1660240840296 49d546d6742f4b379cc447357fce1efb

Cybersecurity: Arm yourself

Jan. 10, 2018
Thomas Wilk says the focus on cybersecurity has taken a sudden turn toward the processors themselves.

Meltdown and Spectre.

They sound like a Bond villain and one of the X-Men. Instead, they’re the latest cybersecurity vulnerabilities that have emerged to keep your IT teams awake at night, and possibly you, too.

Rarely has a breaking news item felt more timely to the Plant Services editors. Less than a week after putting our first cover story on cybersecurity to bed, two new and serious security vulnerabilities came to light.

And they’re not just any kind of vulnerability – the bad news is that both of these are baked into the processors themselves, across billions of devices. As an Apple blog post stated, “these issues apply to all modern processors and affect nearly all computing devices and operating systems,” from cloud services and computers to phones and browsers.

The first good news is that there has already been a concerted effort on the part of processor companies, operating system companies, and cloud providers to address these vulnerabilities. An excellent summary of the initial responses can be found in a recent Ars Technica article; another article, from Gizmodo, provides an ongoing list of patch releases and operating system updates so you can check to see if your devices are still vulnerable from these new threats.

From the Editor

This article is part of our monthly From the Editor column. Read more from Thomas Wilk.

Part of what feels so surprising about Meltdown and Spectre is that the risks they represent are not due to the actions of bad actors from the outside who intentionally try to hack into your plant network; they also are not due to any errors in human judgment that might introduce security risks (i.e., not changing passwords frequently enough, or plugging an unsecured smartphone or USB stick into a device connected to your control network). These flaws are on the inside of the devices themselves, a vector that is less commonly discussed when it comes to cybersecurity best practices.

Plant Services went to press before news broke about Meltdown and Spectre, so you won’t find mention of either in this month’s cover story. However, you will find coverage of our industry’s response to other cyber-threats, including information from a presentation by Alan Berman, president and CEO of the not-for-profit Disaster Recovery International Foundation (DRIF), in October at the 2017 SMRP Conference, and practical advice on everyday cybersecurity tactics that you can implement with your teams, especially when considering use of cloud technologies for PdM or similarly data-intensive initiatives.

And the second good news? Our industry is familiar and already deeply engaged with cybersecurity issues, to the point that members of the Homeland Security department are approaching SMRP to provide counsel in these areas, as Howard Penrose outlined last May in Plant Services.

New vulnerabilities may be inevitable, but our industry is already having the right conversations.

About the Author

Thomas Wilk | editor in chief

Thomas Wilk joined Plant Services as editor in chief in 2014. Previously, Wilk was content strategist / mobile media manager at Panduit. Prior to Panduit, Tom was lead editor for Battelle Memorial Institute's Environmental Restoration team, and taught business and technical writing at Ohio State University for eight years. Tom holds a BA from the University of Illinois and an MA from Ohio State University

Sponsored Recommendations

Arc Flash Prevention: What You Need to Know

March 28, 2024
Download to learn: how an arc flash forms and common causes, safety recommendations to help prevent arc flash exposure (including the use of lockout tagout and energy isolating...

Reduce engineering time by 50%

March 28, 2024
Learn how smart value chain applications are made possible by moving from manually-intensive CAD-based drafting packages to modern CAE software.

Filter Monitoring with Rittal's Blue e Air Conditioner

March 28, 2024
Steve Sullivan, Training Supervisor for Rittal North America, provides an overview of the filter monitoring capabilities of the Blue e line of industrial air conditioners.

Limitations of MERV Ratings for Dust Collector Filters

Feb. 23, 2024
It can be complicated and confusing to select the safest and most efficient dust collector filters for your facility. For the HVAC industry, MERV ratings are king. But MERV ratings...