Unsecured Manufacturing Systems Present Real Danger

March 1, 2006
The most pressing information technology (IT) security issue is recognizing that manufacturing systems need protection through separate security policies, says Dennis Brandl, principal of BR&L Consulting (www.brconsulting.com), Cary, N.C.

“We’re at the point, due to viruses and worms, that the IT part of control systems is at risk of shutdowns and failures. The consequences of that, worst case, can be life threatening, and can damage equipment and destroy products,” he points out.

Until a year or two ago, most threats to companies were internal, notes Bob Webb, an automation consultant who is managing director of the Instrumentation, Systems and Automation Society’s (ISA, www.isa.org) SP99 committee on Manufacturing and Control Systems Security. But Webb and others agree that non-directed, external threats now are the most significant for control.

Regardless of the threat, what drives security or its absence is economics, says Webb. An obstacle is the lack of a reliable database on the number of cyber attacks suffered by industry, he believes, which could serve as aid to companies in determining the likelihood of their control systems being targeted. And even if such data were available, there is no actuarial-like table based on such data to estimate costs, points out Evan Hand, SP99 vice chair. This leads to reluctance at the top of organizations to recognize or attend to security issues. Webb estimates that only 5 percent to 10 percent of companies in the United States that use automation have taken steps to appropriately manage the risk of cyber attack.

“I’ve spoken with several hundreds of plants and customers and what I still find is lack of understanding,” adds Bryan Singer, SP99 chair and leader, network and security services, with Rockwell Automation Inc. (www.rockwellautomation.com) in Milwaukee. What he sees on the shop floor is an attitude that security has never been a problem on the shop floor, and that shop-floor personnel know what is necessary to protect their equipment. That may be so, he says. But as shop-floor systems are increasingly linked to business systems, that attitude needs to change, Singer says. There are conditions that are perfectly acceptable on a traditional business network that may have disastrous shop-floor consequences, he says.

One example relates to network traffic volumes. “I may see conditions such as a moderate-to-high utilization on a business local area network (LAN) that lead to slow e-mail or business application response,” Singer observes. While these conditions cause concern on the business side of the house, there is time to deal with them, he says. But on the shop floor, the same conditions may prevent successful operations.

Got the jitters?

An example Hand mentions is display-screen jitter, which may cause only cause a slight interruption elsewhere, but could have serious impact in a control environment. A real-world example Singer cites is a U.S. company updating a plant’s controls to use Ethernet. The IT group put that control network on the entire facility’s business LAN, he recalls. “Then they started to see fairly predictable failures on the factory floor.” Those happened at month-end reporting, because there was too much network saturation. The resulting jitter caused process problems, he explains.

To assist manufacturers, SP99 has already published two technical reports and will publish the first two parts of a proposed standard within the next two months, Singer says.