Manufacturers and process plant operators wanting to monitor and control machines and shop floor operations remotely via the web and VPNs are attracting the attention of the data security big boys.
CheckPoint, whose systems run corporate network security for 98% of the world’s Fortune 500, is the latest to enter what analysts see as a significant growth market. The company has launched what it claims is the UK’s first dedicated ‘unified threat management’ (UTM) appliance specifically to protect t factory floor equipment and systems from cyber attack.
It’s responding to a potentially serious risk that’s been running up the manufacturing business agenda over the last couple of years. It’s not just corporate networks that are threatened by external attack, malware and other IT security breaches: production systems linked to IP networks are also vulnerable – and the issues here are downtime, equipment damage, product damage and even personal injury or death.
CheckPoint managing director nick Lowe says: “A number of very large customers wanting to ‘IPise’ their manufacturing and control processes have been coming to us because their due diligence shows that these systems are just as vulnerable as any web application might be. So they need to protect them from all the threats and especially denial of service.”
So it’s product, dubbed VPN-1 Edge X industrial model, covers all the main threats – external attack, malware, security configuration errors etc that could lead to downtime, damage and personnel injury.
It’s a significant development of its existing corporate network systems. The UTM concept consolidates multiple security aspects (sophisticated firewall, VPN, antivirus and intrusion detection and prevention right down at the application layer) all in a single appliance.
That makes it relatively quick to certify and implement: analyst IDC predicts that by 2007 80% of all network security will be delivered by dedicated appliances. And with CheckPoint’s work on form factors, ruggedising, power outputs and so forth for industrial use – achieved through co-operation with a large unnamed petrochemical company – it appears fit for purpose.
It also provides for central and remote security management so that users can integrate production floor equipment into CheckPoint’s unified security architecture, and efficiently administer security at multiple sites. The petrochem company has apparently implemented systems at every one of its remote wellheads.
Says Lowe: “It’s also very pertinent to the patch problem, where patches aimed at securing vulnerabilities can’t be applied until they’ve been certified for the machines and processes concerned. Smart Defence protects known vulnerabilities by looking for activity that is not normal application behaviour and make decisions about prevention. So we’re buying time for users so they don’t need to apply patches straight away.
“This is a ‘first in class’ appliance. It protects not just the device but the applications and processes from denial of service and web attaccks. We can also protect Intel-based applications with our Integrity system, which can run on control processes.”