NDU prof: Digital control systems can weaken security

The growing integration of digital control systems with traditional computer networks is opening a new avenue of attack against the nation's physical infrastructure, John H. Saunders, a professor at the National Defense University, said today.

Controls for operating utilities, buildings and campuses are being turned over to cost-effective digital systems with remote access capabilities.

'The security part of the equation never arises,' Saunders said at the GOVSEC security conference in Washington. 'I think we've been lucky until now, but I wouldn't count on that continuing. It won't be long before anyone in the world is able to access these systems.'

Proprietary protocols and single-purpose firmware have offered a degree of security for these systems. But standardizing on a few protocols is increasing the risk.

'IP is overrunning this whole area,' Saunders said. 'It has been adopted at all levels.'

Digital control systems also are being connected to LANs, WANs and the Internet for remote administration. 'For the most part, security has not been a focus for vendors,' he said. 'They tend to push functionality and access levels."

Government administrators can do little about the level of security at utilities, but they can increase security within their own buildings, Saunders said.

Building engineers need to focus on security the way systems administrators do, by performing systems inventories and vulnerability and risk assessments, and by implementing policy, he said.

Saunders said the first security standards for digital control systems are expected to be released soon by ISA, a standards organization based in Research Triangle Park, N.C. The National Institute of Standards and Technology also is expected to release security guidelines soon.

About the Author

William Jackson is a Maryland-based freelance writer.


  • 2020 Government Innovation Awards
    Government Innovation Awards - https://governmentinnovationawards.com

    21 Public Sector Innovation award winners

    These projects at the federal, state and local levels show just how transformative government IT can be.

  • Federal 100 Awards
    cheering federal workers

    Nominations for the 2021 Fed 100 are now being accepted

    The deadline for submissions is Dec. 31.

Stay Connected