Balancing secure networks and process control systems access
Our friends in the information technology (IT) field that take care of the business networks talk a lot about security. I am sure that most people reading this blog had to log in to their workstation with a company provided username and a password that has to be changed every 90 days. The IT folks further program the networks to limit access to the minimal amount of data that is required to get each employee’s job done. Some firms even go as far as limiting which websites can be accessed from a company workstation. All this for a workstation already physically located inside a building with controlled access.
Why all this effort to control what happens at a workstation inside what is essentially a controlled area: the company’s building? It’s because physical access has proven to be ineffective as a sole means to provide security in a business network.
Do we have other critical workstations that solely depend on physical security? Are you sitting in one right now in your control room? Have you ever asked why you need to have a complicated password to access your e-mail on a computer in the same control room where a simple press of a button on the adjacent computer would stop a multi-million dollar process?
We in the control field have resisted implementing IT style security in our control rooms. We are privileged folks and have no need for frustrating passwords and usernames. Some of us say that adding password protection and log in requirements is a danger in itself. I commonly hear this argument: “What do we do if something critical is happening, and the operator can’t log in?”
This attitude is pervasive in the industry, to the point that the manufactures have default hard-coded passwords in the automation hardware. No one wants to be searching for a programming password when the process has stopped, right? And this has been to our detriment, as some very significant control system security breaches were enabled by exploiting these embedded passwords.
We have taken the position that physical security is an acceptable means of control. Everyone knows everyone in the control room. The danger lies in the modern network, a remote user using generic passwords can exploit the local workstation. It provides virtual physical access or, in other words, a ghost in your control room with access to your process.
So what are we in the automation field to do to enhance security while ensuring our need for barrier free access to the process control system? We can all agree that the IT approach just won’t work for us, which is why we have resisted adopting it.
So what works in our world? Is it appropriate to use facial recognition or finger print scanners to access an operator console? Or just an employee ID card? Maybe we can take a clue from the Minutemen missile controllers, just two buttons far apart, requiring two operators to initiate programming.
What of the emergency situation? For inspiration, step into your legacy distributed control system control room and you likely find an automatic fire suppression system. Although automatic, why does it have a button with the label “break glass in case of fire”? We all know there will be situations that require immediate access.
All these security issues have been solved before in ways that may have already met our unique requirements, let’s look around and find out what works for us. Security doesn’t have to be a burden.
This post was written by Bruce Billedeaux. Bruce is a senior consultant at MAVERICK Technologies, a leading automation solutions provider offering industrial automation, strategic manufacturing, and enterprise integration services for the process industries. MAVERICK delivers expertise and consulting in a wide variety of areas including industrial automation controls, distributed control systems, manufacturing execution systems, operational strategy, business process optimization and more.