Security as fundamental as safety

Compromised technology means it is not safe, causing trouble for manufacturers.


You can have all the greatest technology in the world, but if it ends up compromised that means it is not safe and that can mean trouble for a manufacturer.

"Cyber security is fundamental; as fundamental as safety itself," said Jason Urso, Honeywell Process Solutions chief technology officer during his keynote address in July at the 2014 Honeywell User Group conference in San Antonio, TX.

As one of the fundamentals, Urso introduced an encryption security feature on Experion Orion R2.

"What we have done with Experion Orion R2 is we have built encryption technology between the PCs that are part of the process control system so they can speak in an encrypted manner between each other," Urso said in an interview after his keynote. "We use IPsec-based set of algorithms running on the PCs and the embedded control devices and we see this as being important to protect network communications." IPsec or Internet Protocol Security is a protocol suite for securing Internet Protocol communications by authenticating and encrypting each IP packet of a communication session.

"Some of the things we have learned in the industry is one of the ways an attack on a process control systems will be formed is by first gathering intelligence on what is happening on the process control network," he said. "If you look at most process control communications they happen in clear text and if you study the traffic long enough you can map out the entire network infrastructure. We wanted to shut that down entirely."

There were other reasons for the move. "If you look at man in the middle attacks where something inserts itself between the communications and it can modify the packets. A terrible thing that can happen is if there is a rogue piece of software that is seeing a packet go from the operator station to the controller that is saying make the setpoint at 52.1 and that rogue piece of software catches it and says 'no make it 75.2.' Then it captures the return message going back to the operator station and makes sure it is saying 'yes it is at 52.1 instead of the actual 75.2.' We wanted to lock down that network infrastructure so there is no easy possibility of vulnerability being exploited there."

While the technology is excellent and a smart step, even Urso said it is not for beginners.

"It is not the first place you start with a cyber security regimen; it is a more advanced step after someone has moved their way through the basics of security. Add that in with whitelisting, locking down those PC nodes, locking down your network infrastructure and now you have a comprehensive set of capabilities that really make a big difference in protecting your control system."

The main focus of Urso's technology talk at HUG focused on Universal I/O and cloud computing capabilities that form the core of the company's Lean Execution of Automation Projects (LEAP) program which the company built off the three pillars of cloud computing, virtualization and universal I/O.

The goal behind LEAP is to cut engineering time

  • No repeat engineering
  • Drives efficiency
  • Lean execution
  • Standardized processes and tools

LEAP can provide an 80% reduction in costs related to unnecessary rework. It can also help reduce avoidable schedule delays by as much as 90%. It does this by enabling the physical and functional aspects of project execution to occur in parallel, eliminating workflow dependencies.

"The traditional model is very back-end loaded. There is a tremendous number of late changes," Urso said. "With LEAP, we get started on Day 1. We end up ramping down just when others traditionally are ramping up."

Gregory Hale is the editor and founder of Industrial Safety and Security Source (, a news and information website covering safety and security issues in the manufacturing automation sector. This content originally appeared on the ISSSource website. Edited by Brittany Merchut, Project Manager, CFE Media, 

No comments
The Engineers' Choice Awards highlight some of the best new control, instrumentation and automation products as chosen by...
The System Integrator Giants program lists the top 100 system integrators among companies listed in CFE Media's Global System Integrator Database.
The Engineering Leaders Under 40 program identifies and gives recognition to young engineers who...
This eGuide illustrates solutions, applications and benefits of machine vision systems.
Learn how to increase device reliability in harsh environments and decrease unplanned system downtime.
This eGuide contains a series of articles and videos that considers theoretical and practical; immediate needs and a look into the future.
Choosing controllers: PLCs, PACs, IPCs, DCS? What's best for your application?; Wireless trends; Design, integration; Manufacturing Day; Product Exclusive
Variable speed drives: Smooth, efficient, electrically quite motion control; Process control upgrades; Mobile intelligence; Product finalists: Vote now; Product Exclusives
Machine design tips: Pneumatic or electric; Software upgrades; Ethernet advantages; Additive manufacturing; Engineering Leaders; Product exclusives: PLC, HMI, IO
This article collection contains the 5 most referenced articles on improving the use of PID.
Learn how Industry 4.0 adds supply chain efficiency, optimizes pricing, improves quality, and more.

Find and connect with the most suitable service provider for your unique application. Start searching the Global System Integrator Database Now!

Cyber security cost-efficient for industrial control systems; Extracting full value from operational data; Managing cyber security risks
Drilling for Big Data: Managing the flow of information; Big data drilldown series: Challenge and opportunity; OT to IT: Creating a circle of improvement; Industry loses best workers, again
Pipeline vulnerabilities? Securing hydrocarbon transit; Predictive analytics hit the mainstream; Dirty pipelines decrease flow, production—pig your line; Ensuring pipeline physical and cyber security