Title Goes SECURITY & SUSTAINABILITY: IMPROVING FACILITY AUTOMATION SYSTEM SECURITY AND SUSTAINABILITY



Similar documents
L03 - Design, Implement, and Manage FactoryTalk Security

Title Goes ASSET MANAGEMENT

Industrial Security Solutions

IT INFRASTRUCTURE MANAGEMENT SERVICE ADDING POWER TO YOUR NETWORKS

The Vital IT Protection- V.I.P. Network Support Program Overview Vital Voice & Data ext 301

PREMIER SUPPORT STANDARD SERVICES BRONZE SILVER GOLD

What Do You Mean My Cloud Data Isn t Secure?

SERVICES BRONZE SILVER GOLD PLATINUM. On-Site emergency response time 3 Hours 3 Hours 1-2 Hours 1 Hour or Less

Firewalls Overview and Best Practices. White Paper

IT Decisions for Small Business

Guardian365. Managed IT Support Services Suite

Company Co. Inc. LLC. LAN Domain Network Security Best Practices. An integrated approach to securing Company Co. Inc.

MSP Service Matrix. Servers

Fault Tolerant Servers: The Choice for Continuous Availability on Microsoft Windows Server Platform

Course: Information Security Management in e-governance. Day 1. Session 5: Securing Data and Operating systems

SUBJECT: SECURITY OF ELECTRONIC MEDICAL RECORDS COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)

Ease Server Support With Pre-Configured Virtualization Systems

RackWare Solutions Disaster Recovery

Verve Security Center

Information Technology Solutions

RL Solutions Hosting Service Level Agreement

Using WMI Scripts with BitDefender Client Security

Title Goes Asset Management

Computer Repair Technology

Windows Operating Systems. Basic Security

Information Technology Solutions. Managed IT Services

See all, manage all is the new mantra at the corporate workplace today.

NERC CIP VERSION 5 COMPLIANCE

Driving Company Security is Challenging. Centralized Management Makes it Simple.

VDI can reduce costs, simplify systems and provide a less frustrating experience for users.

Secure and Safe Computing Primer Examples of Desktop and Laptop standards and guidelines

Healthcare IT Compliance Service. Services > Overview MaaS360 Healthcare IT Compliance Service

Blackboard Collaborate Web Conferencing Hosted Environment Technical Infrastructure and Security

IT Checklist. for Small Business INFORMATION TECHNOLOGY & MANAGEMENT INTRODUCTION CHECKLIST

Computer System Security Updates

Proactive. Professional. IT Support and Remote Network Monitoring.

Policy Document. Communications and Operation Management Policy

MCSE Core exams (Networking) One Client OS Exam. Core Exams (6 Exams Required)

Maintaining a Microsoft Windows Server 2003 Environment

ORACLE DATABASE 10G ENTERPRISE EDITION

Stronger than Firewalls And Cheaper Too

Secure Remote Access Solutions Balancing security and remote access Bob Hicks, Rockwell Automation

Database Administration (DBA) Services Version 4.0

Version: 2.0. Effective From: 28/11/2014

Created By: 2009 Windows Server Security Best Practices Committee. Revised By: 2014 Windows Server Security Best Practices Committee

Computer Backup Strategies

Virtual Desktop Infrastructure

Making the leap to the cloud: IS my data private and secure?

Lifecycle Solutions & Services. Managed Industrial Cyber Security Services

DeltaV System Cyber-Security

Business details. Monday Friday. 10:00am 6:00pm. Saturday 10:00am 5:00pm. Telephone:

How Solace Message Routers Reduce the Cost of IT Infrastructure

המרכז ללימודי חוץ המכללה האקדמית ספיר. ד.נ חוף אשקלון טל' פקס בשיתוף עם מכללת הנגב ע"ש ספיר

Scalable Secure Remote Access Solutions

The 7 Disaster Planning Essentials

Signal Customized Helpdesk Course

always on meet the it department PROPHET managed services ebook Business Group Meet the Always On IT Department

Cloud Sure - Virtual Machines

What the student will need:

IT Assessment Report. Prepared by: Date: BRI Works East Main Street, Suite 200 Charlottesville VA

5 Reasons Your Business Needs Network Monitoring

TASK TDSP Web Portal Project Cyber Security Standards Best Practices

IT Security and OT Security. Understanding the Challenges

Radware ADC-VX Solution. The Agility of Virtual; The Predictability of Physical

Flagship Managed Solutions (FMS)

Fault Tolerant Servers: The Choice for Continuous Availability

LAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL. for INFORMATION RESOURCES

WORMS HALMSTAD UNIVERSITY. Network Security. Network Design and Computer Management. Project Title:

Data Flow and Management in Radiation Therapy

IT Networking and Security

Patch Management. FITS OM Directory Services Administration Contents. Key

High Availability of VistA EHR in Cloud. ViSolve Inc. White Paper February

Five Reasons Your Business Needs Network Monitoring

Plain English Guide To Common Criteria Requirements In The. Field Device Protection Profile Version 0.75

Safeguarding Your Plant Automation Programs with Change Management

PRODUCTS & TECHNOLOGY

Page 1 of 5

Disaster Preparedness for Information Technology

DeviceNet Communication Card

A LA CARTE MANAGED SERVICES. Thriving in the Cloud Reality

Five Fundamentals for Modern Data Center Availability

THREE KEYS TO COST-EFFECTIVE SECURITY FOR YOUR SMALL BUSINESS

Safe, secure data recovery services for any media or operating system. Innovative solutions for new technologies. Service centres worldwide.

Taking the Leap to Virtualization

Practice law, not IT. You can save costs while outsourcing to the US law firm technology experts!

W H I T E P A P E R. Reducing Server Total Cost of Ownership with VMware Virtualization Software

Infinity Acute Care System monitoring system

Attix5 Pro Storage Platform

Customer Guide Helpdesk & Product Support. [Customer Name] Page 1 of 13

M Y S E C U R E B A C K U P. p r o d u c t o v e r v i e w O N L I N E B U S I N E S S B A C K U P

Leveraging Cloud Services for Quicker Implementation and More Secure Automation Solutions

Securing Industrial Control Systems on a Virtual Platform

FREE REPORT: Answers To The Top 5 Questions Business Owners Have About Cloud Computing

The 9 Ugliest Mistakes Made with Data Backup and How to Avoid Them

Unitrends, Inc. Software and Hardware Support Handbook

Designing a security policy to protect your automation solution

Backup Exec System Recovery Management Solution 2010 FAQ

Pacom Systems. All rights reserved.

Managed Security Services SLA Document. Response and Resolution Times

Transcription:

Title Goes SECURITY & SUSTAINABILITY: IMPROVING FACILITY AUTOMATION SYSTEM SECURITY AND SUSTAINABILITY

The Problem Production environments are complicated today. The machines we use are powerful and at the same time, the control systems that make them function are becoming extremely sophisticated. Some of today s controllers, drives, and robots can and do have thousands of lines of programs and just as many variables. Manufacturing environmental changes regarding the complexity of the devices, networking, and regulations as well as pressure to perform financially, have contributed to the problems many companies are expressing. It would be easy to just try not to use the more sophisticated devices, but that involves going backward. Engineers and maintenance personnel are not replacing controllers with the relay logic systems of yesterday. The use of sophisticated devices allows for much better coordinated control of all the variables associated with a process, including tightly coordinated motion and communications. Operating in real-time, at fractions of a second, these machines perform extremely well and in very small packages. They have replaced huge relay logic systems that were many times larger, much more difficult to design and configure, and more difficult to troubleshoot and maintain. Networking these sophisticated devices with computers to perform even more sophisticated calculations and data analysis has produced some amazing benefits. At the same time, the network can bring problems that must be dealt with appropriately. Choosing not to network can also have a devastating impact. An isolated system is incapable of making rapid decisions about what to make and in which order. Also, the collection of quality data, for functions like advanced maintenance and performance analysis, is left to the human factor. Machines collecting machine data are not biased and do not adjust calculations and data. At the same time, connected machines become susceptible to remote configuration errors, penetration issues, virus infection, bots, rootkits, spyware, as well as a slew of other problems. Even with all of the problems that might occur, production environments benefit substantially from networked automation and not isolated islands of automation. Being able to diagnose and troubleshoot problems from a desk at corporate with the best engineer versus getting on a plane has huge ramifications. Being able to analyze quality and performance remotely machine by machine provides for huge improvements in throughput as well as quality. Analyzing for performance, machine by machine, allows for qualified decisions regarding which machines to upgrade, redesign, reconfigure, or replace. It allows for difficult analysis about turns and cycles that manually collected information cannot provide. Connected devices support excellent troubleshooting and diagnostic tools as well as allow for centralized backup of critical configuration data similar to the way computers are controlled as part of a corporate network. The 1

amount of labor involved in maintaining a control system that is disconnected is not that much different from the amount of labor involved in maintaining computers that are not part of the network. In a disconnected system, there is rarely a backup that is current and the assurance of a disaster-recoverable backup is not there, even when policies are in place to ensure the backups are kept. Rockwell Automation Product-based Solutions Rockwell Automation is serious about security and sustainability of the production environment. Some of the actions that you can take using Rockwell Automation to improve your security and sustainability are listed here: Secure by Design Consider implementing security by using the ControlLogix processor security lock in the future or turning it on if you already are using ControlLogix controllers. This feature can deny front port access to controllers from guest in your facility. You may even consider locking the cabinet doors and instituting a procedure for access. Secure by Procedure Putting the key switch in RUN prevents remote programming, including a remote firmware flash that could corrupt a controller permanently if performed incorrectly. One common problem in a connected controller world where people are rushed is the remote configuration of the incorrect device. If every device is in RUN except the one that you are altering, the odds of making a mistake are gone. Also, putting the controller in RUN requires a physical key change at the device to allow program configuration changes; therefore, even a penetration from outside could not alter the device until the key switch is changed from RUN. Centralized Automation System Security Consider implementing a centralized security administration system for configuration tools. Using FactoryTalk Security to secure access to the software that configures Rockwell Automation devices creates a much more secure environment, similar to moving from Windows for Workgroups (WFWG) to a domain-based system. FactoryTalk Security, included with most Rockwell Automation software products, can be run locally on a computer-by -computer basis (similar to WFWG) to secure access to Rockwell Automation software on each computer. It also can be purchased to support a centrally managed system, thereby substantially reducing the amount of work and governance required to administer access to your Rockwell Automation systems across the facility. FactoryTalk Security replicates itself automatically and enables even remote laptops to function reliably as part of the security system. 2

Asset Configuration Management Consider using FactoryTalk AssetCentre to manage changes to Rockwell Automation control systems, including automatic version control, disaster recovery backup, device configuration verification, and real-time auditing of user actions while working on these systems. Each FactoryTalk AssetCentre function is designed to insure that personnel require less effort, (less governance) to maintain these assets and yet insures an extremely reliable configuration set. No longer does someone call corporate looking for the program because they lost power to a device and the memory backup battery was bad, so the configuration program was lost and they can not find the latest one. At the same time, this system is secure and can easily be backed up to a remote electronic vault for extreme disaster planning. While these are great functions, the system also employs a real-time audit system that tracks all user actions; the event system tracks all system actions like the verification of the master code versus a device s actual configuration. Other Actions In addition to Rockwell Automation, there are some serious considerations that should be made regarding production environments when they are connected or even disconnected. Today it is easy to propagate a virus using a memory stick (the modern floppy disk). Work with IT to form a manufacturing, engineering, and IT group that understands manufacturing concerns and can work as a liaison with all of management, including operations, IT, and engineering, to better secure the automation systems. Within that group, consider some of the following: Consider using antivirus, spyware, or malware tools; backup everything periodically; and create a realistic disaster recovery plan. Consider using rootkit discovery tools also. Be cautious here and consider testing all of this in a lab prior to putting it into production. It appears so far that patch management causes more production outages than actual viruses. Also, all of these eat up CPU clock cycles on computers and can affect real-time operations. Caution is necessary and the lab can prevent a lot of problems from getting into production. The ISA has spent a great deal of time working on production security issues across many industries and vendors. Consider purchasing a copy of the ISA s99 documents and study them for best practice ideas. Go to www.isa.org Web site for more information. Rockwell Automation Network & Security Services Group Working with IT, analyze your topology, or hire a competent firm like Rockwell Automation s Network & Security Services Group to analyze for security and sustainability and install properly configured assets to support your disaster recovery plan. Our Network & Security Services Group will analyze your networks for current health and make recommendations. The net result of this type of analysis is that you will have an impartial baseline and know the exact status of each network in your automation environment. 3

We also can assess your automation systems security profile. This operation creates a baseline assessment for impartial strategic security planning. We also use well-trained experts to facilitate the effort to educate, plan, and create a security plan. Even if you have the resources and want to do it yourself, consider using a professional coach through the discovery and planning process. Conclusion Information-Enabled Control Systems today are critical to successful extraction of manufacturing data and turning it into business knowledge. Connecting these devices so that the data can be analyzed and utilized in business and engineering decisions is not something to fear, but to be embraced with knowledge and awareness. Rockwell Automation has integrated not only the control layer but the information layer using proven technology and at the same time embraced the security and sustainability issues. Publication SECUR-WP001A-EN-E September 2006- Copyright 2006 Rockwell Automation, Inc. All rights reserved.

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information