Chapter 33

Instrumentation cyber-security
As digital technology finds greater application in industrial measurement and control systems, these
systems become subject to digital vulnerabilities. Cyber-security, which used to be strictly limited
to information technology (IT) systems such as those used in office and research environments (e.g.
desktop computers, printers, internet routers), is now a pressing concern for industrial measurement
and control systems.
There exist many points of commonality between digital IT and digital control systems, and
it is at these points where mature protection concepts may be borrowed from the world of IT for
use protecting industrial control systems. However, digital measurement and control systems have
many unique features, and it is here we must develop protection strategies crafted specifically for
industrial applications.
The chief difference between industrial controls and IT systems is, of course, the fact that
industrial controls directly manage real physical processes. The purpose of an IT system, in
constrast, is to manage information. While information can be dangerous in the wrong hands,
physical processes such as chemical plants, nuclear power stations, water treatment facilities,
hazardous waste treatment facilities, can be even more so.
This chapter will primarily focus on digital security as it applies to industrial measurement and
control systems. The opening section is a case study on what has become a famous example of an
industrial-scale cyber-attack: the so-called Stuxnet virus.
It should be noted that cyber-security is a very complex topic, and that this chapter of the book
is quite unfinished at the time of this writing (2016). Later versions of the book will likely have
much more information on this important topic.

2671