We all know, or should know, that the more prevalent our digital connections in an increasingly internet-dominated world, the more we leave ourselves open to the associated security risks. On a large scale, take the example of two Ukrainian power companies that were simultaneously targeted in December by what were likely Russian hackers. They succeeded in knocking out power for several hours to more than 80,000 customers.
The authorities were able to restore electricity within just a few hours by resetting breakers by hand. As a recent article in Bloomberg BusinessWeek notes,”in the age of cybercrime, the best insurance may be analog.”
With today’s complex interconnected protocols from power plants to thermostats connected to the internet, “you’re buying a capability, but at the same time you’re buying vulnerability,” notes former secretary of the Navy and now Johns Hopkins senior fellow Richard Danzig.
Danzig’s argument is winning converts: “If your main system is digital, you’re stronger if your safeguard is analog.”
And that’s a lesson we should all take to heart – never more so than today, when increasingly we’re talking about cloud software running our businesses.
Anything that’s controlled by a computer or connected to a network has the potential to be compromised. In the digital realm, even when you have “layers” of protection, really, it’s all still in a sense just one layer. Penetrate that, and you may not have to worry about other layers.
In manufacturing, a particular vulnerability lies in programmable logic controllers, or PLCs. These boards have been around for decades, and they were never really built with security in mind. They simply control machines, and of course, therein lay their vulnerability. A growing chorus of experts today, BusinessWeek notes, is calling for the development of new analog logic controllers. Here’s the idea: “The PLC of a piece of equipment wouldn’t need to be hooked to a network vulnerable to cyber-attack. Its instructions could be changed only by manually inserting a new circuit board, which can now be made quickly using a 3D printer.”
While such analog PLCs are more expensive and less adaptable than the all-purpose PLC, they can provide a much-needed layer of ultimate protection in mission-critical situations. Doing this across, say, the U.S. power grid might be prohibitively expensive, but that’s a mission-critical situation. In most other cases, notes cybersecurity expert Michael Assante “for 95% of applications, digitizing and interconnecting will get you more benefit than not.”
But that bring us back to the security risks, and in business especially, back to where analog backup becomes worth serious consideration. Each company must decide for itself what it’s going to do to ensure the integrity of its systems and its data. But the larger point may be that doing nothing is no longer an option. And we all have that uneasy feeling that it’s not getting any easier.