvanovsky One of the difficulties of attacking the problem of cybersecurity and critical infrastructure is the need to keep control of much of the information—hence the attempts at secrecy.

		Is malicious software protection just like Swiss Cheese? Design Product Automation, October 2008 By David Robinson, Norman Data Defense Systems (UK). Computer viruses, worms and Trojan horses are increasing at such an alarming rate that the manufacturing, process and utility industries are under considerable threat from inadequate anti-virus provision.

		Embedded RFID product authentication combats counterfeit goods Industrial Embedded Systems, September 2008 By Martin Payne, Skyktek Embedded RFID provides a simple, cost-effective solution to counterfeiting as well as the problems associated with unauthorized generics and substitutes. RFID allows manufacturers to embed inconspicuous tags that typically cost 10-30 cents each directly into or onto their products or consumables.

		Automation Insights Network By Rick Zabel, Publisher Automation Insights Network is a select group of controls and automation professionals who agree to help us cover news, emerging trends and technologies on various automation topics. Every two months, we will ask people in the Network to share their observations, knowledge and expertise with us. We take that information, distill it, and pass it on to our reporters and editors for use in future stories.

		Industrial Ethernet Growth Slowed by FUD By Bill Lydon, Contributing Editor The promise of Industrial Ethernet is clear: it will revolutionize manufacturing by tightly integrating control and business systems, if users can overcome their fear, uncertainty and doubt(FUD). One failure can trigger a cascade of problems and result in a significant loss of time and money. There are many issues surrounding the use of Ethernet in industrial control applications that give control engineers reasons for concern.

		Upstairs, Downstairs Control, October 2008 By Bob Sperber In the control arena, all DCS vendors either offer a historian or tie to others, and they are typically installed with a firewall above. This presents problems for OPC, but not for SOA-generation tools such as Web services and XML

		Meeting NERC-CIP Requirements Power Engineering, September 2008 By Kevin Staggs, Honeywell Process Solutions As deadlines for the North American Electric Reliability Council Critical Infrastructure Protection (NERC-CIP) standards approach, power plants and electric utilities must begin implementing the necessary security practices to meet the compliance requirements.

		ISA - Change the name to represent the industry By Rick Zabel, Automation.com The proposed name change of ISA (to "International Society of Automation") is up for a vote again during ISA Expo in Houston, October 14-16, 2008. Last year, the change was voted down, but I have yet to hear a compelling argument against the change. And there are many reasons for the change. If ISA is truly the global society of automation professionals, then its name should reflect its cause. It's time for a change!

		You can knock, but you can’t get in Control Engineering, September 2008 By Dennis Brandl There is a new form of network control called Network Access Control (NAC) that will have a major impact on industrial Ethernet networks. NAC has been in the IT press for several years, but it has only recently starting to hit mainstream IT organizations. A typical NAC implementation will allow network access only to devices that are registered, where there is a valid user account and where all required patches have been installed.

		Defense in cyberspace InTech, September 2008 By Trent Nelson and Jeff Becker For industrial facilities, the increased vulnerability of the enterprise resulting from open wireless architectures, coupled with a rise in cyber attacks, has made electronic security a major concern. The Control Systems Security Program (CSSP) cyber researchers regularly evaluate new and introduced solutions.

		Get Physical with Security By Bill Lydon, Contributing Editor While there is a great deal of legitimate concern about cyber security, many industrial facilities may be at high risk due to poor physical security. There is a need for a comprehensive security strategy for these facilities and other critical infrastructure. Honeywell Process Solutions' industrial security initiatives go beyond cyber security to address physical plant security.

		Proactive protection Hi-Tech Security Solutions, August 2008 SDA Security Systems installed a Honeywell access control and intrusion alarm system at the city hall building in Coronoa, CA. The system's alarms and access card readers are tied together through Honeywell's WIN-PAK PRO access control software, which allows users to monitor events and alarms from central or remote locations. The software also lets administrators automate functions, such as creating customised alarm reports, and photo ID badging.

		Why IP surveillance? Hi-Tech Security Solutions, August 2008 Although IP surveillance has opened the doors for many different types of functionality, there are 10 main reasons why IP surveillance is quickly taking over the CCTV market.

		Electric fencing: the poor cousin of the security sector? Hi-Tech Security Solutions, August 2008 There are numerous perimeter protection technologies available. These include microphonic cable, microwave, infrared beams, fence-mounted accelerometer sensors and electric fencing. From a security perspective, electric fencing is not the most secure.

		Stopping criminals before they get near - the importance of perimeter security Hi-Tech Security Solutions, August 2008 As criminals become more adept at finding their way through security systems, the detection of unwanted intruders even before they enter the premises has rapidly become the preferred route taken by installers of alarm systems today.

		Protect your plant Chemical Processing, August 2008 By Eric Byres, Byres Security Some of the most important steps that the chemical industry needs to take if it’s going to effectively protect itself from cyber attack. Failure to adapt to these changing threats and vulnerabilities will leave companies exposed to increasing numbers of cyber incidents. The consequences unfortunately could include a marred reputation, environmental releases, production and financial loss, and even human injury or death.

		Here Comes Cyber Security Power Engineering, July 2008 By David Wagman If you are not fully comfortable looking at your plant in more than one way, prepare yourself. The coming months will be busy ones at virtually every power plant with a grid connection. Homeland security—in the guise of what’s known as “critical infrastructure protection”—is coming to the power generation industry.

		Citect Vulnerability Raises Wider Disclosure Issues By Andrew Bond, Industrial Automation Insider Cyber security moved back to the top of the agenda for SCADA system vendors and users last month when security testing specialist Core Security Technologies revealed that it had found a “vulnerability” in Schneider subsidiary Citect’s flagship CitectSCADA product.

		The best Ethernet may be coming InTech, August 2008 By Patrick McCurdy, Ira Sharp, and Nicholas Sheble Advances in security, data transmission reliability, and environmental packaging have readied wireless Ethernet for demanding industrial applications.

		Global Market Compliance: A Local Approach Eases a Complicated Process By Udo Heinz & Sky Mehringer, TÜVRheinland Helping a product achieve global compliance for safety, EMC, documentation, testing and certification is a complicated and time-intensive process. To place a product in other countries, manufacturers must maneuver a complicated maze of compliance requirements.

		State of Manufacturing & Automation in the U.S. Looks Good Could it be that high fuel prices, the weak dollar and crises in the U.S. manufacturing industry are creating opportunities? Andy Chatha of ARC Advisory Group thinks so. He says the U.S. industry has suddenly become competitive on the world market, and companies are no longer moving operations overseas. Instead, many are expanding their facilities, and he predicts a boom in automation right here in the U.S.

		Preventing unplanned downtime: the secure control system South Africa Instrumentation & Control, July 2008 By Bob Huba, Emerson Process Management One aspect of unplanned downtime that is coming into focus is that caused by breaches in control system security. The problem is best addressed by ensuring physical site security is adequate, correct system security procedures are in place and control system operators and engineers are properly trained.

		Defense in Depth Control Engineering Asia, June 2008 By Eric Byres Many companies base their plant floor/SCADA security solution on a single firewall between the business network and the control system network, believing that this firewall will be the ultimate security filter and prevent anything evil from ever getting to the control system. Unfortunately, nothing could be further from the truth.

		Factory Automation: Secret's in the system InTech, July 2008 By Ellen Fussell Policastro If you are packaging pills, building automotive parts, or labeling bottles of soda, you might think your processes do not have to be as secure as a nuclear plant or chemical plant. Think again.

		Flirting with disaster InTech, July 2008 By Michael Carey A true disaster recovery plan needs to not only address software but also hardware and the network. It also needs to address prevention and recovery and take into account the ability to protect systems using current technology and legacy systems where replacement hardware may not be available.

		Loose Lips Sink Assembly Systems Assembly, June 2008 By John Sprovieri To ensure they will be first to market with a hot new product, manufacturers often go to great lengths to protect the secrecy of what they’re assembling and how they’re assembling it. To help their customers maintain a competitive advantage, systems integrators follow a host of standard operating procedures designed to keep secrets under wraps.

		Making Cyber Security Mandatory Automation World, June 2008 By Wes Iverson The newly approved NERC CIP standards covering cyber security in the electric power industry may be controversial, but there are big fines for lack of compliance. While other U.S. “critical infrastructure” industry segments are coming under increasing federal pressure to improve their cyber security, initiatives aimed at the power industry are in some ways the furthest advanced.

		Corporate IT Helps Plants with Security Automation World, June 2008 By Rob Spiegel The best solutions for securing the plant usually come through strong communication between plant operators and IT personnel. One of the more popular emerging solutions is the creation of a team consisting of plant engineers and IT staff. This team takes on the responsibility for securing the plant, and no decisions are made without input from both control engineers and IT staff.

		Tactics for Plant Security Automation World, June 2008 By Rob Spiegel The information technology (IT) department at an enterprise offers a range of ways to secure the plant network. But not all of these tactics are appropriate for the plant. Control engineers have to pick and choose to make sure the network is secure, while also making sure security tactics don’t interfere with availability or safety.

		Office/Plant Security Clash Automation World, June 2008 By Rob Spiegel According to ARC, the conflict between the plant and the information technology (IT) group stems from a long list of conflicting missions, systems and priorities.

		On the Road to Cyber Security Automation World, June 2008 A 10-year roadmap for achieving control system cyber security in the energy industry has been hailed as a model for other industries. Here’s a look at progress to date.

		Insider Threats Demand Focused Security Reviews Automation World, June 2008 By Robert Mick Over the last several years, growing cyber threats coupled with the ongoing discovery of new vulnerabilities has demanded a lot of attention within the manufacturing community.

		Peril in the pipeline InTech, June 2008 By Marshall Abrams and Joe Weiss Cyber security often focuses on the vulnerabilities of commercial off-the-shelf software and Internet access, with malicious activity as the primary concern. But more discussion is needed about control system cyber security and how its policies and countermeasures can potentially preclude or minimize the impacts of a control system cyber security event.

		Interlocking a matter of safety InTech, June 2008 By Michael Carey A common mistake when designing an automation system is to incorporate too many interlocks. Creating too many interlocks restricts the ability to operate the system when the system goes into abnormal operation.

		Don't judge a supplier by its name By Frank Hurtte, Contributing Author. For those of us who live and breathe the rarified vapors of technology based automation, it's pretty hard to fathom how life existed without electronic automation. Yet, it has been a short 30 years since the venerable PLC became anything more than a novelty outside of the Big 3 in Detroit. Sometime in the late 1970s, microprocessors changed our lives forever. Since those early days, the power of these tiny chips forever changed the way we think about manufacturing.

		Regional Manufacturing Expos Prove Most Valuable By Thomas R. Cutler Deciding which conferences, webinars, and expos are worthwhile for manufacturing engineers and buyers to attend often feels like a dangerous yellow brick road, never knowing quite what to expect.

		Blending Plant Operations with Enterprise Management Automation World, May 2008 By Rob Spiegel The war between plant operations and IT is over. Here’s a look at the major trends in information technology that are having a direct and growing impact on plant operations.

		ABB is powered up and running at high efficiency! By Bill Lydon The products and services shown at ABB Automation World in Houston, Texas along with the enthusiasm of the ABB employees and users would seem to explain why the company’s 1st quarter 2008 earnings beat investment analysts’ consensus by over 40%. The three-day trade show and conference ran from April 29 through May 1 in Houston, Texas. There was a great deal of energy and enthusiasm at the event which showcased ABB products, ABB services, partner products, and over 300 workshops/training sessions.

		Quantifying Cyber Security Risk Part 2 Control Engineering, May 2008 By Morgan Henrie, Univ of Alaska, and Paul Liddell, Alyeska Pipeline Each company has to balance the risk of a potential SCADA cyber security event, the effects an event could have on the company, its customers, and other stakeholders, as well as the cost of a cyber security mitigation program. The hardest step in the design and deployment of the overall risk mitigation strategy is quantifying the risk.

		Consider the Consequences of a Cyberattack Industrial Networking, May 2008 By John Rezabek, ISP Corp. One only can assume that fear of bad press must keep most victims from publicizing or revealing any successful cyberattack. Reports of serious breaches in industry still seem to be few and far between. That we are vulnerable is hard to deny.

		Combining Cyber and Physical Security Control Engineering, April 2008 By Frank Madren, GarrettCom Security technologies developed in electric utility applications are spreading into broader use. IP based video extends functionality of Ethernet infrastructure.

		Wireless Security On The Plant Floor Industrial Ethernet Book, April 2008 By Wally Gastreich The goal of wireless network implementations is to provide benefits identical to common wired networks and protect the network and resources from security related issues. Here’s how to secure a plant floor wireless network.

		Feel Secure about Vulnerability Assessments Chemical Processing, March 2008 By Frank Pisciotta, Business Protection Specialists, and Deborah Allen, Potash Corp. The U.S. government has established its first-ever security mandates for “high risk chemical facilities.” The Chemical Facility Anti-Terrorism Standards are designed to identify high risk facilities. This article offers guidance to help you prepare such materials and respond to DHS in the event your facility must conduct a security vulnerability assessment.

		Department of Homeland Security Regulations May Impact Ethanol Producers Ethanol Producer Magazine, April 2008 By Scott E. Hitch and Steven A. Burns DHS regulates chemical facilities that present high levels of security risk. Facilities subject to DHS regulation must develop and implement layered security measures for site security plans that address the vulnerability assessment and the risk-based performance standards for security for the facility. Many ethanol facilities may be out of compliance.

		Take Steps to Stymie Cyber-Criminals Automation World, March 2008 By C. Kenna Amos What drives better security is manufacturing taking responsibility for itself.

		Just Because They Haven’t, Doesn’t Mean They Won’t Control, March 2008 By Walt Boyes Control’s editor ponders the possibilities of cyber attacks on SCADA and control systems, and suggests we work to protect them.

		Quantifying Cyber Security Risk Control Engineering, March 2008 By Morgan Henrie, Univ of Alaska and Paul Liddell, Alyeska Pipeline Service Basic risk analysis techniques can help you understand the cyber threats to industrial control systems and SCADA systems overseeing electric utility distribution. This step will help as you begin planning a defensive strategy.

		Uninterruptible power systems meet factory automation security Intech, March 2008 By Michael Stout and Michael Gibson Harsh industrial power environments demand high-level power protection: The right UPS can meet that demand. There are four UPS designs: offline, line-interactive, double conversion online, and flywheel.

		The Horse with Stripes Control, February 2008 By Walt Boyes Many IT security professionals now profess to be “industrial cyber security experts” because they understand “SCADA” and have worked for years in enterprise IT and enterprise cybersecurity. But it takes more than that to function properly in the industrial controls environment.

		Time for Plant and Corporate IT to Grow Up Control, February 2008 By Charlie Gifford, 21st Century Manufacturing Solutions Subject: the bloody war zone in manufacturing operations management (MOM) systems. Neither side realizes how large and complex job it is to integrate and translate between the plant and business in real-time.

		Capital Preservation, Businesses’ Life Blood Control, February 2008 By Dave Harrold Stand before an audience of senior executives, use the word “safety” in your opening remarks, and watch the eyes begin to roll as everyone begins looking for the nearest exit. If they were called ‘instrumented capital preservation systems’ instead of safety instrumented systems, every CEO would insist the company invest in them.

		Integrating Enterprise and Plant IT Functions Control Engineering, February 2008 By Jim Ricigliano, Wyeth Pharmaceuticals, and Matthew Bauer, Rockwell Automation When pharmaceutical manufacturing processes are automated there are many benefits, but implementation can demand difficult choices. Integration often brings enterprise IT onto the plant floor.

		RFID - Rx for Drug Security? CEP, February 2008 By Gerald Parkinson Some pharmaceutical companies are turning to radio frequency identification to protect against counterfeiting and theft of expensive drugs.

		2008 Pinto’s Pointers – Technologies & Markets by Jim Pinto Because of its fragmentation, low volumes and conservative customer base, industrial automation is relatively slow to change. In the broad automation markets, there are pockets of technology and market growth that deserve special review. Here are Jim Pinto’s pointers and prognostications regarding the top automation technology and market trends that will gain traction in the coming year.

		Wolves at the Security House Door(s), Part 2 Control, January 2008 By Eric Byres If the Single Firewall is not Secure Enough for Control Systems, What Security Model Is?

		Forget the silos, build the bridges Intech, December 2007 By Eric Byres, Jim Bauhs, and Brian Mason Where does one start when attempting to improve the security of the plant floor from these threats from outside world? We believe the only technique with a high chance of success is a highly coordinated effort by both IT and IC. This paper looks at techniques that can make this possible.

		More Fiber in Your Network Diet Control, December 2007 By Dan Hebert, senior technical editor It is extremely difficult to eavesdrop on fiber-optic connections, guaranteeing a high degree of security.

		Breaching Boundaries Automation World, December 2007 By Greg Farnum, Contributing Editor Security is included in the official OPC-UA stack, which is available royalty-free to OPC members. Users have the option to enable or disable the use of security.

		With maintenance like this, who needs terrorism? Plant Services, December 2007 By Paul Studebaker A recent pipeline explosion is just another disaster on U.S. soil that could have been prevented by solid maintenance practices.

		Plug leaks in the firewall to improve Ethernet security Plant Engineering, December 2007 By Larry Komarek, Phoenix Contact A single firewall that isolates the Internet from the plant network is insufficient protection for the underlying control systems. Those planning the security system must consider multiple layers of protection between manufacturing departments, independent manufacturing lines and the enterprise system network.

		Survey: Insider carelessness cause of most security threats ISHN, December 2007 New survey indicates that the biggest workplace cyber threats are often unintentional, resulting from carelessness or ignorance from individuals within the organization or company.

		Cyber Security: The Human Factor Control Engineering Supplement, November 2007 By Peter Welander Your people can be the weakest security link. In some cases an unhappy employee can cause deliberate sabotage, but these situations are less frequent than people doing stupid things. Or sometimes people fall for a social engineering scam that makes them open the door to a virus or hacker.

		Cyber Risk Assessment Control Engineering Supplement, November 2007 By Todd Nicholson, Industrial Defender Completing a risk assessment can uncover cyber security vulnerabilities before they become disruptive to the real-time process control and supervisory control and data acquisition (SCADA) network.

		Serial Network Security with Device Routers Control Engineering Supplement, November 2007 By Howard Linton, GarrettCom Providing cyber security for legacy serial networks can be simpler using a new family of serial device routers. These devices bridge the gap between Ethernet and serial protocols while providing protection.

		A security primer: 8 steps to building a security infrastructure Control Engineering Supplement, November 2007 Any system that secures plant assets should follow a “defense in depth” strategy that takes a multilayer approach including the creation of security zones.

		Security Control Engineering Supplement, November 2007 Plant operations managers need to recognize that although they may feel isolated from security threats, in reality they are not. Three common myths must be debunked.

		Plug cyber-security gaps Chem Processing By Seán Ottewell, contributing editor It’s time for the chemical industry to ratchet up its cyber-security efforts. There’s a surge in interest in cyber-subjects such as security certification, defense-in-depth strategies, risk-based planning and improved policies and procedures.

		Get ready to comply with new security mandates Chem Processing By David A. Moore and Dorothy Kellogg, AcuTech Consulting Group New anti-terrorism standards require the Department of Homeland Security to identify and regulate "high-risk chemical facilities." These facilities will be subject to a security vulnerability assessment.

		Access Control: Keeping terrorist attacks out of your plant - 12/27/07 Plant Services, October 2007 By Sheila Kennedy Chemical plants, water systems, oil refineries, food manufacturers, the electrical grid – American industry is rife with risk. A variety of technologies can help control access to your plant, materials and information, and mitigate the risk of becoming an unwitting party to a terrorist event.

		Beyond F.U.D.: How to start securing your DCS network today By Doug Clifton - Invensys Process Systems Cyber Security is much more than a firewall; it's education, data integrity, protection of intellectual property and so forth. The worse thing you can do is wait another minute to do something to start securing your network. This white paper shows how to get started

		Cyber security is a team effort Plant Services, April 2007 By Joe Weiss PE, CISM Modern communications and networking technologies can render your control system vulnerable to intentional or unintentional cyber events. Operations and IT need to address these vulnerabilities with a joint effort.

		Security Protocols for the Embedded Internet Embedded System Conference, April 2007 By Tracy T. Thomas, Ph. D., U S Software Corporation This paper reviews security attacks, requirements, and implementation with a focus on suitability for embedded systems.

		10 Control System Security Threats Control Engineering, April 2007 By Peter Welander, Control Engineering Based on work done by the North American Electric Reliability Corp., these control system vulnerabilities are the place to start to prevent a security breach.

		Chemical security rules edge forward Chemical Processing, February 2007 By Lynn Bergeson, regulatory editor Advance Notice of Rulemaking (ANR) on anti-terrorism standards for chemical facilities was issued December 22, 2006, by the U.S. Department of Homeland Security (DHS). This article is a summary of this important initiative, 71 Fed. Reg. 78276.

		Security Is a Journey Automation World, March 2007 By C. Kenna Amos, Contributing Editor Information technology (IT) security and network security must become part of the framework of every deployed application and technology. That entails embedding security into the network fabric itself. But it also makes sense that security strategies cover all manufacturing and corporate assets—and that the production environment and automation systems be isolated from the rest of the enterprise. IT and automation engineers have different opinions on computing and network assets applied in the manufacturing and control-systems spaces

		Lessons in Cyber Security Automation World, March 2007 By Wes Iversen, Managing Editor Attendees at this year’s Process Control Systems Forum received a concentrated look at the latest tools, techniques and projects in control systems cyber security. “We face real dangers from sophisticated, nimble and organized adversaries who will stop at nothing to achieve their objectives. The truth is that our networks and control systems are vulnerable, and they’re exposed, and we have to change that,” declared Bruce Landis, deputy assistant secretary for Cyber Security and Telecommunications for the U.S. Department of Homeland Security (DHS).

		Network security for device servers By Sena Technologies Device servers deliver the appropriate network connection and physical interface for industrial device applications. Providing this function in a secure fashion is becoming a major concern for industrial IT managers as burgeoning numbers of industrial devices receive a real or proxy Ethernet connections. Security-related features have become one of the main factors in device server selection.

		OPC Consideration for Network Security Cyber security means the confidentiality, integrity, and availability of computers, applications, and digital-based assets. In most organizations, this is the responsibility of the corporate IT group. Unfortunately, whenever IT meets real-time control systems, trouble erupts. So when IT implements different Windows Domains and Firewalls, the first casualty is typically DCOM communication and, consequently, OPC traffic.

		Mobile Malware Creates Opportunity for Managed Security Services While malware targeting mobile devices is a relatively recent problem, significant increases in shipments of smartphones, as well as increasing market penetration by Microsoft, have made mobile devices much more attractive targets for hackers. According to ABI Research, the newest and most intriguing market opportunity for mobile security is the growth of mobile device security managed services.

Automation.com Real-time Information for the Automation Professional May. 26, 2012

Cart

Automation.com

NOTICE: Your use of Automation.com constitutes your agreement to the Legal Notices, Policies, Terms, and Conditions governing its use. You should review these terms before proceeding.Copyright © 2000-2010 Automation.com - automation.com, automationtechies.com, automationtechies, automationtechie, and Member-Match are all trade and service marks of Automation Resources, Inc. All Rights Reserved.