INFORMATION TECHNOLOGY
More than 80% of computer-system breaches had patches available for more
than a year. Are your systems up to date?
You Can Prevent Attacks
In a presentation at the recent ARC Forum conference (Feb. 8 to 11, 2016,
Orlando, FL, arcweb.com), Stuart Madnick, professor of information
technologies at MIT's Sloan School of Management, Cambridge, MA,
presented findings from research performed as part of the MIT Interdisciplinary Consortium for Improving Critical Infrastructure Cybersecurity.
Addressing the question, How did breaches (threats) occur?
■ 67% were aided by significant errors by the victim
■ 64% resulted from hacking
■ 38% used malware
■ >80% of breaches had patches available for more than a year
■ 75% of cases go undiscovered or uncontained for weeks or months.
Do You
Have Cyber
Security?
FEW COMPANIES HAVE a true grasp of
cyber security and their computer technology
in general. For most, when cyber security
rears its ugly head, it's usually in the form of
a very expensive crisis. It's a massive undertaking to gain a full grasp of what you own
in terms of hardware and software, who has
access to your systems, and how resistant you
are to cyber attacks. It's likely that the most
challenging aspect of cyber security is maintaining control into the foreseeable future. To
help you better evaluate your situation, here's
information from two people with more than
a little cyber-security experience.-Gary L.
Parr, editorial director
APRIL 2016
■
Findings from the Research
■ Solving security problems "upstream" is more effective than fixing
them "downstream."
■ Models help understand the security issues involved in patching and
software release dynamics.
■ Understanding the tools and techniques of finding vulnerabilities helps
improve security.
■ Understanding the researcher/hacker/security workforce helps with
defense.
■ All organizations can learn from bug bounty programs.
The MIT people also recommend that you apply accident and safety
research to cyber-security failures. In other words, they treat events as
a type of accident and use prior research from other events to identify,
understand, and mitigate possible cyber hazards.
■
Seven IT Factors to Apply to ICE
Mike Bastian, global controls manager, Ford Powertrain, Dearborn, MI,
discussed his team's work to apply IT security practices to the industrial
control environment (ICE) in a presentation at the Manufacturing in
America event, held in Detroit, March 23 and 24, 2016. The event was
presented by Siemens Industry Inc., Norcross, GA, and Electro-Matic
Products Inc., Farmington Hills, MI. As a result of their work, they have
identified seven areas that should be applied to ICE:
■ Establish a disaster-recovery plan that allows you to promptly replace/
restore all hardware and software.
■ Maintain full control over any changes in hardware or software.
■ Implement a "line of sight" arrangement that does not allow any
external access to internal networks/systems.
■ Install virus and malware protection and keep it up to date.
■ Use secure access controls, particularly passwords, wherever possible.
■ Determine early on what will be the end of life for hardware and
software.
■ Manage your internal technology and that of your suppliers. For Ford,
that means Tier I and II suppliers. MT
MAINTENANCETECHNOLOGY.COM | 41
http://www.arcweb.comhttp://www.MAINTENANCETECHNOLOGY.COM
Table of Contents for the Digital Edition of Maintenance Technology April 2016