Security is vital also in a building project

A new serious vulnerability notice was announced yesterday.  Core Security announced a DOS (denial-of-service) vulnerability in the Wonderware Suitelink software suite. This vulnerability allows hackers to remotely cause the software to terminate. Suitelink is a SCADA (supervisory control and data acquisition) software that controls the process automation in major facilities such as power stations.

DHS/US-CERT has also made a National Cyber Alert on this vulnerability.

What the consequenses of such vulnerability can be? In the worst case, crashing a control software can slow down or stop the plant automation operations that may lead into shutdown or even uncontrolled instability of the process.

Obviously, all (I hope) systems have failback and backup procedures for such situations. No need to go get emergency food provisions because of this.

This type of vulnerabilities are not very uncommon with any technology products. There are new findings daily.

In this case, Wonderware seems to have done the corrective actions very well.

In the construction industry, a special attention to protect against technology risks are vital. Technology helps us a great deal, but there must be proactive planning for such situations.

Just image the consequeces when the elevators of a skyscraper totally malfuntion, or glass facade breaks due to a design mistake. What if a power plant gets out of control because of a software malfunction? Holes in the technology can also open opportunities for acts of terror towards any building or infrastructure.

This is why the information security must be assessed during the whole construction project and also after the provisioning of the final build. If there is no clear method for managing the information, the securing is almost an impossible task.

My quick advise on how to take care of the information security:

  • Know where all the information is
  • Know who has access to what information
  • Use advanced access control methods, encryption and authentication mechanisms
  • Record the use of information
  • After the project, keep the same level of security
  • Do not destruct the building information data when the project is finished
  • Have someone to take responsibility over information security



Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: