Protect "Jewels" From Cyber Threats

March 1, 2005
The major cyber-security issues facing automation-systems users are recognizing threats and allocating sufficient resources to reduce risks, says Robert C.

Webb, P.E., managing director of the Instrumentation, Systems and Automation Society’s (ISA’s) SP99 Committee, “Manufacturing and Control Systems Security.”

Webb, a San Carlos, Calif.-based automation and licensing consultant, believes security, like safety, must be viewed from a complete system perspective. He adds that cyber security often depends on good physical and electronic security. “Further, the most sophisticated systems are no better than the least-secure remote site or vendor modem.” He advises maintaining security systems like any critical equipment.

But protecting a network’s perimeter is very difficult, says Richard April, vice president of marketing for Dedham, Mass.-based Cyber-Ark (www.cyber-ark.com). To address that challenge, his company patented a secure data repository. To gain access, users must pass through multiple layers of security such as session encryption, firewall, authentication and access control.

Inside threats

And while security once meant keeping the bad guys out, manufacturers also now worry about internal security threats, says Lance Travis, vice president of research for AMR Research Inc. (www.amrresearch.com), in Boston. Travis counsels companies to ask: How do you isolate and segment your network(s) to minimize damage? One means is identity management, which is knowing who users are and understanding what they’re allowed to do. Another is automatic provisioning tools. These create a database record for employees, take that information and then allow authorized users access to certain applications.

Still, nothing is completely secure, says Bill Moore, vice president, strategic consulting services for Dedham, Mass.-based ARC Advisory Group Inc. (www.arcweb.com), who mentions two common security concepts. One is the M&M candy strategy, which he doesn’t recommend: Have a hard outer shell protecting everything within that is soft. Instead, Moore recommends the onion approach, in which security is layered. “Manufacturing has its own layer. You can even further divide manufacturing into separate zones,” he adds.

The onion approach, with the automation/manufacturing space at its center, is also Michael Bush’s recommendation. “We call it ‘protecting the jewels,’ ” says this manager of Rockwell Automation Inc.’s (www.rockwell.com) security business, located in Mayfield Heights, Ohio. Do a risk-based vulnerability assessment first, he says. Bush also recommends the manufacturing security layer be very well designed. “That security layer should be as thorough and as complete as the one that separates the Internet from the company.”

Any such sustainable security system is composed of security products, a security process and management, notes Roshen Chandran, vice president of research and development for Paladion Networks (www.paladion.net), with U.S. headquarters in Herndon, Va. Products could include any intrusion-prevention technology. The process incorporates any backup procedures. Management encompasses monitoring and review of products and processes, as well as risk evaluation and strategies development.

But success also requires learning and planning, ISA’s Webb emphasizes. “Realize that a pound of prevention now is worth tons of cure after a major event.” Follow ISA or other vetted guidance, he suggests. Also, perform or have an automation-system expert perform an assessment of your automation systems’ security.

Like Webb, Bush believes cyber security is analogous to safety. “Analyze the problem, understand the problem and then apply risk-reduction technologies,” he states. “You just have to do the best that you can and not be a target,” adds Moore.

C. Kenna Amos, [email protected], is an Automation World contributing editor.

Sponsored Recommendations

Why Go Beyond Traditional HMI/SCADA

Traditional HMI/SCADAs are being reinvented with today's growing dependence on mobile technology. Discover how AVEVA is implementing this software into your everyday devices to...

4 Reasons to move to a subscription model for your HMI/SCADA

Software-as-a-service (SaaS) gives you the technical and financial ability to respond to the changing market and provides efficient control across your entire enterprise—not just...

Is your HMI stuck in the stone age?

What happens when you adopt modern HMI solutions? Learn more about the future of operations control with these six modern HMI must-haves to help you turbocharge operator efficiency...

AVEVA™ System Platform: Smarter, Faster Operations for Enhanced Industrial Performance

AVEVA System Platform (formerly Wonderware) delivers a responsive, modern operations visualization framework designed to enhance performance across all devices with context-aware...