Dear Editor,
In the September issue Mitsubishi Electric argued that, in light of Stuxnet, PLC based connections between the plant/asset and the enterprise represent a more secure option than PC connections (Automation, September, New defences after Stuxnet). However, because Stuxnet was the first virus to have a PLC rootkit, I think it proves quite the opposite. It demonstrates that, without protection, no system is safe, whether it’s PC or PLC based.
Legend says King Cnut sat at the shore of the sea and commanded the tide to halt and not wet his feet and robes. The sea continued unabated of course. Attempting to stem the tide of Windows based industrial computing is equally futile. Engineers chose Windows two decades ago. It’s too late to change our minds.
The real task, as Mitsubishi observes, is to protect those systems that already exist. As a provider of industrial IT solutions we are now implementing security devices specifically designed for industrial applications, effective in securing protocols such as Modbus TCP and OPC Classic. These are easy to install and configure and there’s no need to replace your legacy PCs with specialist PLCs.
Ultimately though, Mitsubishi is correct in arguing the UK and Europe’s industrial computing infrastructure is horrifically exposed to attack. This is particularly true of elements that are running on legacy IT and control systems. The lifespan of the existing installed base of industrial computing and automation solutions means we will be dealing with this risk for years to come, providing we choose to do more than just stand on the shore at shout at the sea.
Mike Lees
HardwarePT, the industrial computing and connectivity business unit of SolutionsPT
