This is a subject I am passionate about (sad I know). My feeling is that what we see today, while undesirable, is a foreseen consequence of industry standardizing on open technologies for distributed control and SCADA networks. Don’t get me wrong I believe Ethernet is great technology and when deployed as a ‘network’ rather than simply ‘connectivity’ it can provide much gain with controlled amount of pain. What has happened in many cases over the years is somewhat different.
Take a moment to see what kicked this all off. In 1998-early 2000’s. The major automation vendors all had their own, often proprietary, Fieldbus protocols that tended to lock customers into their particular offer.
Meanwhile Ethernet, a technology that evolved in the enterprise IT sector, had reduced in deployable size and cost. Robust din rail deployments with millisecond path recovery and enormous improvements in transmission speed were all now part of the Ethernet package. These technology characteristics ticked many of the boxes most system users had, to then, only dreamed for.
The openness of Ethernet was however ‘a challenge’ to those that had already made significant investments in the more proprietary networking approaches and, in my opinion, this fact resulted in a campaign to largely undermine the Ethernet technology with statements such as ‘non-deterministic’ and ‘poor reliability’. It was clear to me at least that the strategy of confusion was an attempt to delay demand until their respective ability to supply came about.
Those that took the time to scratch beneath the surface recognised that the determinism and reliability issues had been largely overcome. The natural evolution of the technology (Full Duplex, switched Ethernet) provided predictable high-speed communication and Hirschmann’s original ring-redundancy protocol solved many of Ethernet’s resilience issues.
Here’s the thing, had major Automation Vendors hung their respective hats on Ethernet’s challenges surrounding network security rather than determinism their argument would have got stronger over the years (think 9/11 & 7/7). Since these global events, the threat landscape changed dramatically, for the Vendors it was, however, too late – the ‘Ethernet horse’ had bolted. Every Automation Vendor now had an Ethernet Offer – some incredibly weak as they rushed to market using low-cost silicon packages designed originally for printers, not PLCs. It is these control assets, with weak networking characteristics, that have also proved to be extremely reliable; allowing their use, to coin a phrase, be ‘sweated’.
The Systems Integrator community has also been able to benefit from Ethernet’s high reliability and ease of deployment; the issue of security is rarely theirs after all. It is the System’s owner that has ultimately been landed with the problem – we have all seen recent headlines – even the biggest brands are at risk!
That hidden gem – Ethernet – the lifeblood of every modern Automation system, is potentially a highly vulnerable; consequently so are the control assets that use it.
UK Government has recognised the need for action and also good practice (www.cpni.gov.uk); industries deemed critical to national infrastructure are now investing significantly in understanding the challenges and risks they face from the cyber threat and are working hard to mitigate them.
This is an opinion and others may or not share it. My provenance comes from being involved in the launch of the Industrial Ethernet technology back in 1996 and having been in the business of both network solution selling, implementation and support and also product selling for 17+ years – my insight is at least first-hand! I also know that a key area of IT4A’s business today is automation network and cyber security delivered across reliable and managed network infrastructure – we know even the most challenging of networks can be made significantly better though following good practice guidelines.
Perhaps the time to finally bury SCADA’s ‘Security through Obscurity’ adage has finally come?
IT4Automation are the first Automation networking specialist to achieve ISO9001:2015, ISO 14001:2015 and ISO 18001:2008 in their drive to become fit for nuclear.
Find out more by giving us a call today on 08707 10 40 60.