Calif.

Companies can also use these passwords to establish a tiered structure for human access. Many companies give most employees similar access levels, but that’s often not the best approach. “Passwords are about authorization for what you can and cannot do, like applying domain policies that determine things like who can upload or download programs,” says Rockwell’s Lewins.

While controlling people’s access is a big aspect of security, many companies do their best to automate communications so that people aren’t involved unless their decision-making input is required. “Machine-to-machine communications are easier, since the machines always follow procedure. They make sure they only send and accept messages from authorized equipment,” says Shayegani, at Lantronix.

Insider information

Another aspect of dealing with the human element is to safeguard software. Proprietary programming is often a big element in a company’s portfolio, so making sure it isn’t compromised is a key element for success.

Here, internal problems are most likely to cause problems. A key issue is to make sure that the critical software that turns a standard piece of equipment into an efficient tool for the company’s products isn’t altered by someone who wants to tweak a step. “You want to protect your code from well-intentioned employees. You don’t want someone altering code, since it rarely causes problems,” Lewins says.

A related aspect is to provide ways to make sure that maintenance personnel and operators know which piece of equipment they’re working on. In complex networked systems, it’s easy to alter the wrong machine. “People need ways to make sure they’re not altering production line 1 when they actually want to alter line 2,” Lewins says. Restricting employees only to equipment they know is important to avoid this type of accident, he adds.

Blending all these technologies and human factors into a coherent strategy isn’t a challenge that’s going to be solved overnight. IT managers must be called in, along with other groups, to create a cohesive approach. Suppliers provide some help, but their aids can’t be considered light reading. “We’ve got a 200-page configuration manual that explains the steps for setting up a secure distributed control system,” Stauffer says.

For more information, search keyword “security” at www.automationworld.com.