Security as fundamental as safety

Compromised technology means it is not safe, causing trouble for manufacturers.

By Gregory Hale, ISSSource July 11, 2014

You can have all the greatest technology in the world, but if it ends up compromised that means it is not safe and that can mean trouble for a manufacturer.

"Cyber security is fundamental; as fundamental as safety itself," said Jason Urso, Honeywell Process Solutions chief technology officer during his keynote address in July at the 2014 Honeywell User Group conference in San Antonio, TX.

As one of the fundamentals, Urso introduced an encryption security feature on Experion Orion R2.

"What we have done with Experion Orion R2 is we have built encryption technology between the PCs that are part of the process control system so they can speak in an encrypted manner between each other," Urso said in an interview after his keynote. "We use IPsec-based set of algorithms running on the PCs and the embedded control devices and we see this as being important to protect network communications." IPsec or Internet Protocol Security is a protocol suite for securing Internet Protocol communications by authenticating and encrypting each IP packet of a communication session.

"Some of the things we have learned in the industry is one of the ways an attack on a process control systems will be formed is by first gathering intelligence on what is happening on the process control network," he said. "If you look at most process control communications they happen in clear text and if you study the traffic long enough you can map out the entire network infrastructure. We wanted to shut that down entirely."

There were other reasons for the move. "If you look at man in the middle attacks where something inserts itself between the communications and it can modify the packets. A terrible thing that can happen is if there is a rogue piece of software that is seeing a packet go from the operator station to the controller that is saying make the setpoint at 52.1 and that rogue piece of software catches it and says ‘no make it 75.2.’ Then it captures the return message going back to the operator station and makes sure it is saying ‘yes it is at 52.1 instead of the actual 75.2.’ We wanted to lock down that network infrastructure so there is no easy possibility of vulnerability being exploited there."

While the technology is excellent and a smart step, even Urso said it is not for beginners.

"It is not the first place you start with a cyber security regimen; it is a more advanced step after someone has moved their way through the basics of security. Add that in with whitelisting, locking down those PC nodes, locking down your network infrastructure and now you have a comprehensive set of capabilities that really make a big difference in protecting your control system."

The main focus of Urso’s technology talk at HUG focused on Universal I/O and cloud computing capabilities that form the core of the company’s Lean Execution of Automation Projects (LEAP) program which the company built off the three pillars of cloud computing, virtualization and universal I/O.

The goal behind LEAP is to cut engineering time

  • No repeat engineering
  • Drives efficiency
  • Lean execution
  • Standardized processes and tools

LEAP can provide an 80% reduction in costs related to unnecessary rework. It can also help reduce avoidable schedule delays by as much as 90%. It does this by enabling the physical and functional aspects of project execution to occur in parallel, eliminating workflow dependencies.

"The traditional model is very back-end loaded. There is a tremendous number of late changes," Urso said. "With LEAP, we get started on Day 1. We end up ramping down just when others traditionally are ramping up."

Gregory Hale is the editor and founder of Industrial Safety and Security Source (ISSSource.com), a news and information website covering safety and security issues in the manufacturing automation sector. This content originally appeared on the ISSSource website. Edited by Brittany Merchut, Project Manager, CFE Media, bmerchut@cfemedia.com