NDU prof: Digital control systems can weaken security

The growing integration of digital control systems with traditional computer networks is opening a new avenue of attack against the nation's physical infrastructure, John H. Saunders, a professor at the National Defense University, said today.

Controls for operating utilities, buildings and campuses are being turned over to cost-effective digital systems with remote access capabilities.

'The security part of the equation never arises,' Saunders said at the GOVSEC security conference in Washington. 'I think we've been lucky until now, but I wouldn't count on that continuing. It won't be long before anyone in the world is able to access these systems.'

Proprietary protocols and single-purpose firmware have offered a degree of security for these systems. But standardizing on a few protocols is increasing the risk.

'IP is overrunning this whole area,' Saunders said. 'It has been adopted at all levels.'

Digital control systems also are being connected to LANs, WANs and the Internet for remote administration. 'For the most part, security has not been a focus for vendors,' he said. 'They tend to push functionality and access levels."

Government administrators can do little about the level of security at utilities, but they can increase security within their own buildings, Saunders said.

Building engineers need to focus on security the way systems administrators do, by performing systems inventories and vulnerability and risk assessments, and by implementing policy, he said.

Saunders said the first security standards for digital control systems are expected to be released soon by ISA, a standards organization based in Research Triangle Park, N.C. The National Institute of Standards and Technology also is expected to release security guidelines soon.

About the Author

William Jackson is a Maryland-based freelance writer.


  • Records management: Look beyond the NARA mandates

    Pandemic tests electronic records management

    Between the rush enable more virtual collaboration, stalled digitization of archived records and managing records that reside in datasets, records management executives are sorting through new challenges.

  • boy learning at home (Travelpixs/Shutterstock.com)

    Tucson’s community wireless bridges the digital divide

    The city built cell sites at government-owned facilities such as fire departments and libraries that were already connected to Tucson’s existing fiber backbone.

Stay Connected