Open protocols from the commercial information technology (IT) world—such as Ethernet, transmission control protocol/Internet protocol (TCP/IP) and hypertext transport protocol (http)—are commonly found on the plant floor today. This fact has shattered the isolation that once shrouded process and machine control from the outside world.
Is there a real problem that should be of concern to automation professionals? Eric Byres, research manager for Critical Infrastructure Security at the British Columbia Institute of Technology (BCIT) Internet Engineering Lab, in Burnaby, British Columbia, Canada, studies instances of outside intrusions into process control networks. He says that with the adoption of open IT protocols, “an individual with no controls knowledge whatsoever can connect to a programmable logic controller (PLC) using tools no more complicated than a personal computer with a Web browser. In other words, by borrowing network technologies from the IT world, the controls world has opened the door to the entire world, good or bad, to connect to our control systems.”
Byres has taken a leading position in the industry as a “prophet”—that is, someone who points out the current state of affairs and tries to get people to exchange bad habits for good ones. “Viruses have invaded nuclear reactor safety monitoring systems, hackers have attacked water management supervisory control and data acquisition (SCADA) systems and disgruntled ex-contractors remotely cause major sewage spills,” Byres says. “Clearly this type of infiltration into our plant floors is unacceptable. If we are going to prevent them from occurring, we need to start adopting some of the security technologies from the IT world as well. Unfortunately, this second adoption is happening more slowly that the first one, leaving our PLCs, distributed control systems (DCS) and SCADA systems badly exposed.”
If security technology already exists in the IT department, shouldn’t it be easy to deploy in the factory? Byres sees one problem hindering more security adoption hiding in the guise of return-on-investment. “Communications technologies are generally enabling technologies that can be shown to have a clear return-on-investment,” adds Byres. “For example, if by installing an Ethernet-based control system, you can improve the transfer of plant floor data to company management, allowing them to make better business decisions, few people will argue. On the other hand, if you deploy a complicated encryption scheme to improve security, few people will feel a direct benefit, even though the company as a whole may be better off.”
Downtime difference
Bryan Singer, a senior business consultant for Rockwell Automation Inc., in Milwaukee, and chairman of the SP99 Committee on Security for the Instrumentation, Systems and Automation Society (ISA), points out one disparity between traditional IT security and the kind of security needed in the factory. “There are significant differences between security in an IT environment and security in an industrial automation and controls setting,” Singer notes. “In a plant environment, avoidance of downtime is crucial, and if there is a failure, immediate action needs to take place to restore production and minimize losses. IT departments don’t have the same sense of urgency for repair of the manufacturing systems and therefore, by relying solely on your IT department, your plant could be at even greater risk.”
Although there is a risk from some of the attacks seen frequently by all users of the Internet—viruses, worms, denial of service attacks—experts believe that a significant network security risk walks into the plant every day on two legs. Says Singer, “It’s important to recognize that the vast majority of security breaches come from within a company’s walls—through acts by employees and flaws in security procedures. Security breaches occur every day in plants, and many of them are simply the result of faulty procedures or poor oversight of personnel. While employing the right technology is important, it is also key to effectively manage people in this environment to ensure optimum plant floor security.”
Singer adds some tips for mitigating risk. First, he says, it is imperative to employ trained personnel and enforce policies that assign responsibility to individuals who can be held accountable for any security incidents. Next, do not rely solely on your software supplier for security patch verification. Use resources such as technical reports provided by ISA, conduct a risk analysis and then assemble an internal team to develop a comprehensive security plan.
Finally, Francisco Tacoa, product manager at Weidmuller, in Richmond, Va., offers some practical advice for professionals who work with industrial networks.
Tacoa says the first step to enhance industrial network security is to strictly enforce the physical security of network devices. This includes all industrial devices that have Ethernet connectivity, such as industrial servers, industrial manufacturing and process machines, industrial controllers, human-machine interface systems and the like.
Realize that in industrial settings, every device that has unused Ethernet ports is a security risk point. Therefore, Tacoa recommends physically isolating these devices from unauthorized users on the production floor. Daily backup of critical industrial network files is essential. These backup devices should be located in a separate physical location from the industrial operations.
The second step to industrial network security, according to Tacoa, is the careful creation and maintenance of user accounts. Properly configured user accounts can prevent hackers from entering an industrial network, even if they gain physical access to an industrial system. In this regard, proper generation of user names and passwords is highly recommended. For example, strong passwords in industrial networks can delay hackers from entering the network.
Strong passwords
The use of passwords that include letters (in both upper and lowercase), numbers, and special ASCII symbols can delay access to an industrial network. In many cases, this delay will provide time for network administrators to detect an impending intrusion event, so they can stop hackers before they can break the password associated with a user name. In addition to strong user names and passwords, it is critical to change these network parameters on an ongoing base. This may prevent hackers who have gained critical network information from using it.
Tacoa’s third step in industrial network security is to enhance its security features. Basic industrial modems are not the best option for enhanced industrial network security. Look for such strong security features as an integrated firewall, network address translation (NAT), port address translation (PAT), virtual private network (VPN), and 128-bit encryption and IP masquerading.
Concludes Byres, “When Ethernet was first proposed for the plant floor, everyone said it would never work. They were wrong—the controls engineers absorbed the technology, adapted it for our needs and it soon took over the plant floor. Now we have to do the same for security technologies—not ignore the problem or start from scratch, but absorb and adapt the technology to work in our world.”
For more information, search keyword “security” at www.automationworld.com
