What is in this article?:
- SCADA Security Predictions: 2013
- Five Predictions for 2013
Every January I get asked to make between three and five predictions for the upcoming year. Then every December people remind me that I made those predications 12 months ago. Then they get to tell me how poorly I did. In between January and December I get to worry.
Five Predictions for 2013
Prediction #1: Tablets (iPad and Android) will start to be used in SCADA and ICS
Back in December, I blogged about a survey that asked engineers to identify their unfulfilled industrial networking desires. The number one item turned out to be “Connecting to the factory with a smart phone.” This is the year that the mainstream control system vendors will start promoting iOS apps and iPhones/iPad will start to be used for industrial applications.
As with all industrial technologies, we won’t see a full invasion of iDevices on the plant floor in 2013, but the wall will be breached. Maintenance and support applications will be the first applications. When your maintenance team is trying to repair that failed transmitter or troubleshoot that drive at 2:00 AM, it is very nice to be able to check the inventory system for spare parts or review the online manuals for troubleshooting advice. Being able to do that right where the problem is (rather than having to go back to the office) will be a powerful driver for allowing tablet devices on the plant floor.
This won’t be pretty from a security point of view, but we will have to get used to it. Maybe it will drive the industry to deploy holistic security strategies rather than the security band-aids so often seen now.
Prediction #2: International Security Standards Start to Mature
One of the issues for companies wanting to start securing their ICS is the existence of so many competing SCADA and ICS security standards. Last year the security committees at ISA and IEC joined forces and the result was the ratification of IEC/ISA 62443-2-1 - Industrial automation and control systems security management system.
This year there will be more coalescing of different industry and national documents into coherent international standards. At the same time, the usability of consistency of the standards will improve -- a number of new or substantially improved documents will be released -- for example, a completely rewritten 62443-02-01 may be available before December.
Prediction #3: Independent SCADA/ICS Security Professional Certifications Will Be Available
Today anyone who can use SCADA and security in the same sentence can call themselves a SCADA security expert. This year will see release of certifications for SCADA/ICS Security Professionals. The best will be independent of both ICS/Security vendors and the various training companies and will just focus on testing subject matter expertise.
Prediction #4: The Industrial Safety World Makes Security a Priority
A few years ago, I predicted that companies would start to combine industrial safety and industrial security analysis. It happened, but much more slowly than I expected (surprise??). So I am dragging my old prophesy out again, but with a twist.
This year security consultancies like TUV will make a major push into the SCADA/process security markets (of course, safety companies like exida have been doing that for a few years now). At the same time, the IEC safety standards will start to be reevaluated in terms of security. Hopefully efforts like the LOGIIC analysis of Safety Instrumented Systems will start to make headlines too and not stay hidden under a bushel.
Prediction #5 - A Big Security Event will Impact Industrial Systems, This Time Close to Home
Last year I predicted that there would not be another major security event like Stuxnet -- was I ever wrong. Flame and Shamoon, plus others like Gauss, hammered the energy industry in the Middle East.
So this year, I will go in the other direction and say there will be at least one major event impacting industry and it will be in either Europe or North America.
I hope I am wrong about this one.
Eric Byres is the chief technology officer and vice president of engineering at Tofino Security, a Belden Brand.