NDU prof: Digital control systems can weaken security

The growing integration of digital control systems with traditional computer networks is opening a new avenue of attack against the nation's physical infrastructure, John H. Saunders, a professor at the National Defense University, said today.

Controls for operating utilities, buildings and campuses are being turned over to cost-effective digital systems with remote access capabilities.

'The security part of the equation never arises,' Saunders said at the GOVSEC security conference in Washington. 'I think we've been lucky until now, but I wouldn't count on that continuing. It won't be long before anyone in the world is able to access these systems.'

Proprietary protocols and single-purpose firmware have offered a degree of security for these systems. But standardizing on a few protocols is increasing the risk.

'IP is overrunning this whole area,' Saunders said. 'It has been adopted at all levels.'

Digital control systems also are being connected to LANs, WANs and the Internet for remote administration. 'For the most part, security has not been a focus for vendors,' he said. 'They tend to push functionality and access levels."

Government administrators can do little about the level of security at utilities, but they can increase security within their own buildings, Saunders said.

Building engineers need to focus on security the way systems administrators do, by performing systems inventories and vulnerability and risk assessments, and by implementing policy, he said.

Saunders said the first security standards for digital control systems are expected to be released soon by ISA, a standards organization based in Research Triangle Park, N.C. The National Institute of Standards and Technology also is expected to release security guidelines soon.

About the Author

William Jackson is a Maryland-based freelance writer.


  • Russia prying into state, local networks

    A Russian state-sponsored advanced persistent threat actor targeting state, local, territorial and tribal government networks exfiltrated data from at least two victims.

  • Marines on patrol (US Marines)

    Using AVs to tell friend from foe

    The Defense Advanced Research Projects Agency is looking for ways autonomous vehicles can make it easier for commanders to detect and track threats among civilians in complex urban environments without escalating tensions.

Stay Connected