Urgent issues of automation, including information security in the interview of KAAR President Vladimir Turekhanov for «New Generation» Kazakh edition.
24/1/2016 Association newsToday a lot of talks are about automation. Automation helps to manage the production and business-processes more effectively, relieves peoples from hard work, protects against life-threateting situations. All this happens due to different technical facilities. However, there is a fair question: can these automation facilities fail? What determines their flawless and faultless work? This is what our conversation with the Presindent of Kazakh Association of Automation and Robotics (KAAR) Vladimir Turekhanov about.
- With the best will of the humankind, there is nothing eternal so far. As you correctly mentioned, automation facilities that ensure safety and comfort for people, are not an exception. Devices can fail. Moreover, they do fail. We should be prepared for that and foresee all necessary measures already at the stage of executing the technical specification. As a rule, continuous operation is ensured by backing-up (duplicating) of correspondent nodes and devices. Backup devices come into operation instead of defective ones or those disabled by the operator. There can be several backup levels in the most important and critical sectors.
- Then why there are still accidents at different modern facilities with the highest level of automation? And even in such countries that are considered to be the leaders in technology, such as Japan or the United States?
- If there is an emergency situation, the reason may be, for example: something was not taken into account at the stage of planning and installation, an accident, force majeure or omission of the servicing staff (human factor)
- Such argument as «human factor» is frequently heard. This means that man is prone to error. «A man is not a machine». But in automation a part of process is still under the control of a man. How are automation processes protected against «human factor»? And are they at all?
- There are different means in terms of protection against wrong and erroneous actions of the staff, including: warning about wrong actions, and blocking of certain mechanisms. You can surely think that the most effective protection against wrong actions of the staff is to assign as many functions to automation as possible, reserving the control function for the man. But I repeat - no technical device can be 100 percent protected against malfunction or failure. That’s why it is necessary to foresee it in advance and to plan the automation process in a way that will minimize all risks. I would like to lay the emphasis on the fact that particular attention should be paid to protection of information. Every year it becomes more and more relevant.
- Today, the term "information security" is spread around the world. Under information security we mean both ideological and solely technical component. That is a possibility of information leakage as a result of getting an unauthorized access to it. Does this mean that the issue of information security is one of the most important ones in automation?
- If I may, I would omit the ideological component and focus on the technical one. It’s one thing to get an unauthorized access to information (that is what you say), another this is getting an unauthorized access to the automated control system. Both situations are, of course, related to information security. And if in the first case, intruders get the access to the information that they can then use to harm someone, the second case is more interesting because the intruder can directly damage the important sectors of any particular enterprise.
Information and communication technologies (ICT) penetrate deeper and deeper into our lives. And today, thanks to them, automated control over technological processes in the industry became possible. Combination of ICT with production proccesses has in fact created a new trend – operating technologies. By operating technologies we mean the environment that contains equipment, software (industrial area networks and industrial automation process control system – SCADA), staff and its activity, focused on control over industrial devices (valves, pumps, switches, etc.). There can be a real technological disaster in case of technological process violation.
A separate area is personal data security. For example, payment information (details of bank cards) or health information. You don’t have to be a rocket scientist to realize how intruders can use these data for their lucrative crimial purposes. Often people themselves are careless with issues of informational security, as the saying goes, leaving the key to the apartment underneath the mat. That means they set the same, simple or predictable passwords, trust digital signature keys to unauthorized persons leaving their default passwords. Moreover, it is already possible to register a company through the e-government portal! And not only a company! One can even register a marriage! I don’t even speak about the access to internet banking. Some confidentiality issues were addressed by me earlier in my publication: https://bit.ly/confpersinf
- In recent years, there was an information on targeted attacks on industrial automation systems with a purpose of industrial espionage, fraud or deliberate disruption of enterprise functioning. How can companies protect themselves against it? Maybe it is better to exclude the possibility itself that is to refuse from automation?
- Of course, the best way to prevent unauthorized access to information is to not possess the information at all, but in such way we can come back to a stone axe. I do not think this is the right way. There are general principles to be followed, but in each case it is necessary to develop an individual approach based on common principles, studying the experience of already implemented projects and relying on possible threats identification. Information security is a part of automation. I would even say that today it is an integral part of it. Certainly this is the issue professionals.
Source: https://www.np.kz/research/18885-bezopasnost-na-rabote-i-doma.html