Control Engineering Online Update for October 14, 2005


Control Engineering Online Update - Technology

October 14, 2005


Sponsored by Fluke

As modern technology permeates every facet of a manufacturing environment, maintaining the security of plant floor information and control systems is a growing issue across companies and industry sectors. One of the most common questions manufacturers have is: "What are the real risks to a manufacturing environment?"

Securing Your Plant: Real Risks

Just as IT environments are vulnerable to hackers, worms, and viruses, manufacturers are at risk from a plant's own workers, policies, and procedures. Due to the growth of remote access and the proliferation of Ethernet on the plant floor, workers are often controlling plant operations electronically from various locations. This inevitably leads to security risks and mishaps. As a result, effective management of people in this environment is crucial to help ensure maximum security of plant floor operations.

But before you begin implementing plant floor security, you should be aware that there are a number of common misconceptions:

  • Manufacturers often shy away from security measures because they believe it is going to be a significant company expense with little or no return on investment. In reality, the significant costs lie in the misuse of technology, not security. Despite popular opinion, it is possible to employ plant-wide security measures in a cost-effective manner by having properly trained people in place who know how to use the technology correctly.

  • Believing that preventive and detective measures alone can keep a plant secure. In reality, regular patch testing and virus updates aren't enough to effectively protect plant systems. Strong defenses and consistent preventive tactics, combined with well-planned proactive measures, form the framework of a solid plant floor security strategy.

  • If a company has an IT department, they are effectively addressing the plant's security needs. While it is true that some IT departments are capable of managing the security of plant floor systems, this is not always the case. In an IT environment, downtime is typically not as crucial and failures often don't demand the urgent, immediate corrective action as they do in a manufacturing setting. Therefore, it is important not to rely solely on your IT department to address plant floor security issues since its goals and objectives for uptime and level of response often differ from those in the production department.

  • It's the responsibility of the software vendor to handle patch certification. Yes, it is the responsibility of vendors to test their products against general patches and give guidance on patch management; however, it is the customer's responsibility to create internal labs and test the compatibility of patches against their own environment. Bottom line: the software vendor can't control the environment and therefore, can't account for all of the variables. However, when evaluating security needs, manufacturers should consider companies that include security functionality in their product offerings.

Also sponsored by Advantech

Starting at $565, Advantech Automation's new ADAM-6060W wireless web-enabled 6-channel relay output is one of the most competitive products on the market. It supports IEEE802.11b wireless LAN, has an embedded web server with built-in web page, supports Modbus/TCP and UDP protocols, and more.


It's important to note that most security mishaps are the result of a mistake or oversight involving a plant's own internal resources. Having properly trained personnel who know how to use technology is one of the best ways to ensure plant systems are secure. A key component of any successful security strategy is to enforce policies that assign responsibility and accountability to the trained employees. The ability to record activities and track actions to specific system users increases the probability that procedures will be followed consistently and accurately.

Following are some important steps to take when assessing your plant's current security issues and identify potential areas of need:

  • Reference the technical reports available from the Instrumentation, Systems, and Automation Society (ISA). This organization provides an abundance of valuable resources outlining what manufacturers need to do to secure plant floor systems;

  • Conduct a risk analysis to identify potential security risks and assess any plant floor problems. Work with a qualified information and control system security consultant who can help outline a strategy and offer recommendations to meet the specific needs of your plant floor environment; and

  • Assemble an internal team with representation from all of the major business units and develop a comprehensive security plan. This includes members from IT, engineering, operations, and maintenance. If your company is not informed on security risks, engage experts to educate and inform management on this topic.

Once a thorough examination of the facility and procedures is completed, corrective actions can be taken to significantly improve the reliability and security of your plant floor systems.

Bryan Singer is senior business consultant, Rockwell Automation, and chairman of the ISA SP-99 Committee. Rockwell Automation is soon going to announce technology that will embed security solutions into software programs.

For more information on the ISA technical reports visit: .

For information on Rockwell Automation visit: .

No comments
The Engineers' Choice Awards highlight some of the best new control, instrumentation and automation products as chosen by...
The System Integrator Giants program lists the top 100 system integrators among companies listed in CFE Media's Global System Integrator Database.
Each year, a panel of Control Engineering and Plant Engineering editors and industry expert judges select the System Integrator of the Year Award winners in three categories.
This eGuide illustrates solutions, applications and benefits of machine vision systems.
Learn how to increase device reliability in harsh environments and decrease unplanned system downtime.
This eGuide contains a series of articles and videos that considers theoretical and practical; immediate needs and a look into the future.
Additive manufacturing benefits; HMI and sensor tips; System integrator advice; Innovations from the industry
Robotic safety, collaboration, standards; DCS migration tips; IT/OT convergence; 2017 Control Engineering Salary and Career Survey
Integrated mobility; Artificial intelligence; Predictive motion control; Sensors and control system inputs; Asset Management; Cybersecurity
Featured articles highlight technologies that enable the Industrial Internet of Things, IIoT-related products and strategies to get data more easily to the user.
This article collection contains several articles on how automation and controls are helping human-machine interface (HMI) hardware and software advance.
This digital report will explore several aspects of how IIoT will transform manufacturing in the coming years.

Find and connect with the most suitable service provider for your unique application. Start searching the Global System Integrator Database Now!

Infrastructure for natural gas expansion; Artificial lift methods; Disruptive technology and fugitive gas emissions
Mobility as the means to offshore innovation; Preventing another Deepwater Horizon; ROVs as subsea robots; SCADA and the radio spectrum
Future of oil and gas projects; Reservoir models; The importance of SCADA to oil and gas
Automation Engineer; Wood Group
System Integrator; Cross Integrated Systems Group
Jose S. Vasquez, Jr.
Fire & Life Safety Engineer; Technip USA Inc.
This course focuses on climate analysis, appropriateness of cooling system selection, and combining cooling systems.
This course will help identify and reveal electrical hazards and identify the solutions to implementing and maintaining a safe work environment.
This course explains how maintaining power and communication systems through emergency power-generation systems is critical.
click me