随着工业组织努力应对COVID-19辐射,自动化已经成为一个更热门的话题。然而,专家们担心,自动化的加速可能会给那些不注重安全性的组织带来意想不到的后果
. 自动化系统往往超过人类发现机器问题的能力。但工业自动化安全方面松懈可能是危险的。将软件开发任务外包给每小时9美元的工程师后,这架飞机两次事故中造成346人死亡。
随着工业组织努力应对COVID-19辐射,自动化已经成为一个更热门的话题。然而,专家们担心,自动化的加速可能会给那些不注重安全性的组织带来意想不到的后果
分析师辛迪加分析师丹?米克洛维奇(Dan Miklovic)表示:“对于自动化和工业控制系统(ICS),毫无疑问,急于求成多于浪费。”。“这可能导致灾难性或致命的后果。”
工业设施中的关键任务系统传统上依赖于对工人的密切监督,因为感官“通常是确保最佳正常运行时间的最有效方法,”ONE Tech解决方案工程总监Chris Catterton说,这种情况正发生变化。自动化系统往往超过人类发现机器问题的能力。卡特顿说,一个自动系统可以检测螺栓上的扭矩值,比如几磅轻,或者听到人耳无法检测到的高频轴承尖叫声
但工业自动化安全方面松懈可能是危险的。米克洛维奇说,例如,业余电子产品可能会使工业机械自动化变得简单,但这类产品也会给网络攻击者提供一个熟悉的目标。卡特顿说:“没有最前沿建立安全性的即插即用自动化解决方案,也可能为大量的漏洞打开大门。”
也要注意人工智能的部署
还有一个风险是,组织会匆忙部署人工智能(AI)作为其自动化计划。由于COVID-19的隔离,数据科学专家供不应求,许多经验丰富的工业运营商被边缘化,错误潜入人工智能算法的危险更大。米克洛维奇说,存这样一种风险:“试图训练系统的人缺乏关键的安全信息。”
即使理想条件下,开发软件或人工智能算法也不可避免地会引入一些错误。一个经验法则认为,每1000行软件有1到10个错误,正如《第五个领域》一书所观察到的那样。即使是任务关键型空间系统的软件,每1000行代码也可能出现1到5个错误
由于软件通常有数百万或数十亿行代码,因此防止和纠正错误的需求变得至关重要。历史提供的例子强调了>另一个昂贵软件捷径的例子是波音737 Max于2019年停飞。将软件开发任务外包给每小时9美元的工程师后,这架飞机两次事故中造成346人死亡。据《纽约时报》报道,一个依赖单一传感器信息的自动化系统车祸中起了一定作用。根据波音公司的估计,这两起事故之后,737飞机停飞的成本是180亿美元
As industrial organizations grapple with COVID-19 fallout, automation has become an even hotter topic. Experts fear, however, that the acceleration of automation could drive unforeseen consequences for organizations that don’t focus on security.
“When it comes to automation and industrial control systems (ICS), there is no doubt haste makes more than waste,” said Dan Miklovic, an analyst at the Analyst Syndicate. “It leads to potentially catastrophic or deadly outcomes.”
Mission-critical systems in industrial facilities have traditionally relied on the close oversight of human workers because the senses were “usually the most effective way to ensure optimum uptime,” Chris Catterton, director of solution engineering at ONE Tech. That is changing. Automated systems often exceed human capacity to spot machine problems. An automated system can detect when a torque value on a bolt is, for instance, a few pounds light, or hear a high-frequency bearing squeal undetectable to the human ear, Catterton said.
But being lax in terms of industrial automation security can be dangerous. Hobbyist electronics, for instance, may make automating industrial machinery simple, but such products can also provide cyberattackers with a familiar target, Miklovic said. “Plug-and-play automation solutions that are not built with security in the forefront can also open the door for a vast amount of vulnerabilities,” Catterton said.
Take Care With AI Deployments, Too
There’s also a risk that organizations will hastily deploy artificial intelligence (AI) as part of their automation initiative. With data science experts in short supply and many experienced industrial operators sidelined as a result of COVID-19 quarantines, there is a heightened danger of errors creeping into AI algorithms. There’s a risk that “the person trying to train the system lacks critical safety information,” Miklovic said.
Even in ideal conditions, developing software or AI algorithms inevitably introduces some error. One rule of thumb holds that there are one to 10 mistakes per 1,000 lines of software, as the book “The Fifth Domain” has observed. Even software for mission-critical space systems could have one to five errors per 1,000 lines of code.
With software often having millions or billions of lines of code, the need to prevent and correct bugs becomes critical. History provides examples that underscore the risk of cutting corners in industrial automation security. The Ariane 5 rocket disaster of 1996 is one such example. After software developers from the European Space Agency failed to adequately update code they borrowed from a predecessor rocket, the rocket exploded. Because the speed of the craft during the launch exceeded the bounds its software specified, the rocket self-destructed. “The cost of this software error was about $300 million,” said Johannes Bauer, Ph.D., principal security advisor at UL.
Another example of costly software shortcuts is the grounding of the Boeing 737 Max in 2019. After outsourcing software development tasks to $9-an-hour engineers, the plane killed 346 people in two accidents. An automated system relying on information from a sole sensor played a role in the crashes, according to the . The cost of grounding the 737 after the two accidents is $18 billion, according to Boeing estimates. |
