Cyber security: From “reel” life to “real” life
Are Hollywood portrayals of cyber attacks exaggerating the risks we face?
Since the early 1980s, when Hollywood showed “War Games,” where a teenage gamer brought the world to the edge of nuclear destruction, the entertainment industry has been frightening us about the Internet and the vital systems it supports. In the 2007 “Die Hard” movie, Bruce Willis fights hackers out to destroy America’s vital infrastructure. All good fun in the movies, but how close are these scenarios to reality? Is it wrong for us to use the phenomenal power of computer networks to improve the performance of our power grids and banking systems?
The short answer is no. We need computers to process the vast quantities of data generated by today’s modern systems. Without them, we would not be able to function. The smart grids that keep our power flowing (even in the face of rising demand for electricity and the unpredictable nature of renewable power sources) are made possible by sophisticated automation systems relying on advanced computer networks.
As power grids have become more complex, they have come to rely more heavily on computer-based automation. Operators have adopted open IT standards and today’s “smarter” grids are increasingly interconnected. These developments provide operators with a much clearer view of conditions in the grid, improving reliability and quicker fault resolution. It also increases the grid’s exposure to cyber security threats.
Cyber security is a topic that we all need to take very seriously, especially those of us working for engineering companies. It needs to be an integral part of product-lifecycle processes, from early design and development, through to testing and commissioning.
It’s also important that companies contribute to industry initiatives, like the IEEE and IEC, to build and maintain the necessary standards to protect our critical installations – cyber security is everyone’s problem and collaborations are essential if we are to keep pace with new developments.
Of course cyber threats can never be said to be conquered. As technologies advance, so new threats develop and technicians must be constantly vigilant to stay ahead of the game. Potential weaknesses must be removed before they can be exploited and new designs challenged with state-of-the-art testing tools before they can be used.
Sophisticated threats need sophisticated defenses. That said, some of the most effective methods of protection are “simple things”, like processes for user authorization that customer organizations manage themselves. Products and systems that support user accounts, with individual log-ins and access credentials, customized access levels and authorization procedures, are well-placed to meet specific and changing requirements.
So while cyber security threats are a real and present risk, there is a battery of finely tuned, constantly updated protection strategies out there, and well-thought-out standards (and of course standard-compliant products and systems) will keep that threat at bay.
To learn more about ABB’s approach and capabilities in cyber security, please visit http://www.abb.com/cybersecurity