I came across this article on how a computer virus made its way onto the international space station.  One would think that of any computer system on the planet (or above it) that would have good IT security, it would be the ISS.  Apparently not. Really makes you wonder about how things are progressing with beefing up security within the control system world.  The folks at Digital Bond were blogging on that topic all last week from the 2008 Process Control System Industry Conference (PCSF) in San Diego.  One interesting blurb was mentioned in the day two recap:

“.. rounded out the morning with “Control Systems Threat Awareness” by Robert Huber and Sean McBride of INL. These guys have used various data collection points to help understand the current threat and trends over time. It was a good follow-up to yesterday’s presentation by Stephen Gill of Team Cymru. It was a well-organized compilation of threat data. They’ve taken many of the things you’ve heard, such as control system presentations at hacker conferences,  and plotted them in a measurable way that illustrates an increasing “adversary interest”.

The threat trend is increasing.  An interesting question would be if system security is trending towards more secure as quickly? What about the OPC systems? OPC UA brings a lot of security to the table, but companies will have to look at what timeline they will be looking at for adopting OPC UA products, and how much security will they be implementing.  In the face of increasing threat of ‘adversary interest’, I wonder how many companies will look at increasing their protection today with products like the OPC Security Gateway? I’ve posted on OPC security before.  It’s another of the things I think about often. (Things like that apparently makes me a bigger geek than Gary Mintchell.  I’ll take that as a compliment J ). 

The press release on the OPC Security Gateway came out this week for those interested in what it can do.  I’ve talked to many control engineers who fear common security gaps found once someone gets inside the firewall like unrestricted read-write access for the entire OPC architecture, unauthorized access to production data or just spamming device-writes until the system comes down. This can be used to guard against stuff like that. If security holes can let a bug into the far reaches of space, how hard is it to get past the outer shell of most control system security? Any security specialist will tell you to consider defense in depth. Multiple layers that protect different important aspects of the system; from the big, burly guy at the gate down through the process - including the OPC system.

UPDATE:  Just saw this article that says the ISS now has Wi-Fi.  I wonder if they remembered to set a WPA key?  For more fun and entertainment on OPC Security check out the new ‘OPC Mythbusters’ series