Network Security Comes Under the Spotlight

Keep Bad Out, Let Good In

“Companies need to perform a risk analysis, taking a look at revenue-producing activities. They need to determine how much impact each type of attack could have on their company.”

This quote from Michael Torppey, Technical Manager for the Process Control Systems Forum, sets the tone for Contributing Editor Terry Costlow’s feature article in this issue.

The annual security issue of Automation World’s Industrial Ethernet Review is always popular - along with the follow up Webcast. Watch for more information about the upcoming Webcast at www.automationworld.com. What Costlow discovered in his interviews is that information technology (IT) departments no longer have a blank check for new projects, as they did before and after the Y2K phenomenon. Not surprisingly, business managers are asking for accountability. How can IT rein in costs, while maintaining the appropriately secure systems? Read more

Network Security Comes Under Spotlight - There’s more need for tools, but they must measure up.

Open networks have helped many companies to significantly boost productivity, but they’ve also opened up the potential for problems that come with broader access. Safeguarding industrial networks from viruses, hackers and even employees unauthorized to get into protected areas continues to get more focus, but with a twist.

Security is now being examined with more of an eye toward controlling costs. As companies race to upgrade their protection technologies and processes, their actions are being examined more closely, with less chance that information technology managers can dictate in the name of security what others can or can’t do. For many, that’s a significant change from a time when security was considered something of a black art that couldn’t be quantified for cost justification.

Concern about security is still new for many companies. The transition from proprietary industrial networks to Ethernet and Transmission Control Protocol/Internet Protocol (TCP/IP) that cut costs and opened communications throughout the enterprise didn’t bring all the issues of Internet security to the production environment. But it did open the door for far more security issues than plant managers were used to.

As with physical security, giving more people access to a network raises a number of complex issues. “Companies need to think about why they need a door. By opening it up, what are they trying to do and how far should they open it?” says Jeremy Bryant, networking specialist at automation vendor Siemens Energy & Automation Inc., in Alpharetta, Ga. Controlling who comes in through these portals and keeping track of what they do once they’re in is coming into the spotlight at many companies. Security in plants has often been run by the Information Technology (IT) staffs that handle front-office networks. That trend has increased as the use of Ethernet and TCP/IP protocols expanded from the business side to the production facility... Read more

A Sweet Technique for Spotting Attacks - When factory networks are connected to the outside world, it can be difficult to know that a virus or intruder has gotten beyond firewalls and other protective technologies. One way to find out if and when intruders are probing a network is to employ a honeypot.

These isolated computers sit unprotected and idle on a network, providing an easy target for intruders. Honeypots serve no function other than to monitor suspect activity, so any time they’re accessed, it’s from an unauthorized source.

Setting up a honeypot requires only an inexpensive Windows personal computer (PC). Set-up and monitoring are the key aspects of getting a honeypot working. In a factory floor network, these PCs should be set up to look like a typical node.

“In manufacturing, you have to mimic a production machine. The principle is always the same - fake the environment and provide a decoy. If someone attacks, you will know about it, and have some knowledge about the level of the attack,” says Thorsten Holz, a German Ph.D. student who wrote the book “Virtual Honeypots: From Botnet Tracking to Intrusion Detection.”

When it’s probed, the PC should respond like a typical machine. That helps assure that intruders won’t realize that it’s a decoy set up to alert operators that incursions are occurring. Ease of use is a key benefit of the technology. “With just a normal Windows system emulating your TCP/IP stack, you can collect statistical information with very little maintenance,” Holz says.

Others agree that the technique can provide valuable information. “Honeypots and honeynets are fantastic tools for people who are security aware and can make them part of their approach. Seeing how people are attacking things lets you see how trends are changing, how people attack different ports,” says Bryan Singer, Vice President of Professional Services at Wurldtech Security Technologies Inc., in Vancouver, British Columbia, Canada... Read more

ANNOUNCEMENT

Subscribe to Automation World RSS Feeds!

Why wait? Our RSS Feeds will deliver the most recent AutomationWorld.com content directly to you as soon as it's posted. Our wide variety of RSS Feeds can deliver content as broad or focused as you desire, from editorial columns to product-specific content and much more. Visit our RSS page to learn more.