Secure Your Software

From plant-floor software tweaking and backups to intra/Internet access, connectivity requires upgrades to automation and control software security.

By Mark T. Hoske, Control Engineering April 1, 2001

S oftware security requires more than guarding access to the code and locking down hardware around it. It also means protecting investments from employees’ very best intentions.

A line team leader, a day after returning from vacation, tries to expedite a restart, overwriting a newer, debug software version.

Second-shift manager-to help resolve an intermittent problem that carries into third shift-temporarily jury-rigs a modem for line access at home, exposing the enterprise to outside invasion.

A new operator rewrites a bit of code that tweaks more output from the line, meeting that day’s objectives. and shutting down the process two days later because of cascading complications.

Morale has been a little low, so a worker brings in what he thinks is a humorous graphic on a disk, unleashing a virus within an executable program.

These examples make us cringe, yet they’re preventable scenarios with the right types of software security.

Software security includes how applications and operating systems are constructed, but also plant procedures, building security, and employee education, among other things, according to automation software vendors.

Proper software security measures are ‘very scarcely implemented,’ according to Dirk Rouffaer, Schneider Electric Automation (North Andover, Ma.). Mr. Rouffaer, giving a security presentation in the Schneider Electric booth at National Manufacturing Week in March, said software security issues extend beyond actual code to local security, procedures, bugs, tampering, and hidden mistakes. Advice includes:

Strong access control over local controllers;

Encryption for all data leaving the building;

Activity logging for employees;

Reverse trace routing that tracks where employees are logged on;

Automated backups and recovery systems, and;

Firewalls.

Most types of automation software address security in more than one way; what follows is a sampling of types of security available in various types of software-not a comparison or complete inventory of capabilities or vendors.

Access to controllers

Altersys’ (Longueuil, Quebec, Canada; www.altersys.com) Michel Kakos, manager, engineering resources, says version 2.2 of its Virgo Automation Suite, has greater ease-of-use, and includes a Unified Development Environment with its workbench. Microsoft Windows NT security is used. To download applications to controllers, the software seeks users’ name and password. The administrator can set passwords the same for all controllers, or different for each, depending on needs.

Alarm filtering

Ci Technologies (Charlotte, N.C.; www.citect.com) Frank Volckmar, vice president, says beyond access, security includes ability to rapidly see what’s happening within supervisory control and data acquisition software. Citect version 5.3 includes alarm filtering helpful for large-system customers to filter by tag or use of wildcards to quickly cut to the area of interest. This becomes especially critical when thousands of alarms are possible within a short period.

ASP model

Entivity (Ann Arbor, Mich.; www.entivity.com), the combination of Think & Do Software and Steeplechase software, offers Automation ProjectNet. This ASP software can be used to manage automation projects, including writing software code, a process Entivity president Ken Spenser likened to herding cats. Chuck Kallal, director of product marketing for Automation ProjectNet, says the ASP model provides a secure firewall (without granting access inside users’ firewalls), 128-bit SSL encryption (secure sockets layer technology secures online credit card transactions; 40-bit allowed outside the U.S.), along with anomaly detection and redundant web and database servers.

Further, Mr. Kallal says firewalls are updated regularly, unusual activities or events inside the firewall are monitored and tracked, and redundant architecture ensures no single-point failure will cause a security failure. Automation ProjectNet subscribers’ access is limited to their designated directory structures; no anonymous FTP account or telnet session capability is allowed. Physical security includes raised floors, HVAC temperature control systems with separate cooling zones, and seismically braced racks, state-of-the-art smoke detection and fire suppression systems, motion sensors, and 24×7 secured access, as well as video camera surveillance and security breach alarms. Authorized personnel gain access using a biometric hand scanner. Virus monitoring and daily off-site backups are included.

The image shows the Account Policy Settings in Iconics Security Configurator.

Communication through firewalls

Iconics (Foxborough, Mass.; www.iconics.com) GenBroker enables Genesis32 version 6.1 components to communicate via Internet, an intranet, or through firewalls by translating OPC calls into TCP/IP communications, according to Oliver Gruner, OEM accounts manager. Security enhancements help users comply with U.S. FDA 21 CFR Part 11 for reporting and record keeping. MobileHMI Wireless Mobile WAP Telephony Software, using Wireless Application Protocol and OPC, provides real-time manufacturing data, using any mobile phone. Applying appropriate security clearance, setpoint adjustments may be made remotely.

Multiple levels of security

InduSoft (Hilton Head Island, S.C.; www.indusoft.com) applies security at multiple levels with the InduSoft suite of automation software tools. Bryan S. Morgan, InduSoft application engineer, says for browsers, information can be enabled or disabled, hidden or shown, down to the bit level, if needed. Device-level IP address security may be predefined. Objects can be made read-only, or local only, and not changeable remotely. The software’s user guide recommends applying security measures at three levels.

Audit trails

Intellution’s (Foxborough, Mass.; www.intellution.com) Rob McGreevy, senior application consultant, says SCADA HMI software provides alarm history and audit trails, showing who logged in, when, and what they did. Changes are saved to a database. Multiple security levels can be set. On top of usual Windows security, the Intellution application security screen toolbox-apparent by the combination lock on the screen-has sections for users, groups, key use authority, autostart nodes, and security areas. Audit trails, viewable with a proper access level, may be seen from any node. Intellution uses a ‘Rainbow key’ plug-in to verify that each seat is authorized, rather than illegally copied, software; software keys are also available. Mr. McGreevy adds, about iFix, ‘Intellution provides very flexible security options allowing users to secure specific bits at a very detailed or granular level, all the way up to restricting access to whole screens and applications at broad level. Also: the audit trail is big because it records events for all nodes across the network. So if someone in London, who had security rights, changed a setpoint on a machine in Chicago-the log reflects that activity.’ iFIX security is tied-in with NT security.

The screenshot shows Intellution Security Configuration Options for Configuring a User.

Manage software versions

MDT Software (Alpharetta, Ga.; www.mdtsoft.com) Mass AutoSave is among software providing a life-cycle way to protect, manage, and maintain automation and control software in a secure environment, according to William Bentley, president. It tracks the ‘who, what, when, where, how, and why’ of any changes. The software manages versions and ancestors of automation project files, programs, documentation, and configuration information, storing information in a central secured location. The software may be used, Mr. Bentley says, without user training, protecting source code and ensuring against mishaps.

Universal tools

Microsoft’s (Redmond, Wa.) Karl Schulmeisters, technical evangelist, says there’s an effort to unify and simplify the underlying security tools Microsoft and partners provide, so people don’t necessarily have to sign-in with every application used. That mirrors the commercial success of Microsoft Passport, where one encrypted registration allows single entry of sign-in and purchasing information with all participating web sites (more than 7,000). Microsoft says www.passport.com is the fifth most-popular site globally. The March 19 Microsoft introduction of ‘HailStorm’ includes the idea of single-point registration for business to business and business-to-consumer areas. HailStorm’s set of enabling services are intended to advance Microsoft .NET strategy by enabling developers to build user-centric XML web services to personalize applications and services in an open-access model for devices, services, or applications with an Internet connection. Services are independent of underlying platform, operating system, object model, programming language, or network provider (such as Microsoft Windows, Apple Macintosh, UNIX, Palm OS, Windows CE, etc). Authentication and opt-in would integrate access to applications as the user prescribes.

On the physical side, Microsoft demonstrates biometric security with eTrue www.eTrue.com (Southboro, Mass.) fingerprint and facial scanners at the Microsoft Innovation Lab in Waltham, Mass.

Grayed-out text

LabView from National Instruments (Austin, Tex.; www.ni.com)-with the Datalogging and Supervisory Control Module-hides or grays-out controls and indicators when operators don’t have access rights, explains Gricha Raether, National Instruments, group manager, Datalogging and Supervisory Control Software. Audit trails, where an authorized user can see where changes are made, are expected in a future version.

Variable rights, encryption

USDATA’s (Richardson, Tex.; www.usdata.com) Ellen Bolton, FactoryLink product marketing manager, says the FactoryLink++ Quick Start human-machine interface software restricts operators from viewing certain options without proper access. Encryption is available, as well as flexible login and rights options.

Group attributes

Wonderware (Irvine, Calif.; www.wonderware.com) is among companies making use of Microsoft capabilities for security. Mariela Zambrano, Wonderware, systems specialist, explains that the software administrator, using features of Microsoft Windows Terminal Services and Windows 2000, can set group attributes and assign new users to that group. With the Terminal Services Manager, a user with proper access can centralize administrative and security tasks. From a vendor point of view, a centralized management system requires a more flexible security strategy to ensure copies aren’t improperly copied or distributed. Wonderware, for instance, previously used hardware ‘dongles,’ a hardware parallel-port plug-in that authenticated that particular seat. Wonderware, for North American sales, has moved to an easier software-based licensing schema.

Security links

Security-related software links, Schneider Electric’s Mr. Rouffaer provided include:

www.keywareusa.com , a Belgium-based provider of authentication solutions by unifying and layering biometrics, smart cards, digital certificates, and PINS/password methods;

www.opensec.net , which provides definitions and links; and

www.rmis.com/sites/seccompu.htm , Risk Management Internet Services, part of Managerial Technologies Corp. (MTC), a management consulting/computer technology firm (Downers Grove, Ill.).

Related links

Related sites and links of interests include:

Control Engineering, March 2000, ‘ Ethernet Security, Safety Relies on Common Sense Networking ‘.

Control Engineering Online search .

Control Engineering Online Buyer’s Guide under Software: Internet (browser, firewall-security, server); Networking configuration/optimization/debugging; and Software development/version tracking.

R&D , June 2000 , on web-based software for security and organization of electronic data in laboratories in drug development and manufacturing.

Comments? E-mail mhoske@cahners.com