Is anti-virus protection for you?

If the question is, “Should it run anti-virus software?” the answer is usually an easy “yes” when the applications are commercial databases, historian systems, or other non real-time control applications. However, if the applications involve real-time control or guaranteed response times, such as HMIs, DCS systems, or PC-based control systems, then the answer is not so e...

11/01/2006


If the question is, “Should it run anti-virus software?” the answer is usually an easy “yes” when the applications are commercial databases, historian systems, or other non real-time control applications. However, if the applications involve real-time control or guaranteed response times, such as HMIs, DCS systems, or PC-based control systems, then the answer is not so easy.

Disruptions feared

There is a valid concern in control applications that anti-virus software may seriously impact performance, disrupt production, and void control system vendor support contracts. NIST (National Institute of Standards and Technology), Sandia National Laboratories, manufacturing companies, and control system vendors recently conducted a study on the impact of anti-virus software on industrial control systems. The study confirmed some fears but also points to a path forward for the additional protection offered by anti-virus software.

First the bad news: manual scans and scheduled full system scans will take up all available CPU cycles, pushing utilization to 100% for extended periods of time. This can seriously impact application performance. Reducing the priority of the scan reduces, but does not eliminate, the performance impact and increases the period of instability. Signature updates, where new virus signatures and sometimes new scan engines are downloaded, can also take up all of the available CPU cycles, but usually for less time than a full system scan. Even worse, signature updates may also require reboots.

The good news is that active scanning, which is the scanning of executables and libraries prior to execution, has minimal impact on industrial control systems.

One layer of many

Anti-virus software should be only one layer in a multi-layered defense. It is usually the last line of defense before your system is compromised. Anti-virus software supplements other layers, such as firewalls between business and control networks, separate user authentication controls for control networks, separate network access controls for control networks, network based intrusion detection systems, and strict control of installed applications.

Anti-virus software can be applied to industrial control applications but several rules should be followed. First, validate that the anti-virus software works with the system applications by testing in a separate system, and validate that the software will not void your vendor support agreement. System owners may have to test several anti-virus solutions and may need separate subscriptions for control system applications.

Second, disable scheduled full system scans. This will prevent an inadvertent scan at an inconvenient time, such as in the middle of the night during a rush order job. Initiate all full system scans manually on a regular basis at known down times, or when the impact of the scan will not affect safety or quality.

Better planning

Third, use a local virus definition server and do not directly allow virus signature updates from the anti-virus vendor's systems. This allows system administrators to plan and schedule the updates at safe times; it removes a direct link from the control system to the internet; and it allows the system owner to test the impact of the new signature or scan engine prior to distribution.

Fourth, keep the application servers clean. This means uninstalling unnecessary applications, especially those that may come preinstalled on commercial servers. This reduces the number of files that must be scanned, removes hidden direct links between the application server and the Internet, and reduces the number of applications that can be infected.

Anti-virus software is often the last line of defense in secure systems and applying these rules allows anti-virus software to be run on control systems with minimal performance impact. However, support and diligence are needed to perform full system scans and signature updates under manual control.


Author Information

Dennis Brandl, dbrandl@brlconsulting.com , is president of BR&L Consulting, Cary, N.C., which is focused on manufacturing IT.




No comments
The Engineers' Choice Awards highlight some of the best new control, instrumentation and automation products as chosen by...
The System Integrator Giants program lists the top 100 system integrators among companies listed in CFE Media's Global System Integrator Database.
The Engineering Leaders Under 40 program identifies and gives recognition to young engineers who...
This eGuide illustrates solutions, applications and benefits of machine vision systems.
Learn how to increase device reliability in harsh environments and decrease unplanned system downtime.
This eGuide contains a series of articles and videos that considers theoretical and practical; immediate needs and a look into the future.
Sensor-to-cloud interoperability; PID and digital control efficiency; Alarm management system design; Automotive industry advances
Make Big Data and Industrial Internet of Things work for you, 2017 Engineers' Choice Finalists, Avoid control design pitfalls, Managing IIoT processes
Engineering Leaders Under 40; System integration improving packaging operation; Process sensing; PID velocity; Cybersecurity and functional safety
This article collection contains several articles on the Industrial Internet of Things (IIoT) and how it is transforming manufacturing.

Find and connect with the most suitable service provider for your unique application. Start searching the Global System Integrator Database Now!

SCADA at the junction, Managing risk through maintenance, Moving at the speed of data
Flexible offshore fire protection; Big Data's impact on operations; Bridging the skills gap; Identifying security risks
The digital oilfield: Utilizing Big Data can yield big savings; Virtualization a real solution; Tracking SIS performance
click me