On Christmas Eve, the information technology (IT) group at Philips Electronics finally got its chance to update patches and upgrade software. Plant operators said, “Okay, you’ve got 36 hours. After that, we’re going back into production.”
When you’re securing the company’s financial records, its easy to shut the computers down at night and reboot with new patches to keep out the latest worms and viruses. You can’t do that with a plant automation system, or you will interrupt operations. Yet automation systems are now open networks that are vulnerable to the same type of cyber attack as the financial department.
Plant networks have become more open in recent years as companies grab plant data and integrate it into their enterprise systems. The problem is, securing a plant network is not the same as securing financial records. Company IT departments look at security as an access problem. If you mistype your password three times, you get locked out. Try that safeguard on the plant floor, where being locked out can cause serious safety problems. Plant operators view computers as plant equipment. Availability is their key value, not access.
No more obscurity In order to improve overall company operations, the data from the plant floor needs to be shared throughout the organization. The plant network has accurate information on inventory usage, production and order completion. But opening up the plant network makes it available to those beyond the plant floor. In the past, plants have been secure because their systems were isolated. It was security through obscurity. Now the plant network is no longer obscure.
An open plant network can help make a company more efficient and productive, but security vulnerability can be a major concern. “People think about the loss of production if a plant system goes down because of a security breach,” says Ron Sielinski, industry technology strategist at Microsoft Corp., the Redmond, Wash., software supplier. “But in the chemical industry, if a system goes down, there can be catastrophic consequences.”
The miscommunication that is common between the IT department and plant operations is a clash of culture and values. The IT personnel understand security, but they view security as a system of limiting access. On the plant floor, access is irrelevant. The same workstation needs to be accessed by a number of operators over a given 24-hour period. Equipment availability—not limited access—is the key value on the plant floor.
The IT personnel are trained to handle security in a completely different manner from what’s required on the plant floor. For one thing, the workstation on the plant floor may need to be accessed by a number of operators. “The plant floor has practices that the IT department doesn’t like,” explains Gregg LeBlanc, product director of technical strategies at OSIsoft, in San Leandro, Calif. “The plant has location log-ins rather than personal log-ins, so the workstation may not be accountable to a certain individual.”
The differences in the needs and values between IT and plant operations has caused rifts and barriers between the two operations. “There is a history of animosity between IT and plant operations. They haven’t worked well together in the past,” says Mike Bush, manager of security business, Rockwell Automation, of Milwaukee. “It’s important to set those cultural differences aside if we’re going to successfully secure the plant floor.”
The management of security is different between human resources (HR) and the plant. On the plant floor, you can’t simply shut down a computer in order to install a new patch. “In HR, they’ll take a machine down to protect the data, but that will never happen in a plant,” says Eric Cosman, engineering solutions architect at Dow Chemical, in Midland, Mich. “Plant people see computers as equipment that runs the plant. HR sees it as a repository of data.”
Some believe that you can rely on IT to manage control system security. Because of the nature of the control system, security has to be managed by engineers who understand how the system works. “When IT secures the supply chain data, it doesn’t interrupt the supply chain. But in a control system, a security procedure could interrupt the control timing,” says Microsoft’s Sielinski. “The control engineers are familiar with the control system’s requirements, so they’re the best ones in the organization to manage security in those systems.”
Worms and hackers The threats to plant security are not much different from those to company financials. The bad guys tend to be disgruntled employees, hackers, even organized political groups. The common worms and viruses out on the Internet can wreak havoc in a plant network, and since the plant network is commonly connected to the World Wide Web, worms and viruses can enter the network. The big difference, though, is that while shutdown in HR is annoying, a shutdown on the plant floor can be both costly and dangerous.
Security experts believe the people who work to shut down Web sites are the same people who are a danger to plant network systems. “The hackers trying to get to plant information are the same as those trying to get into HR,” says Mark Wylie, customer solution manager at Cisco Systems, in San Jose, Calif. “In manufacturing, you’re working against the same person who took down the Yahoo site. They’re in it for the thrill of it. They want to say, ‘I took down GM’s plant.’”
One thing that keeps security expert up nights is the sophistication of the bad guys. “The intrusions into the control systems are different than they were 15 or 20 years ago,” says Rashest Mody, chief technology officer at Wonderware, an Invensys business in Lake Forest, Calif. “The knowledge of these systems has gone down to the people who want to create threats. They can be competitors, disaffected staff, hackers or political groups.”
Another danger cited repeatedly by plant operators is the well-intentioned bungler. “You also want to use security to make sure someone doesn’t do something unintentionally,” says Ernie Rakaczky, program manager for control systems security at Invensys in Foxboro, Mass. “He might accidentally copy a music file he downloaded from home onto the control system.” With that file download comes all the worms and viruses out on the Internet.
The big edge Plant floor security experts point to large, sophisticated corporations as the best example of how the plant security problem can be solved. In big companies with vast resources, a portion of the IT department can be dedicated to plant network security. Since these people don’t have to manage the competing needs of HR, financial and plant networks, they can focus efficiently on the needs of the plant alone. The large companies also tend to have executives involved in developing industry security standards such as the ISA-99—a security standard promulgated by the Instrumentation, Systems and Automation Society—so their institutional knowledge of plant security solutions tends to be very sophisticated.
Microsoft’s Sielinski believes the gap between IT and plant operations can be bridged by good people skills. “I’ve seen good relationships between engineering and IT and I’ve seen contentious relationships,” says Sielinski. “It has to do with the attitude of the people. Dow Chemical is a shining example of how to make it work right. They approach the problem as a people opportunity rather than a political or fiscal issue.”
For more information, search keyword “security,” at www.automationworld.com.
See sidebar to this article: Getting security help from ISA-99
See sidebar to this article: Security in an outsourced world
