Cyber security: Vendors fight back

New aspects of control system software are reducing the need for manufacturing IT personnel to be security experts.

11/01/2009


There is increasing attention by control system vendors to enhance cyber security and operate better in corporate IT environments. This attention is good because cyber threats are not decreasing and, at the same time, corporate IT environments are becoming more protected. While governments have focused on cyber security for “critical infrastructure” industries, such as water, power, telecommunications, and transportation, cyber security also is important for all manufacturing industries.

Some control vendors are using an increasingly popular method of bundling anti-virus and spyware protection with their products. Vendors test the latest version of antivirus software and operating system patches against their software, reducing your need to test and validate security patches and updates. In most cases the operating system (OS) patches are the latest Microsoft patches released on “Patch Tuesday” and are available from the vendor within one or two weeks of the Microsoft release. This gives the vendor time to test all standard configurations. The vendors will then redistribute the patches, executables, and signature (.dat) files that have been successfully tested along with notices of patches or updates that should not be applied. Vendor redistributed patches may also include JAVA updates, browser updates, and Adobe updates if this software is used in their products.

Another cyber security feature that more vendors are offering is preconfigured OS configurations. These are configurations which have unneeded services removed, ports locked, hardware disabled (such as DVD drives and USB ports configured for thumb drives), unneeded applications removed, and security settings preconfigured. These systems reduce the errors associated with the installation of software and configuration of the hundreds of options and services installed with a default OS installation.

While this increased attention by control vendors is a good thing—because it reduces the need for manufacturing IT personnel to be security experts—it does present another set of interfaces for manufacturing IT and corporate IT.

The first issue that often has to be addressed is the antivirus software vendor. Control vendors will pick one antivirus vendor to test and ship with their systems. However, their selected antivirus vendor will probably not be the same as the corporate antivirus vendor. It is important to work with corporate IT to place all of your control vendor’s antivirus vendors on the approved use list. This may be easy in small companies but difficult in large companies because of the number of control vendors used.

Scheduling downloads and patches must also be coordinated with corporate IT. Many large companies will control downloads through a Microsoft Systems Management Server or equivalent. The control vendor patches and upgrades must be set up in a separate domain, subdomain, or OU (organizational unit) so that manufacturing IT can initiate downloads at times that will not impact operations, quality, and safety.

Another new aspect of control software is the increasing use of Microsoft Active Directory and Microsoft domains to control accounts, passwords, and privileges. Managing this information requires careful coordination with corporate IT.

There are multiple options for integrating control domains and corporate domains, but the situation will be complicated if you have multiple control vendors. Check with your control vendors to see if they require a separate domain, if they can operate as a subdomain, or if they can operate in an OU within the corporate domain. Each option provides a different level of local control and different level of corporate oversight.

Increased attention by control system vendors to cyber security and operation within corporate IT environments will help your company. Cyber threats continue to proliferate and operating within a protected corporate IT environment is critical to safe and secure manufacturing operations.

 


Author Information

Dennis Brandl is president of BR&L Consulting in Cary, NC, www.brlconsulting.com . His firm focuses on manufacturing IT. Contact Dennis at dbrandl@brlconsulting.com .




No comments
The Engineers' Choice Awards highlight some of the best new control, instrumentation and automation products as chosen by...
The System Integrator Giants program lists the top 100 system integrators among companies listed in CFE Media's Global System Integrator Database.
The Engineering Leaders Under 40 program identifies and gives recognition to young engineers who...
This eGuide illustrates solutions, applications and benefits of machine vision systems.
Learn how to increase device reliability in harsh environments and decrease unplanned system downtime.
This eGuide contains a series of articles and videos that considers theoretical and practical; immediate needs and a look into the future.
Save energy with automation; Process control system upgrades; Dispelling controll myths; Time-sensitive networking; Control system integration; Road to IANA
Additive manufacturing advancements; Machine vision enhances robotics; Fieldbus evolution; Process safety; Advice from System Integrators of the Year; Road to IANA
Salary and career survey: Benchmarks and advice; Designing controls; Remote data collection, historians; Control valve advances; Hannover Messe; Control Engineering International
This article collection contains several articles on the Industrial Internet of Things (IIoT) and how it is transforming manufacturing.

Find and connect with the most suitable service provider for your unique application. Start searching the Global System Integrator Database Now!

The digital oilfield: Utilizing Big Data can yield big savings; Virtualization a real solution; Tracking SIS performance
Getting to the bottom of subsea repairs: Older pipelines need more attention, and operators need a repair strategy; OTC preview; Offshore production difficult - and crucial
Digital oilfields: Integrated HMI/SCADA systems enable smarter data acquisition; Real-world impact of simulation; Electric actuator technology prospers in production fields
click me