Evaluation: Control System Security Software

A large, coal-fired electrical generating-station recently installed control system security software, Verano Industrial Defender system (VID), with seamless installation and operation of the continuously run facility in mind. Based on a Sun Solaris (Unix) platform, major control of the plant is accomplished through a Invensys Foxboro I/A system, with the operator interface provided by Foxboro ...

05/01/2006


AT A GLANCE
 
  • System security software

  • Communications over WAN/LAN/ Internet

  • Diagnostic capabilities


A large, coal-fired electrical generating-station recently installed control system security software, Verano Industrial Defender system (VID), with seamless installation and operation of the continuously run facility in mind. Based on a Sun Solaris (Unix) platform, major control of the plant is accomplished through a Invensys Foxboro I/A system, with the operator interface provided by Foxboro operator workstations—some with dual screens. There are also engineering workstations and many control processors, all on one I/A control system network, or node bus.

Plant personnel installed the system in early February 2004 for use, observation, and evaluation. In-service time for testing and observation was several months in duration.

The original installation was on a stand-alone plant simulator comprising a Foxboro Node Bus, an Ethernet network and a personal computer (PC) emulating X-window displays.

Most Unix-based DCS/SCADA systems use X-windows protocol—sometimes called X11—to render user graphics on various video display monitors. UNIX applications contact an X-windows server asking that the output be displayed on a particular screen and that input come from a certain mouse and keyboard. Usually the peer-to-peer communication between application and X-windows server is over the network, such as WAN/LAN/Internet. The protection of the communication channel between UNIX applications and the X-windows server is through a limiting host list, which is not very secure. (The protocol has vulnerabilities well known to hackers.) Examples of best-known X-windows emulators are Hummingbird Exceed and Reflections X from attachmateWRQ.

Various tests on the simulator system were performed to illustrate outside logins, telnet session, external computer connections, control processor reboots, and "virus-shell" attacks. (Most computer operating systems support command shells, which provide a user- or application-programming-interface to allow users to write batch programs and scripts. Hackers use command shells to write and run malicious code.) Graphic reports were captured for later use and illustration. Testing on the simulator system lasted for about 2.5 days. VID monitored and detected all tested operations, and simulated attacks on the simulator system.

VID was then installed on a running unit and set to monitor the node bus, including all Foxboro I/A operator workstations and a second "subnet"—an Ethernet network consisting of remote monitoring PCs. VID was installed while the unit was on-line without the need to reboot processors. No degradation of Foxboro I/A control-system performance was experienced after VID installation.

Observation showed the communication between the various workstations over both networks, and the monitoring system provided information on a range of parameters within the workstations.

Diagnostic benefits

The application also served as a system administrator tool for monitoring workstation health. VID was used to capture and resolve long-term engineering-workstation performance issues, such as monitoring machine disk-space usage. Overnight it was seen that machine disk use was increasing. Rising disk space was occurring in the partition dedicated for swap space, indicating that the machine had a program running that was "leaking memory." The machine would eventually run out of swap space and lock-up. This long-standing problem had gone undiagnosed for more than a year. Within a day of installing VID, the system pinpointed the problem's root cause and identified the faulty application.

VID satisfied its main purpose: detecting notable items for control system security. It did this on the stand-alone simulator system, including outside logins, and simulated virus attacks. It also performed these functions on the main unit installation, detecting telnet and FTP (file transfer protocol) sessions.

The user interface to VID includes alarming, logging, reporting, and trend functions. Alarming was used for notification of security problems, and, secondarily for system health parameters. It provided notification of circumstances indicating security concerns and items related to system health issues. Logging and report functions gave a chronological view of detected measured issues. Trending graphically depicted the monitored system parameters.

VID performed the stated security functions, providing flexibility to fine-tune to the control system. It also functioned as a system administrator's tool, and helped monitor health.



Author Information
Ron Derynck is director of product strategies at Verano Inc.




The Engineers' Choice Awards highlight some of the best new control, instrumentation and automation products as chosen by Control Engineering subscribers. Vote now (if qualified)!
The System Integrator Giants program lists the top 100 system integrators among companies listed in CFE Media's Global System Integrator Database.
Each year, a panel of Control Engineering and Plant Engineering editors and industry expert judges select the System Integrator of the Year Award winners in three categories.
This eGuide illustrates solutions, applications and benefits of machine vision systems.
Learn how to increase device reliability in harsh environments and decrease unplanned system downtime.
This eGuide contains a series of articles and videos that considers theoretical and practical; immediate needs and a look into the future.
Maximize ROI with integrated control system approach; Microcontrollers vs. PLCs; Power quality; Accelerate and rewire IIoT; Traits for excellent engineers
HMI effectiveness; Distributed I/O; Engineers' Choice Award finalists; System Integrator advice; Inside Machines
Women in engineering; Engineering Leaders Under 40; PID benefits and drawbacks; Ladder logic; Cloud computing
Programmable logic controllers (PLCs) represent the logic (decision) part of the control loop of sense, decide, and actuate. As we know, PLCs aren’t the only option for making decisions in a control loop, but they are likely why you’re here.
This digital report explains how plant engineers and subject matter experts (SME) need support for time series data and its many challenges.
This article collection contains several articles on how advancements in vision system designs, computing power, algorithms, optics, and communications are making machine vision more cost effective than ever before.

Find and connect with the most suitable service provider for your unique application. Start searching the Global System Integrator Database Now!

Control room technology innovation; Practical approaches to corrosion protection; Pipeline regulator revises quality programs
Cloud, mobility, and remote operations; SCADA and contextual mobility; Custom UPS empowering a secure pipeline
Infrastructure for natural gas expansion; Artificial lift methods; Disruptive technology and fugitive gas emissions
Automation Engineer; Wood Group
System Integrator; Cross Integrated Systems Group
Jose S. Vasquez, Jr.
Fire & Life Safety Engineer; Technip USA Inc.
This course focuses on climate analysis, appropriateness of cooling system selection, and combining cooling systems.
This course will help identify and reveal electrical hazards and identify the solutions to implementing and maintaining a safe work environment.
This course explains how maintaining power and communication systems through emergency power-generation systems is critical.
The Engineers' Choice Awards highlight some of the best new control, instrumentation and automation products as chosen by Control Engineering subscribers. Vote now (if qualified)!
The System Integrator Giants program lists the top 100 system integrators among companies listed in CFE Media's Global System Integrator Database.
Each year, a panel of Control Engineering and Plant Engineering editors and industry expert judges select the System Integrator of the Year Award winners in three categories.
This eGuide illustrates solutions, applications and benefits of machine vision systems.
Learn how to increase device reliability in harsh environments and decrease unplanned system downtime.
This eGuide contains a series of articles and videos that considers theoretical and practical; immediate needs and a look into the future.
Maximize ROI with integrated control system approach; Microcontrollers vs. PLCs; Power quality; Accelerate and rewire IIoT; Traits for excellent engineers
HMI effectiveness; Distributed I/O; Engineers' Choice Award finalists; System Integrator advice; Inside Machines
Women in engineering; Engineering Leaders Under 40; PID benefits and drawbacks; Ladder logic; Cloud computing
Programmable logic controllers (PLCs) represent the logic (decision) part of the control loop of sense, decide, and actuate. As we know, PLCs aren’t the only option for making decisions in a control loop, but they are likely why you’re here.
This digital report explains how plant engineers and subject matter experts (SME) need support for time series data and its many challenges.
This article collection contains several articles on how advancements in vision system designs, computing power, algorithms, optics, and communications are making machine vision more cost effective than ever before.

Find and connect with the most suitable service provider for your unique application. Start searching the Global System Integrator Database Now!

Control room technology innovation; Practical approaches to corrosion protection; Pipeline regulator revises quality programs
Cloud, mobility, and remote operations; SCADA and contextual mobility; Custom UPS empowering a secure pipeline
Infrastructure for natural gas expansion; Artificial lift methods; Disruptive technology and fugitive gas emissions
Automation Engineer; Wood Group
System Integrator; Cross Integrated Systems Group
Jose S. Vasquez, Jr.
Fire & Life Safety Engineer; Technip USA Inc.
This course focuses on climate analysis, appropriateness of cooling system selection, and combining cooling systems.
This course will help identify and reveal electrical hazards and identify the solutions to implementing and maintaining a safe work environment.
This course explains how maintaining power and communication systems through emergency power-generation systems is critical.
The Engineers' Choice Awards highlight some of the best new control, instrumentation and automation products as chosen by Control Engineering subscribers. Vote now (if qualified)!
The System Integrator Giants program lists the top 100 system integrators among companies listed in CFE Media's Global System Integrator Database.
Each year, a panel of Control Engineering and Plant Engineering editors and industry expert judges select the System Integrator of the Year Award winners in three categories.
This eGuide illustrates solutions, applications and benefits of machine vision systems.
Learn how to increase device reliability in harsh environments and decrease unplanned system downtime.
This eGuide contains a series of articles and videos that considers theoretical and practical; immediate needs and a look into the future.
Maximize ROI with integrated control system approach; Microcontrollers vs. PLCs; Power quality; Accelerate and rewire IIoT; Traits for excellent engineers
HMI effectiveness; Distributed I/O; Engineers' Choice Award finalists; System Integrator advice; Inside Machines
Women in engineering; Engineering Leaders Under 40; PID benefits and drawbacks; Ladder logic; Cloud computing
Programmable logic controllers (PLCs) represent the logic (decision) part of the control loop of sense, decide, and actuate. As we know, PLCs aren’t the only option for making decisions in a control loop, but they are likely why you’re here.
This digital report explains how plant engineers and subject matter experts (SME) need support for time series data and its many challenges.
This article collection contains several articles on how advancements in vision system designs, computing power, algorithms, optics, and communications are making machine vision more cost effective than ever before.

Find and connect with the most suitable service provider for your unique application. Start searching the Global System Integrator Database Now!

Control room technology innovation; Practical approaches to corrosion protection; Pipeline regulator revises quality programs
Cloud, mobility, and remote operations; SCADA and contextual mobility; Custom UPS empowering a secure pipeline
Infrastructure for natural gas expansion; Artificial lift methods; Disruptive technology and fugitive gas emissions
Automation Engineer; Wood Group
System Integrator; Cross Integrated Systems Group
Jose S. Vasquez, Jr.
Fire & Life Safety Engineer; Technip USA Inc.
This course focuses on climate analysis, appropriateness of cooling system selection, and combining cooling systems.
This course will help identify and reveal electrical hazards and identify the solutions to implementing and maintaining a safe work environment.
This course explains how maintaining power and communication systems through emergency power-generation systems is critical.
click me