Keeping Automation Secure

Automation professionals are a pretty smart bunch of people. For decades, control system vendors packaged automation solutions in black-box configurations—open them and make changes at your own risk.

With the mass adoption of commercial off-the-shelf (COTS) personal computing technology, automation users began to demand open, non-proprietary hardware and software solutions in their control systems. They wanted the same level of functionality, extensibility and ease of use that they had in their PCs—and at similar cost points.

Vendors got the message. Over the past 15 years or so, automation systems have moved from monolithic, proprietary, closed boxes, to open platforms based on COTS standards. And functionality for the dollar has dramatically improved.

Networks next

This brings us to the next level of “openness”—tying all of these standard platforms together on standard networks. The leading contender, and the closest thing industry has to a universal standard, is Ethernet and its associated transmission control protocol/Internet protocol (TCP/IP).

In a recent presentation, Harry Forbes, senior analyst with ARC Advisory Group, predicted that industrial Ethernet usage will expand at double-digit growth rates, from approximately 840,000 nodes in 2004, to approaching 7 million nodes in 2009. According to Forbes, this growth will come from the introduction of new Ethernet products and organic growth in every major end-user industry.

As Ethernet becomes ubiquitous, it introduces a new set of opportunities and challenges for the automation professional, along with a need for new skills. For many, the first challenge is how to address security issues in open, Ethernet-based automation architectures. The next challenge is how to deploy what was essentially an Information Technology (IT) standard at the control system device level. And finally, once a manufacturer makes the decision to adopt Ethernet, it has to manage network administration across the enterprise, which requires the automation engineers to interface closely with IT.

To address these challenges, Automation World is pleased to announce a series of Ethernet supplements and Webcasts throughout 2006. This February issue includes the first supplement, “Configuring Ethernet for Security,” and is distributed to a demographic audience of our subscribers. If you do not have the supplement, you can access it on our Web site at www.automationworld.com.

Our Webcast series kicks off on March 15, with a broadcast that focuses on “Configuring for Security.” Scheduled to begin at 2:00 p.m. EST, the Webcast will include informative presentations and a live Q&A session with these leading experts:

Eric Byres, P.Eng.—Research Manager, The Critical Infrastructure Security Centre at the British Columbia Institute of Technology. Mr. Byres currently provides consulting to government security agencies, major oil companies and power utilities on cyber protection for critical infrastructures.

Bob MacDonald—Section Head, Corporate Engineering Technology, The Procter & Gamble Co. Mr. MacDonald leads P&G’s Manufacturing Cyber Security Community of Practice and heads the Microsoft Manufacturing Users Group MUGSecure Team.

Scott Swartz—Communications Analyst, Mission Assurance Division, Naval Surface Warfare Center. Mr. Swartz manages a cyber security program for assessing and securing control systems, and provides education briefings on control system security for the Department of Defense and other federal agencies.

Subsequent Webcasts include a June broadcast on “Taking Ethernet to the I/O,” and a November broadcast on “The IT and Engineering Partnership for Network Administration.” You can register for the Webcasts at www.automationworld.com/webcasts.

More in Control