How Secure Is Your Manufacturing Database?

June 1, 2004
In modern manufacturing plants, databases of information compiled directly from manufacturing processes have become so large and crucial to business decision making that control engineers need to avail themselves of the latest technologies and best practices from information technology.

Jason Weber, product manager for Rockwell Automation’s (www.rockwell.com) RSAutomation Desktop, reports that suppliers of manufacturing database applications, which are often built upon human-machine interface/supervisory control and data acquisition (HMI/SCADA) applications, try to take the mystery out of database construction. “We take care of most of the configuration and database system design within the product so that users can spend more time defining process parameters that must be captured,” he adds.

The real issue of database management in manufacturing, according to Weber, lies in assuring the security of the database. The first issue of security, known by all computer users and ignored by almost as many, is backing up the data. “Most server-based software can schedule regular backups, so users backup every night,” Weber advises. “Backups usually go to some kind of tape media, although sometimes systems use optical media. In either case, good practices tell you to store backup physical media offsite. There are companies who will pick up your backups regularly and store them for you.”

One issue garnering substantial media play recently concerns pernicious attacks delivered over the Internet in the form of “worms” and “viruses.” Weber advises, “Make sure you are up on the latest patches for your operating system and application, because there are worms that attack databases.”

This is good advice, but how does a busy engineer assure that the latest patches are installed? Or even that the latest patches are known?

“Many organizations still manage patches manually—a nearly impossible task considering that new patches surface daily. As a result, network administrators fall behind and fail to have the necessary patches in place when a worm or virus hits, causing administrators to scramble to patch or repair holes as best they can,” says Mark Shavlik, president and chief executive officer of Shavlik Technologies (www.shavlik.com). “Additionally, many IT administrators feel they are bombarded with information on new vulnerabilities and patches every day. Knowing which fixes affect the systems in place and verifying patches takes time without external support. Because all organizations do not need to install every patch, manual patch management can be very confusing for network administrators who have to weed through their systems and every patch to find out which ones are necessary.”

Automated patching

Not surprisingly, the Roseville, Minn. company has a solution. “Those issues can be avoided with automated patching systems,” continues Shavlik. “Shavlik Technologies’ HFNetChkPro automated patch management system is not costly—when compared to the cost of lost productivity, reactive maintenance and liability—and can provide a significant return on investment. Organizations that use automated patching systems see fewer successful attacks and a significant decrease in network and system failures, lost productivity and liability risk.”

There are some differences between manufacturing automation security risks and those of general business databases and systems. “Plant floor security breaches really do happen, and as we incorporate more computer technology within manufacturing products, the risk of breaches becomes greater,” points out Rich Ryan, president of Rockwell Software, in Mayfield Heights, Ohio. “The breaches may be unintentional or may come from internal or external attackers. Since knowledge of some of the industrial technology is less well known than for the computer industry, automation products have benefited from ‘security via obscurity.’ And the biggest threat today is from disgruntled employees. Some of these employees have intimate knowledge of company and product vulnerabilities. With our technology becoming more ‘open,’ the risks from outside the company become greater too.”

Ryan adds one last piece of advice, “If a breach occurs, you should isolate the affected product(s) and/or the network the products are using. Security planning (policy and procedure) prior to having to react to a breach is just as important as what security products are deployed. Just like proper backups of computer programs and data can be used to quickly recover from viruses and/or disk failures, using a manufacturing-oriented business continuity system (like Rockwell’s RSMACC) is worthy of consideration.”

Gary Mintchell, [email protected]